Is there a way to customize the securityContext in containerMode: kubernetes?

[Pigueiras]

I have the following running RunnerDeployment:

apiVersion: actions.summerwind.dev/v1alpha1
kind: RunnerDeployment
metadata:
  name: yyyy
  namespace: default
spec:
  replicas: 3
  template:
    spec:
      securityContext:
        fsGroup: 999
        runAsUser: 999
      containers:
      - name: runner
        env: []
        securityContext:
            seccompProfile:
              type: RuntimeDefault
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - "ALL"
      repository: xxxx
      containerMode: kubernetes
      serviceAccountName: my-service-account
      workVolumeClaimTemplate:
        storageClassName: local-path
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi

Is it possible to pass securityContext rules to the generated pod that will run the job in the Github Actions? I am experimenting with PSS, that's why I want to see if it's possible to generate (at this moment, the securityContext of the workflow pod is empty, and therefore the job in GitHub Actions simply fails, because the security standards are preventing the pod from being created).

[veronicatjan]

Seems like this solution will work for you:
actions/runner-container-hooks#50

Just build the custom actions-runner container image and update ARC to use the custom image. Add your customisation to the template.yaml, then the generated workflow pod will follow your customisation.