• Stars
    star
    1,592
  • Rank 29,380 (Top 0.6 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created about 5 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This will run the new self-hosted github actions runners with docker-in-docker

Docker Github Actions Runner

Docker Pulls awesome-runners

This will run the new self-hosted github actions runners.

Quick-Start (Examples and Usage)

Please see the wiki Please read the contributing guidelines

Notes

Security

It is known that environment variables are not safe from exfiltration. If you are using this runner make sure that any workflow changes are gated by a verification process (in the actions settings) so that malicious PR's cannot exfiltrate these.

Docker Support

Please note that while this runner installs and allows docker, github actions itself does not support using docker from a self hosted runner yet. For more information:

Also, some GitHub Actions Workflow features, like Job Services, won't be usable and will result in an error.

Containerd Support

Currently runners do not support containerd

Docker Artifacts

Container Base Supported Architectures Tag Regex Docker Tags Description Notes
ubuntu focal x86_64,arm64 /\d\.\d{3}\.\d+/ /\d\.\d{3}\.\d+-ubuntu-focal/ latest ubuntu-focal This is the latest build (Rebuilt nightly and on master merges). Tags without an OS name are included. Tags with -ubuntu-focal are included and created on upstream tags.
ubuntu jammy x86_64,arm64 /\d\.\d{3}\.\d+-ubuntu-jammy/ ubuntu-jammy This is the latest build from jammy (Rebuilt nightly and on master merges). Tags with -ubuntu-jammy are included and created on upstream tags. There is currently an issue with jammy from inside a 20.04LTS host which is why this is not latest
ubuntu bionic x86_64,arm64 /\d\.\d{3}\.\d+-ubuntu-bionic/ ubuntu-bionic This is the latest build from bionic (Rebuilt nightly and on master merges). Tags with -ubuntu-bionic are included and created on upstream tags.
debian buster (now deprecated) x86_64,arm64 /\d\.\d{3}\.\d+-debian-buster/ debian-buster Debian buster is now deprecated. The packages for arm v7 are in flux and are wildly causing build failures (git as well as apt-key and liblttng-ust#. Tags with -debian-buster are included and created on upstream tags.
debian bullseye x86_64,arm64 /\d\.\d{3}\.\d+-debian-bullseye/ debian-bullseye This is the latest build from bullseye (Rebuilt nightly and on master merges). Tags with -debian-bullseye are included and created on upstream tags.
debian sid x86_64,arm64 /\d\.\d{3}\.\d+-debian-sid/ debian-sid This is the latest build from sid (Rebuilt nightly and on master merges). Tags with -debian-sid are included and created on upstream tags.

These containers are built via Github actions that copy the dockerfile, changing the FROM and building to provide simplicity.

Environment Variables

Environment Variable Description
RUN_AS_ROOT Boolean to run as root. If true: will run as root. If True and the user is overridden it will error. If any other value it will run as the runner user and allow an optional override. Default is true
RUNNER_NAME The name of the runner to use. Supercedes (overrides) RUNNER_NAME_PREFIX
RUNNER_NAME_PREFIX A prefix for runner name (See RANDOM_RUNNER_SUFFIX for how the full name is generated). Note: will be overridden by RUNNER_NAME if provided. Defaults to github-runner
RANDOM_RUNNER_SUFFIX Boolean to use a randomized runner name suffix (preceeded by RUNNER_NAME_PREFIX). Will use a 13 character random string by default. If set to a value other than true it will attempt to use the contents of /etc/hostname or fall back to a random string if the file does not exist or is empty. Note: will be overridden by RUNNER_NAME if provided. Defaults to true.
ACCESS_TOKEN A github PAT to use to generate RUNNER_TOKEN dynamically at container start. Not using this requires a valid RUNNER_TOKEN
APP_ID The github application ID. Must be paired with APP_PRIVATE_KEY and should not be used with ACCESS_TOKEN or RUNNER_TOKEN
APP_PRIVATE_KEY The github application private key. Must be paired with APP_ID and should not be used with ACCESS_TOKEN or RUNNER_TOKEN
APP_LOGIN The github application login id. Can be paired with APP_ID and APP_PRIVATE_KEY if default value extracted from REPO_URL or ORG_NAME is not correct. Note that no default is present when RUNNER_SCOPE is 'enterprise'.
RUNNER_SCOPE The scope the runner will be registered on. Valid values are repo, org and ent. For 'org' and 'enterprise', ACCESS_TOKEN is required and REPO_URL is unnecessary. If 'org', requires ORG_NAME; if 'enterprise', requires ENTERPRISE_NAME. Default is 'repo'.
ORG_NAME The organization name for the runner to register under. Requires RUNNER_SCOPE to be 'org'. No default value.
ENTERPRISE_NAME The enterprise name for the runner to register under. Requires RUNNER_SCOPE to be 'enterprise'. No default value.
LABELS A comma separated string to indicate the labels. Default is 'default'
REPO_URL If using a non-organization runner this is the full repository url to register under such as 'https://github.com/myoung34/repo'
RUNNER_TOKEN If not using a PAT for ACCESS_TOKEN this will be the runner token provided by the Add Runner UI (a manual process). Note: This token is short lived and will change frequently. ACCESS_TOKEN is likely preferred.
RUNNER_WORKDIR The working directory for the runner. Runners on the same host should not share this directory. Default is '/_work'. This must match the source path for the bind-mounted volume at RUNNER_WORKDIR, in order for container actions to access files.
RUNNER_GROUP Name of the runner group to add this runner to (defaults to the default runner group)
GITHUB_HOST Optional URL of the Github Enterprise server e.g github.mycompany.com. Defaults to github.com.
DISABLE_AUTOMATIC_DEREGISTRATION Optional flag to disable signal catching for deregistration. Default is false. Any value other than exactly false is considered true. See here
CONFIGURED_ACTIONS_RUNNER_FILES_DIR Path to use for runner data. It allows avoiding reregistration each the start of the runner. No default value.
EPHEMERAL Optional flag to configure runner with --ephemeral option. Ephemeral runners are suitable for autoscaling.
DISABLE_AUTO_UPDATE Optional environment variable to disable auto updates. Auto updates are enabled by default to preserve past behavior. Any value is considered truthy and will disable them.
START_DOCKER_SERVICE Optional flag which automatically starts the docker service if set to true. Useful when using sysbox. Defaults to false.

More Repositories

1

awesome-cloudcustodian

A curated list of things relating to CapitalOne's Cloud-custodian project
87
star
2

cloudcustodian-rules

Some of my personal rules for CapitalOne's Cloud Custodian project
43
star
3

vagrant-ovirt4

oVirt v4 provider for Vagrant
Ruby
36
star
4

DevOps

Things I've written that I don't want to disappear
HCL
29
star
5

homelab

HCL
15
star
6

tilty

A pluggable system to receive and transmit bluetooth events from the Tilt Hydrometer
Go
14
star
7

docker-jenkins

Groovy
12
star
8

plaato-keg-esphome

ESPHome Build For the Plaato Keg Management System
C++
11
star
9

elk-docker-aws

an ELK stack using pure AWS services such as ECS for ELK, lambda for curator, and cloudformation for stack management
Shell
10
star
10

yawps

Yet Another Workflow Parser for SecurityHub
Python
9
star
11

Node.hl7

A (very) basic HL7 v2 interface in pure Node.js
9
star
12

saveme

Simplified AWS Vault Execution Menu Environment
Python
6
star
13

bluey

An iBeacon receiver to olay to http/mqtt/etc endpoints
Go
6
star
14

kegduino

Kegduino - Arduino Kegerator Controller
Arduino
5
star
15

xkcd-js

Random XKCD comic generator for Node.js
JavaScript
4
star
16

ec2-instance-connect-libnss-create

An NSS Module to query AWS Metadata for pending users and create them
C
2
star
17

HL7-LLP-Socket-Sender

LLP Socket Sender to send HL7 messages (Single or batch)
Perl
2
star
18

blynk_mitm

A simple TCP Socket to receive Blynk IoT data and print it
Python
2
star
19

GateCulpa

Gatekeeper (opa for k8s) policies built as helm
Shell
2
star
20

docker-fast

fast-cli debug container
Dockerfile
1
star
21

docker-retain

A github action to crawl the public images for a dockerhub user and pull them in order to retain the images
Shell
1
star
22

MySQL-to-MongoDB-Migrator

Migrates simple Mysql data to MongoDB
Perl
1
star
23

synology-ups-datadog

A custom datadog container to do what datadog snmp cant (synology UPS over USB)
Shell
1
star
24

ThingDoer

To test out C# .NET CI/CD
C#
1
star
25

puppet-marklogic

Puppet Module For Marklogic
Ruby
1
star
26

blog-exampleservice

Example service for blog post on continuous deployment
Ruby
1
star
27

bluey-lite

A Bunch of builds/forks of the tilt hydrometer companion for different micro controllers
Python
1
star
28

puppet-mirthconnect

Mirth Connect allows applications to communicate with disparate health information systems using a wide variety of protocols and messaging systems.
Ruby
1
star
29

nix

My NixOS configurations
Nix
1
star