Prevent exposing GITEA_RUNNER_REGISTRATION_TOKEN to act (#188)

You can currently expose the token to jobs even while using docker in docker `-e GITEA_RUNNER_REGISTRATION_TOKEN` tells the docker client of act to read GITEA_RUNNER_REGISTRATION_TOKEN from the process and now it can be stolen. Reviewed-on: https://gitea.com/gitea/act_runner/pulls/188 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.io> Co-committed-by: ChristopherHX <christopherhx@noreply.gitea.io>
2024-11-10 04:37:22 +01:00 · 2023-05-17 14:13:38 +08:00 · 2023-05-17 14:13:38 +08:00 · fd7c8580af
commit fd7c8580af
parent 35596a182b
1 changed files with 2 additions and 0 deletions
--- a/run.sh
+++ b/run.sh
@ -41,5 +41,7 @@ if [[ ! -s .runner ]]; then
    fi
  done
 fi
+# Prevent reading the token from the act_runner process
+unset GITEA_RUNNER_REGISTRATION_TOKEN

 act_runner daemon ${CONFIG_ARG}