buildkitd: Add ability to restrict frontends and gateway sources (!40) · Merge requests · repos / releng / Buildkit

Ahmon Dancy requested to merge review/dancy/restrictions into wmf/v0.11 Jun 12, 2023

When building images on trusted runners we want to ensure that only the Blubber frontend is used. This commit adds the ability to restrict the frontends and gateway sources in buildkitd.

buildkit.toml entries that would be use on trusted runners:

allowed-frontends = ["gateway.v0"] allowed-gateway-sources = ["docker-registry.wikimedia.org/repos/releng/blubber/buildkit"]

Bug: T329220

Admin message

Admin message

buildkitd: Add ability to restrict frontends and gateway sources

Merge request reports