@example
I believe gitea/forgejo has feature parity with any github-ish runner [1] so you should be able to use your gitlab runner.
Otherwise, unless I am misunderstanding you, checkout forgejo runner using docker-in-docker [2]
I might have misread, but you wanted VPS to be spun up pr. job or just a docker container pr. job? Spinning up a whole VPS seems a little unusual, do you interface with a hypervisor or what are you doing?
I’m indeed talking about spinning up full vps. with untrusted workloads I’d rather have the best isolation reasonably possible. effectively, this is similar to how Github hosted runners work. my gitlab is currently primarily working by spinning up Hetzner cloud vps on demand, but I’ve also used this with proxmox before.
if I have very sensitive secrets accessible to my ci pipeline I want to minimize the risk of leakage through compromise of CI environments to a minimum.
@example
I believe gitea/forgejo has feature parity with any github-ish runner [1] so you should be able to use your gitlab runner.
Otherwise, unless I am misunderstanding you, checkout forgejo runner using docker-in-docker [2]
I might have misread, but you wanted VPS to be spun up pr. job or just a docker container pr. job? Spinning up a whole VPS seems a little unusual, do you interface with a hypervisor or what are you doing?
[1] https://forgejo.org/docs/next/admin/actions/#other-runners
[2] https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose
I’m indeed talking about spinning up full vps. with untrusted workloads I’d rather have the best isolation reasonably possible. effectively, this is similar to how Github hosted runners work. my gitlab is currently primarily working by spinning up Hetzner cloud vps on demand, but I’ve also used this with proxmox before.
if I have very sensitive secrets accessible to my ci pipeline I want to minimize the risk of leakage through compromise of CI environments to a minimum.