Our current workflow in GitLab has different runners with different levels of permissions.
One set of runners for dev, which service all branches in a project.
And one set of runners for QA and one set of runners for Prod that only run after a merge to master.
With the protected runner approach, we can safely have prod credentials in our protected runners and we know they are not accessible from branches, intentionally or accidentally.
Even if a developer uses the “prod” label for a runner in their branch, the runner won’t run that job. In combination with CodeOwners and other strategies we can safely assume that the master brach pipeline is safe and that branches are not.
Without this feature, we can’t move forward with GitHub actions because they is no way to guarantee that production won’t be affected by a branch.
What is the recommended deployment security separation in GitHub? From what I have been able to read so far there is no control that can’t be easily bipassed. Hoping to find that I am wrong