Show HN: Run a GitHub Actions step in a gVisor sandbox
6 months ago
- #gVisor
- #GitHub Actions
- #Security
- GitHub Actions with read-only permissions still receive a cache write token, allowing cache poisoning.
- No isolation between steps in a workflow as they run on the same VM with root access.
- Running untrusted code in a workflow with read-only permissions can lead to a false sense of security.
- This GitHub Action runs commands in an isolated gVisor sandbox to mitigate risks.
- The sandbox features include a root filesystem similar to ubuntu-24.04, overlayed access to GITHUB_WORKSPACE, and read-only access to tools installed by setup-* actions.
- Changes to the workspace inside the sandbox can persist on the host if 'persist-workspace-changes' is set to 'true', but this is not safe.
- The action detects and fails if actions/checkout has persisted authentication tokens in GITHUB_WORKSPACE.
- To use this action, disable credential persistence in the checkout step or set 'allow-checkout-credentials' to 'true' (not recommended).
- All tags use GitHub's Immutable Releases for security.
- Example workflow includes running Go tests with different versions and dependencies, staticcheck, and govulncheck in a sandboxed environment.