I see in older version of Drone there was a “gatekeeper” endpoint that could control blocking of a build. Has that feature been completely removed?
I work with primarily private repos in our org so much of our Drone pipelines were built around everything being trusted since we use private Docker, RubyGems and NPM repositories so secrets need to be available even during a pull_request build. If I wanted to use the existing process on a public repository, I’d have to disable fork builds and then I don’t think I’d have any option for a trusted org user to build that pull.
I think Drone’s official position is that if a repository is public, to build the pull all images on all steps should be public and use no secrets. It still seems like any repo being built with an in-repo Dockerfile could still abuse this process to execute arbitrary commands inside your CI cluster even with a protected .drone.yml. So it seems to me, that a manual build block is still the best option. Are there any options presently available to implement forked PR blocking with the ability of a trusted user to approve them?