From 08280f66acddfa064498f0047cab53bb48999e74 Mon Sep 17 00:00:00 2001 From: Daniel Sanche Date: Mon, 27 Jan 2020 17:37:28 -0800 Subject: [PATCH] added security warning --- .github/workflows/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 7dc9f1c..32b1a5d 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -5,6 +5,9 @@ - project admins maintain a private Google Compute Engine VM for running tests - VM should be at least n1-standard-4 with 50GB persistent disk - instructions for setting up the VM can be found in repo settings under "Actions" + - ⚠️ WARNING: VM should be set up with no GCP service account + - external contributors could contribute malicious PRs to run code on our test VM. Ensure no service accounts or other secrets exist on the VM + - An empty GCP project should be used for extra security - to set up dependencies, run the following commands: ``` # install kubectl