Clarify that jobs in a workflow can compromise each other only on self-hosted runners #35317
Open
1 task done
Labels
actions
This issue or pull request should be reviewed by the docs actions team
content
This issue or pull request belongs to the Docs Content team
more-information-needed
More information is needed to complete review
SME reviewed
An SME has reviewed this issue/PR
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#reusing-third-party-workflows
What part(s) of the article would you like to see updated?
My understanding is that this only applies to jobs running on self-hosted runners.
As per https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners, GHA-hosted runners use a fresh VM for each job. So "shared directory" and "Docker socket" are not a thing for GHA-hosted runners.
Additional information
No response
The text was updated successfully, but these errors were encountered: