Preventing Crypto Mining abuse on GitLab.com SaaS

What about the following approach:
If a user forks an open source project and then makes a merge request back to the forked project, allow the pipelines for the merge request checks to run, as long as they didn’t change the .gitlab-ci.yml file and the project is allowed to run pipelines, even if the user doesn’t have a credit card on their account.

People contributing changes to .gitlab-ci.yml files should be rare, and since they didn’t change it they cannot introduce any cryptomining. If they still want to change something on the .gitlab-ci.yml file, they would need to provide their own runners or add a credit card. I feel this would be a good compromise.

Hi, we are considering this functionality in this epic if you are interested in following!

1 Like

We would love your feedback on potential avenues we may are considering to prevent abuse while also lowering the impact on legitimate users.

Please see the very short survey here: https://forms.gle/tEmPxrQ8H8usAgCu9

I would like to see a slightly more finer control on the runners usage.
We would like to use the CI pipelines with a timely varying group of users. Using the current system requires either to disable the shared runners at all or every user has to authenticate in some way. But jobs, initiated from their commits, mostly use our private runners.
Thus it looks preferable if the authentication is only enforced for jobs, which run on shared runners. Then these jobs must have been pushed by an authenticated user, whereas others do not need the authentication.

I enter my debit card details, it charges and reverts 1$ but never validated my user profile. After a while I get some timeout error. Please help.

Note that we are working to waive credit/debit card validation if a project has paid CI/CD minutes.

Ref: Waive credit card validation if project has CICD minutes (#349835) · Issues · GitLab.org / GitLab · GitLab

I enter my credentials and it just says please wait while we validate. I wait a long time but nothing happen. After that, when i run pipeline, it is pending, not fail and show user validating as first time. How can i do to validate my account

@thangcqUET This is not a problem I have been seen previously. It may be specific to your account. If you haven’t done so already, can you contact the support team? Support | GitLab

As of 2022-01-13, GitLab no longer requires users created after 2021-05-17 to provide a valid credit or debit card in order to run CI jobs hosted at GitLab, if those CI jobs are run on namespaces that have purchased CI minutes that have not been used.

1 Like

Hi, I am helping people from economically unstable countries to learn about free open source coding, linux, command line, git, etc. To give them a place to try out their HTML, Vanilla JS and CSS I recommended them to use gitlab pages. Those people don’t have a credit card and seems they can’t use it anymore. From your post I saw “if they use their own runner and disable shared runners” it should be possible, am I correct? How to disable shared runners and run their own? Is there some documentation for this please? Thank you for helping.

1 Like

Yes, it’s in the documentation, a quick google for “gitlab disable shared runners” would have found it: The scope of runners | GitLab

3 Likes

FYI on related topic: Public open source projects are eligible for Ultimate tier features | GitLab

hello!

I would like to ask about the privacy concerns about this matter.

What happens if you enter a Credit Card for validating an account? Will it get saved on your account and be used for future purchases in GitLab? Can I opt to remove my credit card data due to privacy concerns?

I am just asking out of concern and curiosity. I feel like I may have skipped over some lines in the Privacy Policy regards this matter, and knowing how Credit Card details are managed may help me put my mind at ease in verifying my account.

Thank you.

@cindrmon Thanks for the question.

At the current time we only use the credit/debit card to validate the account for those who want to use GitLab hosted CI runners on free accounts. We don’t store the card. If this changes in the future, we will surely make this obvious when the credit card is requested.

More context here if interested: How to prevent crypto mining abuse on GitLab.com SaaS | GitLab

Does that mean that if I apply to the GitLab for Open Source Program and my group is admitted and a new user enters the group, they will not need to provide a credit card in order to be able to run pipelines (at least not until the group exceeds those 50k CI/CD minutes)?

Thanks for the question @jgonggrijp . The short answer is yes because the project will be effectively on a paid license if accepted to the open source program…

1 Like

Thanks. I asked a related question; would you be able to answer that, too?

That’s not a part of the product I am familiar with @jgonggrijp

Thanks anyway. Do you happen to know anyone who might be able to answer the question?

I’m asking around. Stay tuned…

1 Like