Prevent exposing GITEA_RUNNER_REGISTRATION_TOKEN to act (#188)
You can currently expose the token to jobs even while using docker in docker `-e GITEA_RUNNER_REGISTRATION_TOKEN` tells the docker client of act to read GITEA_RUNNER_REGISTRATION_TOKEN from the process and now it can be stolen. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/188 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.io> Co-committed-by: ChristopherHX <christopherhx@noreply.gitea.io>
This commit is contained in:
parent
35596a182b
commit
fd7c8580af
1 changed files with 2 additions and 0 deletions
2
run.sh
2
run.sh
|
@ -41,5 +41,7 @@ if [[ ! -s .runner ]]; then
|
|||
fi
|
||||
done
|
||||
fi
|
||||
# Prevent reading the token from the act_runner process
|
||||
unset GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
|
||||
act_runner daemon ${CONFIG_ARG}
|
||||
|
|
Loading…
Reference in a new issue