sverhoeven
commented
3 years ago @felipeZ and @JensWehner I think this makes running a self hosted runner on a public repo much more secure. Could you try it out?
Open sverhoeven opened 3 years ago
sverhoeven
commented
3 years ago @felipeZ and @JensWehner I think this makes running a self hosted runner on a public repo much more secure. Could you try it out?
sverhoeven
commented
3 years ago See https://github.com/actions/runner/issues/494 for more advanced proposal
In https://github.blog/2021-04-22-github-actions-update-helping-maintainers-combat-bad-actors/ is explained that now first time contributors need approval before the workflows are run. Also see the docs.
This mechanism also greatly reduces the threat of misuse of self hosted runners. As random folks from the Internet can no longer trigger a job to be run on our self hosted runner without approval.