It's a real shame that GitHub doesn't run CI against PRs from new contributors any more: https://github.blog/2021-04-22-github-actions-update-helping-maintainers-combat-bad-actors/
Preventing arbitrary cryptocurrency mining code is incredibly hard though. It's increasingly common: https://layerci.com/blog/crypto-miners-are-killing-free-ci/
