osc/skins
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

security concerns #29

New Issue
Open
opened 2025-06-20 13:36:23 +02:00 by Arlind · 11 comments
Arlind commented 2025-06-20 13:36:23 +02:00
Owner
Copy Link

only give it internet access where it needs it (github, osu api, gitea api)
definitely improve the docker image so it doesnt need all those absurd system requirements
somehow restrict the action file in a way

only give it internet access where it needs it (github, osu api, gitea api) definitely improve the docker image so it doesnt need all those absurd system requirements somehow restrict the action file in a way
Arlind self-assigned this 2025-06-20 13:36:24 +02:00
Arlind added this to the Skinhub Project project 2025-06-20 13:36:24 +02:00
Arlind commented 2025-06-20 15:22:51 +02:00
Author
Owner
Copy Link

maybe dont run the ci per repository but somehow run it from this repo so users never get to interact with it (my ass is definitely not doing that)

maybe dont run the ci per repository but somehow run it from this repo so users never get to interact with it (my ass is definitely not doing that)
Arlind moved this to Maybe / No Priority in Skinhub Project on 2025-06-20 15:24:16 +02:00
Arlind commented 2025-06-20 15:24:34 +02:00
Author
Owner
Copy Link

for now I will trust my humble users until something happens

for now I will trust my humble users until something happens
Arlind commented 2025-07-17 08:48:06 +02:00
Author
Owner
Copy Link

gravatar while not easy to use to find someones mail, it can definitely help when trying to find it out, disabled it as of this comment

gravatar while not easy to use to find someones mail, it can definitely help when trying to find it out, disabled it as of this comment
Arlind commented 2025-09-30 22:54:10 +02:00
Author
Owner
Copy Link

getting better with the reusable actions but still not quite there

getting better with the reusable actions but still not quite there
Arlind commented 2025-09-30 23:11:40 +02:00
Author
Owner
Copy Link

ideally have a repo that executes cis on a repo on change, while restricting users to even access runners

ideally have a repo that executes cis on a repo on change, while restricting users to even access runners
Arlind commented 2025-10-01 15:32:12 +02:00
Author
Owner
Copy Link

got it to work with

      options: >-
        --gpus all
        --env NVIDIA_DRIVER_CAPABILITIES=all
        --env NVIDIA_VISIBLE_DEVICES=all

which is a lot better...

got it to work with ```yml options: >- --gpus all --env NVIDIA_DRIVER_CAPABILITIES=all --env NVIDIA_VISIBLE_DEVICES=all ``` which is a lot better...
Arlind commented 2025-11-23 00:05:54 +01:00
Author
Owner
Copy Link

eventually I should change the public runners to not have internet access

eventually I should change the public runners to not have internet access
Arlind commented 2025-11-23 00:06:26 +01:00
Author
Owner
Copy Link

got it to work with

      options: >-
        --gpus all
        --env NVIDIA_DRIVER_CAPABILITIES=all
        --env NVIDIA_VISIBLE_DEVICES=all

which is a lot better...

I added back --privileged cause it errored out I think

> got it to work with > ```yml > options: >- > --gpus all > --env NVIDIA_DRIVER_CAPABILITIES=all > --env NVIDIA_VISIBLE_DEVICES=all > ``` > which is a lot better... I added back --privileged cause it errored out I think
Arlind commented 2025-11-23 17:16:53 +01:00
Author
Owner
Copy Link

ill restrict internet access but otherwise nothign i could do

ill restrict internet access but otherwise nothign i could do
Arlind commented 2025-11-28 00:08:02 +01:00
Author
Owner
Copy Link

I need to find a way to run actions that don't let the user edit it themselves, for example webhook requests to run a workflow but the workflow is defined elsewhere

I need to find a way to run actions that don't let the user edit it themselves, for example webhook requests to run a workflow but the workflow is defined elsewhere
Arlind commented 2025-11-28 08:40:19 +01:00
Author
Owner
Copy Link

just migrate to cloud and have abhorrently long render times maybe

just migrate to cloud and have abhorrently long render times maybe
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project Skinhub Project
Assignees
Clear assignees
Arlind
No Assignees Arlind
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: osc/skins#29
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?