Ability to filter runner jobs based on branches

[liamgib]

Is your feature request related to a problem? Please describe.
We have a private repo that follows a non-forking branching strategy.
Features are developed in personal feature branches and we have a primary branch and environment branches.

In GitHub, if a user creates a new workflow, they can use the runner against their own branch which is a security concern to using self-hosted runners. By this, the actions workflow does not need to be in the default (and approved) branch for it to run on the runner... which is bad.

This should really be introduced by Github, but the issue surrounding this has now been open for a year.
actions/runner#494

Describe the solution you'd like

It would be really good if we could register an actions runner with a list of 'allow_branches'... something like this:

apiVersion: actions.summerwind.dev/v1alpha1
kind: Runner
metadata:
  name: example-runner
spec:
  repository: summerwind/actions-runner-controller
  env: []
  allowed_branches: ['environment_branch']

When a job is triggered, if this field is present it would validate the trigger branch otherwise not accept the job.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[mumoshu]

@liamgib I hear you, but this isn't technically possible. You must fork https://github.com/actions/runner and enhance it to filter jobs not only on runner labels and groups but also branches . And we aren't actions/runner authors. In addition to that, not all github actions events have "branch" attribute so this doesn't really make sense to do externally.