Preventing Crypto Mining abuse on SaaS

What about the following approach:
If a user forks an open source project and then makes a merge request back to the forked project, allow the pipelines for the merge request checks to run, as long as they didn’t change the .gitlab-ci.yml file and the project is allowed to run pipelines, even if the user doesn’t have a credit card on their account.

People contributing changes to .gitlab-ci.yml files should be rare, and since they didn’t change it they cannot introduce any cryptomining. If they still want to change something on the .gitlab-ci.yml file, they would need to provide their own runners or add a credit card. I feel this would be a good compromise.