top | item 47096221

(no title)

At this point your steps are so simple id skip GitHub actions security tyre fire altogether. Just run the go commands whilst listening on GitHub webhooks and updating checks with the GitHub checks API.

GitHub actions is the biggest security risk in this whole setup.

Honestly not that complicated.

discuss

NewJazz|9 days ago

I learned recently that self-hosted GHA runners are just VMs your actions have shell access to, and cleanup is on the honor system for the most part.

Absolutely wild.