You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org
GitLab/Gitlab Runner/Trusted Runners
Trusted GitLab Runners offer CI with additional security and trust requirements. In contrast to the Shared Runners, which run in WMCS, Trusted Runners live inside WMF infrastructure. With this approach, SRE team has full control over the instance and who has access. Furthermore customization, like scaling, other disks and NICs can be done outside of the bounds of WMCS. Beside that, Shared Runners and Trusted Runners use the same puppet code (
role(gitlab_runner)) with slightly different hiera configuration.
The current Trusted Runner cluster consist of two Ganeti VMS:
With increased usage this VMs may be replaced by hosts in the future.
Request access to Trusted Runners
Access to this Runners is gated and restricted. No project has access to Trusted Runners by default. Access has to be requested on project basis. Please use the following Phabricator task template to create a access request: Task Template
Please make sure to check your project settings and especially who has maintainer permissions. You also must protect your main branch. As described in the Security Evaluation maintainer permissions ("merge", "+2") are needed to execute jobs on the Trusted Runners. Reversely this also means everyone with maintainer permissions can execute such jobs.
Using Trusted Runners
Related task: T295481