Are there plans to offer functionality that allows us to control whether or not builds can be triggered by pull requests that are from “untrusted users?”
Here is our scenario. We are using Buildkite as a replacement for TravisCI/AppVeyor to run pull request verification tests. The test definitions are kept in a YAML file that is dynamically loaded using the buildkite-agent. We’re concerned that a malicious user could open up a pull request and modify the YAML in a malicious manner.
We’re hoping there could be a way we could “quarantine” those builds until the pull request could be reviewed by a trusted user.