Prevent exposing GITEA_RUNNER_REGISTRATION_TOKEN to act (#188)

You can currently expose the token to jobs even while using docker in docker

`-e GITEA_RUNNER_REGISTRATION_TOKEN` tells the docker client of act to read GITEA_RUNNER_REGISTRATION_TOKEN from the process and now it can be stolen.

Reviewed-on: https://gitea.com/gitea/act_runner/pulls/188
Reviewed-by: Jason Song <i@wolfogre.com>
Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.io>
Co-committed-by: ChristopherHX <christopherhx@noreply.gitea.io>
pull/30/head
ChristopherHX 2023-05-17 14:13:38 +08:00 committed by Jason Song
parent 35596a182b
commit fd7c8580af
1 changed files with 2 additions and 0 deletions

2
run.sh
View File

@ -41,5 +41,7 @@ if [[ ! -s .runner ]]; then
fi fi
done done
fi fi
# Prevent reading the token from the act_runner process
unset GITEA_RUNNER_REGISTRATION_TOKEN
act_runner daemon ${CONFIG_ARG} act_runner daemon ${CONFIG_ARG}