-
Notifications
You must be signed in to change notification settings - Fork 6
32 lines (27 loc) · 917 Bytes
/
self-hosted.yml
File metadata and controls
32 lines (27 loc) · 917 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# self-hosted.yml
#
# what:
# runs jobs on a self-hosted runner. self-hosted runners *can* be used
# securely in "ephemeral" setups (where the runner is torn down after
# each job), but this is not the default and is commonly not the case.
#
# as such, self-hosted runners should generally not be used within public
# repositories. the exception to this is ephemeral runners, but there's
# no easy way to distinguish these at the workflow level.
#
# how:
# misconfiguration.
#
# see also: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security
on:
push:
branches: [main]
permissions: {}
jobs:
vulnerable:
permissions: {}
# NOT OK: self-hosted runners are difficult to secure in public repos
runs-on: [self-hosted, my-ubuntu-box]
steps:
- run: |
echo "hello from a self-hosted runner"