mirror of https://code.forgejo.org/forgejo/runner
Prevent exposing GITEA_RUNNER_REGISTRATION_TOKEN to act (#188)
You can currently expose the token to jobs even while using docker in docker `-e GITEA_RUNNER_REGISTRATION_TOKEN` tells the docker client of act to read GITEA_RUNNER_REGISTRATION_TOKEN from the process and now it can be stolen. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/188 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.io> Co-committed-by: ChristopherHX <christopherhx@noreply.gitea.io>pull/30/head
parent
35596a182b
commit
fd7c8580af
Loading…
Reference in New Issue