[lmeyerov]

the first commenter was right on the env thing helping with ci/cd secret isolation

the open issue is that GHA env is vulnerable to typical npm/pip/conda/etc supply chain attacks. it lets them do funny network requests (both data exfil + integrity, and even quota wastage / DoS):

- GitHub hosted runners should allow inbound/outbound domain safelists, full isolation w internal repo safelisting, or something else like it

- and/or self-hosted runners should have an Azure serverless mode where the host owner can do their own presets. less good b/c trickier to maintain typical safelists

currently , GHA is default-allow for supply chain attacks =\

in theory folks can try docker-in-docker to limit network access, or the equiv lower, and layer on internal repos to prevent 0-days, but this gets gnarly quickly and more sanely handled by the managed CI env we are all paying for