Public GitHub repositories

Overview

Shipfox registers itself as a self-hosted runner within the Default runner group (ID 1) of your GitHub Organization. However, by default, GitHub disables the use of self-hosted runners, including managed services like Shipfox, for public repositories.

Enable Shipfox runners on public GitHub repositories

Here are the steps to enable access to Shipfox runners in public repositories in your organization:

1. Go to your GitHub Organization default runner settings page here: https://github.com/organizations/[YOUR_ORGANIZATION]/settings/actions/runner-groups/1.
2. Check the box labelled Allow public repositories.

Security

Shipfox runners offer the same level of security as GitHub-hosted runners. While GitHub documentation advises against using self-hosted runners for public repositories due to the risk of malicious content in PRs from external contributors—potentially compromising infrastructure such as AWS, GCP, or Azure accounts—this risk typically arises when self-hosted runners are not properly secured, as seen with setups like actions-runner-controller (ARC) on Kubernetes.

Shipfox runners, however, are designed with security in mind. All workflows using Shipfox runners are executed within isolated virtual machines (VMs), ensuring robust isolation guarantees. This architecture makes it entirely safe to use Shipfox runners for public repositories.