When I push an update to my Julia package in GitHub, I have set it up to automatically run a bunch of workflows, such as CompatHelper.jl which checks for updates in my package dependencies, and a Documenter.jl script that builds the documentation and pushes it to GitHub pages. I suppose if I were more clever I could get it to automatically run my test/ library too.
But my question is, all of these processes have to run on a computer somewhere, and that computer isn’t mine, so is Microsoft (which owns GH) just giving me computer power for free? What’s their interest in doing so—is it a loss leader to get me enmeshed in the GH ecosystem in the hopes that I later buy a premium account? Or is Microsoft using my code to do train some fancy ML algorithm?
And are there limits on what kinds of scripts I can run with Github actions? At first I reasoned that GitHub would only allow actions that are on a “whitelist,” but CompatHelper.jl is just a program and it seems like, in principle, I could write (say) a GitHub action that mines a bunch of cryptocurrency and deposits it in my wallet … and have the code executed, at no cost to me, on Microsoft’s servers. How does Microsoft “vet” GH actions against malicious or profit-seeking code?
Yes, but also hosting the git repository is a service they’re giving for free.
Not everyone ends up making paid for subscriptions, but yes, they make money that way. Especially organisations that want private repositories, without the hassle of maintaining an instance of a git server themselves.