[Scaled]

Gitea action runner has a bunch of different ways to setup and doing the isolation properly looks tricky. The documentation doesn't provide any isolation tests to administrators, either.

The biggest mitigation is that gitea documentation discourages you from using action runners from untrusted users. Not flawless security, but it's something...

[woodruffw]

> The biggest mitigation is that gitea documentation discourages you from using action runners from untrusted users.

This recommendation seems incompatible with third-party collaboration, at least on its face!

[dspillett]

Potentially, but for many projects things like that are tools that you want to control access to anyway. Anyone wanting to update the CI/CD process who isn't a trusted part of the project should be having their changes properly reviewed by someone who is anyway, at which point the reviewer is the trusted user not the random external entity.