I found this FAQ: Docker FAQs | Docker
Q: I want to run an automated agent that makes container requests on behalf of my organization. Which license do I need?
A: Automated agents or service accounts that make container image requests of Docker Hub must be licensed under a Docker Team subscription.
In the case of anonymous pulls from a Github-hosted runner which organization must pay? Github or the open-source project? This FAQ should be much clearer.
BTW I’m aware Github has some special agreement with Docker[*] (otherwise anonymous pulls would have hit a rate limit a long time ago) But this special agreement does IMHO not answer my question.