Zum Inhalt springen

wrkflw v0.7.0 with secure sandboxing for running GitHub Actions locally

Hello everyone,

I’m excited to share wrkflw v0.7.0 with some major workflow execution improvements!

What’s wrkflw?

A Rust CLI tool for validating and executing GitHub Actions workflows locally, with support for Docker, Podman, and secure emulation modes.

Key Features in v0.7.0:

Comprehensive Secure Sandboxing

  • Safe execution of untrusted workflows with command validation and filtering
  • Blocks dangerous commands like rm -rf /, sudo, etc.
  • Resource limits (CPU, memory, execution time)
  • Filesystem access controls and process monitoring
  • Recommended for local development – no container overhead required

Reusable Workflows Support

  • Execute jobs that call reusable workflows (jobs.<id>.uses)
  • Supports both local paths and remote repos (owner/repo/path@ref)
  • Proper input/secret propagation

Multi-Path Validation

  • Validate multiple workflows simultaneously across files and directories
  • Auto-detects GitHub/GitLab format per file

  • Perfect for CI/CD pipelines and bulk validation

    Validate multiple files/directories at once

    wrkflw validate .github/workflows/ .gitlab-ci.yml other-workflows/

    Auto-detects GitHub/GitLab per file

    wrkflw validate path/to/github-workflow.yml .gitlab-ci.yml

    Force GitLab for all files

    wrkflw validate –gitlab *.yml

Enhanced TUI Help Tab

  • Comprehensive documentation
  • Better navigation and user experience

Runtime Modes

# Secure sandboxed execution (recommended for local dev) wrkflw run --runtime secure-emulation .github/workflows/ci.yml # Container-based execution wrkflw run --runtime podman .github/workflows/ci.yml wrkflw run --runtime docker .github/workflows/ci.yml # Legacy emulation (not recommended - no security) wrkflw run --runtime emulation .github/workflows/ci.yml

Installation

cargo install wrkflw

The secure sandboxing mode makes it safe to test workflows from untrusted sources locally, while reusable workflows support enables testing complex multi-workflow setups before pushing to GitHub!

Links:

Always appreciate feedback from the community!

submitted by /u/New-Blacksmith8524
[link] [comments]

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert