We’re currently playing around with different ideas for a CI for codeberg.org, but we can’t really provide build resources ourselves. So, the best idea right now would be a “bring-your-own-worker” CI, like GitLab does it - for each repository, organization or user you can generate tokens, and then start a runner with that token, which will only build the repos that user has write access to. That way, it’s guaranteed that the secrets won’t be stored on a machine the repo owner doesn’t have any control over.
Basically, we want to keep control over the Drone server (to make it easier to manage multiple orgs/repos/users; right now you have to log in to different Drone instances for different repos), but not over the Runners.
Would that be something Drone could provide in the future, or worth creating a PR for? The easiest way would probably be to add an “RPC Secret Extension”, that gets passed the repo name, and then returns a list of RPC secrets, and only agents which use a secret from that list may build that specific repository. That way, the specific implementation would be specific to the organization’s requirements.
An alternative way would be to just add a personal RPC secret to the user settings, which would allow anyone to start his own agent on a Drone server, which can then build repos he has access to, but can also access the secrets he wouldn’t otherwise have access to (which might be quite a security risk).