Skip to content
  • Kevin Daudt's avatar
    register-runner: split the runner into two runners · 3f4051a2
    Kevin Daudt authored
    In order to be able to run docker images inside docker, we mount the docker
    socket inside the build container. This offer a security risk, as any CI job is
    able interact with the docker engine the host.
    
    To mitigate this, one runner is used to build docker images. This runner
    should be limited to trusted projects.
    
    The other runner can be shared, as it does not get the docker socket.
    3f4051a2