|
|
|
|
|
|
by Bognar
1996 days ago
|
|
|
It is definitely the case with Actions. > I don't think you really have full access to everything You do. > their software runs that yaml which could easily exclude any dangerous commands Categorizing dangerous commands is impossible to do accurately by just looking at a yaml file. > Plus, github offers a hosted runner service where you pay for a dedicated VM to run your actions in. So that makes it seem like actions are probably run together on larger VMs by default. I'm not sure what this means. The paid hosted runners are not any different from the free hosted runners, but free runners can only be used on public repos. |
|
|