CI Runner
Definition
A CI Runner is a component within a Continuous Integration (CI) system responsible for executing jobs defined in a CI/CD pipeline. It pulls the code from a repository, runs the specified tasks such as building, testing, and deploying applications, and reports the results back to the CI server. CI Runners can be configured to run on different environments, such as virtual machines, containers, or physical hardware, and can be shared across multiple projects or dedicated to a specific project for security and performance optimization.
Secure Settings Example
# Example configuration for a GitLab CI Runner with secure settings
[[runners]]
name = "secure-runner"
url = "https://gitlab.example.com/"
token = "REDACTED"
executor = "docker"
[runners.docker]
tls_verify = true
image = "alpine:latest"
privileged = false
disable_entrypoint_overwrite = true
oom_kill_disable = false
disable_cache = true
shm_size = 0
[runners.cache]
Type = "s3"
Path = "runner/cache"
Shared = false
Insecure Settings Example
# Example configuration for a GitLab CI Runner with insecure settings
[[runners]]
name = "insecure-runner"
url = "https://gitlab.example.com/"
token = "REDACTED"
executor = "docker"
[runners.docker]
tls_verify = false # Disables TLS verification, vulnerable to MITM attacks
image = "alpine:latest"
privileged = true # Allows privileged mode, increasing risk of container escape
disable_entrypoint_overwrite = false
oom_kill_disable = true # Disables OOM killer, potentially leading to resource exhaustion
disable_cache = false
shm_size = 512m
[runners.cache]
Type = "s3"
Path = "runner/cache"
Shared = true # Shared cache can lead to data leakage between projects