From 576f5780a20bf4b62438124e3cd61b03279f19eb Mon Sep 17 00:00:00 2001
From: Philip Haupt <“der.mad.mob@gmail.com”>
Date: Sat, 11 Oct 2025 20:44:25 +0200
Subject: [PATCH] security context

---
 gitea-runner/main.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gitea-runner/main.yaml b/gitea-runner/main.yaml
index 603dc33..dcc2fc4 100644
--- a/gitea-runner/main.yaml
+++ b/gitea-runner/main.yaml
@@ -82,6 +82,13 @@ spec:
         image: docker.io/gitea/act_runner:0.2.11-dind-rootless
         imagePullPolicy: IfNotPresent
         name: act-runner
+        securityContext:
+          runAsUser: 1000
+          runAsGroup: 1000
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
         volumeMounts:
         - mountPath: /data
           name: data