Someone posted a link  to a GitHub repo here a few days ago that would fire up a miner on some AWS GPU instances... except that they hard-coded their own account (wallet) into it so any profits would go to them. It hit the HN front page pretty quickly.
This might be completely legit but, at minimum, take a few minutes to look through the code before you just blindly deploy it.
I don't even know if this is valid within the T&Cs - but I hope it will be interesting and of educational value at the least.
This docker container calls a pre-compiled binary ./cpuminer. There is no way to tell if this binary faithfully uses the bitcoin address provided in the command line (yes there is some code there but you cannot confirm that this it was compiled from that code.)
But it gets worse. Even if someone does disassemble the binary, you could update the the docker container to add this capability, and nobody will be able to tell because the image gets pulled each time.
But if making a lot of money is your goal then you're better do it it trading, no I'm not going to elaborate
In other words never. Now that this is out of the bag it's over.
Mining might get you hundreds, low thousands a month. Trading is 10s thousands / low hundreds thous. Month