When running a public continuous integration server, the potential risk is that a rogue build will interfere with
- another project
While I suspect we could use remote agents to get around most of the risk of a plan interfering with bamboo; it does not help with preventing interference between projects.
A cunning plan that I had was to allow the bamboo server to sudo to a variety of different accounts (typically one user per project.
The launching the build would look something like
Then the entire build would run as that user, completely isolated from the rest of the system and other plans.
I've looked through the various plugins, and it doesn't appear I can write a plugin to intercept the build - and I don't want to have to write 4 plugins that pretty much replicate the existing builders (Ant / Maven / Maven2 / bash) - unless I can call them easily after I've sudoed - which I doubt.