register-runner: mount docker socket in container
In order for jobs on this runner to be able to build docker images, the build container needs access to docker. One option is to use docker-in-docker, but this is not a recommended option. The other option is to mount the docker socket from the host to the build containers. This is technically the best option, but it comes with some issues: * CI jobs get full access to docker, with all it's security implications * Different jobs can create conflicting images / containers * Jobs could create images which remain on the host, and could be accidentaly (or on purpose) be used by other jobs. This is limited by the setting to always fetch images from the registry. This remains a trade-off between security and convenience, but it should be used with care.
Showing with 3 additions and 2 deletions