Right now, anyone that creates a branch in my project and adds a .gitlab-ci.yml file to it, can execute commands on my server using the runner. How can I make it so that only masters or owners can upload CI config files and make changes to them?
I'm using https://gitlab.com/gitlab-org/gitlab-ci-multi-runner running on bash.
Gitlab now supports moving your .gitlab-ci.yml file to another location outside of your repo. Only people with admin repo access can change this setting, making it ideal to have read-only pipelines for most users of your repo.