• Kevin Daudt's avatar
    register-runner: mount docker socket in container · 4ed9c80f
    Kevin Daudt authored
    In order for jobs on this runner to be able to build docker images, the
    build container needs access to docker.
    One option is to use docker-in-docker, but this is not a recommended
    The other option is to mount the docker socket from the host to the
    build containers. This is technically the best option, but it comes with
    some issues:
    * CI jobs get full access to docker, with all it's security implications
    * Different jobs can create conflicting images / containers
    * Jobs could create images which remain on the host, and could be
      accidentaly (or on purpose) be used by other jobs. This is limited by
      the setting to always fetch images from the registry.
    This remains a trade-off between security and convenience, but it should
    be used with care.
register-runner 497 Bytes