Replies: 3 comments 2 replies
-
GitHub Actions runners do not run on plain Ubuntu, they have additional tooling installed. Therefore, a base Ubuntu Docker image wouldn't work. GitHub only releases vm images of the GitHub Actions runner. Act uses Docker, so a custom container that replicates the functionality of the runner VMs has to be created. That's why it pulls from the repo you mention. If you have security concerns, you are free to inspect and explore how these containers are built in the repo you mention, or build one yourself if you want. See this bit on alternative runner images. |
Beta Was this translation helpful? Give feedback.
-
Selecting the small image in first time setup will pull node:sometag and you don't have to trust a random maintainer of nektos/act. catthehacker/Ryan/R/pj was a major contributor / maintainer of nektos/act in 2020/21. Maintainer of this repo are unable to create repositories in nektos org, so it tend to be eaier to use a custom GitHub account.
Do whatever you want.
I don't think so. However don't trust me, I'm a collabator with push access to the git repo (less restricted than nektos/act). |
Beta Was this translation helpful? Give feedback.
-
it is me, "who tf" are you?
None, you can see whole repo history and who made which commits.
With what you shown in this discussion is that you have barely any understanding of security and that you have no idea what |
Beta Was this translation helpful? Give feedback.
-
workflow: https://github.com/ryuukk/zag/blob/no_error_pls/.github/workflows/zag_ci.yml
Who tf is this person https://github.com/catthehacker/docker_images
What are the chances this is compromised? i bet it is
Beta Was this translation helpful? Give feedback.
All reactions