No worries! When I checked the repo, I didn’t see any forks, and my Proxmox resource usage looked normal, so I didn’t think anything bad happened. I just got cautious after a Reddit user pointed out that the config I thought was safe wasn’t actually secure.

I hadn’t thought of it that way, but it makes a lot of sense. I was just avoiding committing certain things and only pushing finished work to GitHub.

Thanks!!

I also thought this wasn’t an issue anymore, there’s a setting in the Actions settings where you can enable or disable workflows from forked pull requests. But someone on Reddit spooked me a bit about it, so for now, I’ve made the repo private until I’m 100% sure there are no risks. I wanted it public because I was considering using GitHub Issues as a backend for blog comments, but I’ll reevaluate that. Also, thanks for the idea of running a local git server with mirroring to GitHub—I hadn’t considered having two upstreams. That could be a great setup, especially since I’m still in college and trying to build in public for future job opportunities while keeping CI/CD self-hosted.

Basically, I just wanted to tinker and learn. Self-hosting my CI/CD pipeline seemed like an interesting approach, and I wanted to explore how it all works beyond just using GitHub’s free runners.

My main reason was honestly laziness 😅 . I just went with what was quickest to set up. I also hadn’t realiced I could have two upstreams on my repo: one public-facing on GitHub (because I’m still in college and trying to build in public for future job opportunities) and another self-hosted on Gitea or GitLab for CI/CD.

That actually sounds like a great setup, so I’ll definitely look into it now. Thanks for the recommendation!