I use a self hosted instance of Drone CI, and I’m worried that I might have to deal with malware like crypto miners at one point or another.
I can change the build timeout, and just disable pull requests on each repository, but that starts to get tedious as I create repository upon repository.
With that then, is there any global way of just disabling pull requests, at least by default, for all repositories? If not, would there be any other solution that would work besides needing to rebuild Drone?
pull requests can only be disabled per-repository, from the repository settings screen in drone. If you want to disable all pull requests globally you would need to create a validation extension. See Validation Extension | Drone
Is there any certainty that the syntax of the info pushed won’t change in the future?
I’ve got my Docker containers automatically updating regularly, and I can’t risk having any PRs getting through, as quite a few of my builds require privileged mode for Docker builds. Am I going to be risking it changing if I use something like an extension?
The payload request and response are stable and are versioned using the Accept header (below). If the request or response format changes we would increment the version. If you want to be extra cautious, you could check the Accept header and error if it does not match the expected version.