Improving my self-hosted actions runner setup
Summary
The article covers moving a self-hosted CI runner from a bare-metal/docker approach to a containerized setup using Linux namespaces (systemd-nspawn), with private networking and DNS resolution to improve supply chain security. It discusses trade-offs, such as caching risks, update downtime, and the limitations of container-based isolation, and suggests potential future enhancements like ephemeral runners.