We should isolate the whole act execution inside containers. We have a working setup that uses dind (see https://github.com/gitbugactions/gitbug-java/tree/dind) in GitBug-Java.