marcel/familienarchiv
1
0
Fork 0
Code Issues 118 Pull Requests 2 Actions 4 Packages Projects Releases Wiki Activity

ci: document Docker socket security trade-off in runner config
Some checks failed
CI / Unit & Component Tests (pull_request) Failing after 4m34s
Details
CI / OCR Service Tests (pull_request) Successful in 35s
Details
CI / Backend Unit Tests (pull_request) Failing after 3m18s
Details
CI / Unit & Component Tests (push) Failing after 4m30s
Details
CI / OCR Service Tests (push) Successful in 31s
Details
CI / Backend Unit Tests (push) Failing after 3m13s
Details

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit was merged in pull request #494.
This commit is contained in:
Marcel
2026-05-09 16:05:19 +02:00
parent 5512790d5a
commit 6074480482
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
runner-config.yaml
View File

@@ -6,6 +6,10 @@ container:
valid_volumes: valid_volumes:
- "/var/run/docker.sock" - "/var/run/docker.sock"
# appended to `docker run` when the runner spawns a job container # appended to `docker run` when the runner spawns a job container
# SECURITY: Mounting the Docker socket grants job containers root-equivalent
# access to the host Docker daemon. Acceptable here because only trusted code
# from this private repo runs on this runner. Do NOT use on a runner that
# accepts untrusted PRs from external contributors.
options: "-v /var/run/docker.sock:/var/run/docker.sock" options: "-v /var/run/docker.sock:/var/run/docker.sock"
# keep network mode default (bridge) — Testcontainers handles its own networking # keep network mode default (bridge) — Testcontainers handles its own networking
force_pull: false force_pull: false