My team and I have been experimenting with Drone. We need a way to prevent changes to the .drone.yml file by unauthorized users. We noticed that if the branch was protected, and I made a change to the YAML file, that the build would hold until someone who had the rights could deny/approve the build. However, the following workaround seemed to defeat this:
- Change the .drone.yml file
- Go to the Drone UI and cancel the build (I cannot approve or deny it at this stage)
- Restart the same build manually
The manually restarted build finishes with no issues and uses the new YAML file, going around the protection. I took a bit of a dive into the code to see if I could find the cause of this, and it appears the IsGated check is only being run on the Pull Request event, and I assume a manual restart of a build does not match this check.