Channels
#arm-architecture
Title
# arm-architecture
t
theopolis
03/18/2021, 4:07 AM
I should have gone to bed an hour ago, but I got an example
ec2-github-runnerosquery/osquery❤️ 2
a
Ali Saidi
03/18/2021, 1:34 PMnice! does it limit secrets for hosted runners from non-collaborators no matter what?
t
theopolis
03/18/2021, 1:45 PM
That's what I understand from the GitHub documentation.
If you or someone else has a moment, you can test by opening a PR against https://github.com/theopolis/osquery-ci-test and if it's vulnerable to leaking secrets to non-contributors then the EC2 instance will start, otherwise workflow job will fail.
We might be able to get up and running with this by having these workflow jobs run on the main branch and tags.What I mean here is I consider building aarch64 on master to be the MVP for what we need to consider support official. If we implement testing on master then we at least know before we tag a release that aarch64 is working. We'll also have packages built and ready as artifacts for the release process.
And we can find a solution for pull requests in the future.Longer term the Envoy or CB approach is ideal so that we give PRs the confidence they are not breaking aarach64. I proposed the
ec2-github-runnera
Ali Saidi
03/19/2021, 12:58 AMI tried a PR and the start EC2 runner failed because it wasn’t specified which matches what i expected would happen from the above. No access to secrets from PRs
8 Views