Skip to main content

About self-hosted runners

You can host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

注意:GitHub Enterprise Server 目前不支持 GitHub 托管的运行器。 可以在 GitHub public roadmap 上查看有关未来支持计划的更多信息。

About self-hosted runners

A self-hosted runner is a system that you deploy and manage to execute jobs from GitHub Actions on your GitHub Enterprise Server instance. For more information about GitHub Actions, see "Understanding GitHub Actions" and "About GitHub Actions for enterprises."

使用自托管运行器,可以创建自定义硬件配置,以满足处理能力或内存需求,以运行更大的作业,在本地网络上安装可用的软件,并选择 GitHub 托管的运行器未提供的操作系统。 自承载运行器可以是物理设备、虚拟设备、在容器中、在本地或在云中。

You can add self-hosted runners at various levels in the management hierarchy:

  • Repository-level runners are dedicated to a single repository.
  • Organization-level runners can process jobs for multiple repositories in an organization.
  • Enterprise-level runners can be assigned to multiple organizations in an enterprise account.

运行器机器使用 GitHub Actions 自托管运行器应用程序连接到 GitHub Enterprise Server。 GitHub Actions 运行器应用程序是开源的。 可以参与 runner 存储库并在其中提交问题。 When a new version is released, the runner application automatically updates itself when a job is assigned to the runner, or within a week of release if the runner hasn't been assigned any jobs.

Note: 如果使用临时运行器并禁用了自动更新,则在升级 your GitHub Enterprise Server instance 之前,应首先将自托管运行器升级到升级后的实例将运行的运行器应用程序版本。 在升级临时运行器之前升级 your GitHub Enterprise Server instance 可能会导致运行器脱机。 有关详细信息,请参阅“升级 GitHub Enterprise Server”。

自托管运行器与 GitHub Actions 未连接超过 30 天,将被自动从 GitHub Enterprise Server 中删除。

For more information about installing and using self-hosted runners, see "Adding self-hosted runners" and "Using self-hosted runners in a workflow."

Differences between GitHub-hosted and self-hosted runners

GitHub-hosted runners offer a quicker, simpler way to run your workflows, while self-hosted runners are a highly configurable way to run workflows in your own custom environment.

GitHub-hosted runners:

  • Receive automatic updates for the operating system, preinstalled packages and tools, and the self-hosted runner application.
  • Are managed and maintained by GitHub.
  • Provide a clean instance for every job execution.
  • Use free minutes on your GitHub plan, with per-minute rates applied after surpassing the free minutes.

Self-hosted runners:

  • Receive automatic updates for the self-hosted runner application only. You are responsible for updating the operating system and all other software.
  • Can use cloud services or local machines that you already pay for.
  • Are customizable to your hardware, operating system, software, and security requirements.
  • Don't need to have a clean instance for every job execution.
  • Are free to use with GitHub Actions, but you are responsible for the cost of maintaining your runner machines.
  • Can be organized into groups to restrict access to specific organizations and repositories. For more information, see "Managing access to self-hosted runners using groups."

Requirements for self-hosted runner machines

You can use any machine as a self-hosted runner as long at it meets these requirements:

Autoscaling your self-hosted runners

You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive. For more information, see "Autoscaling with self-hosted runners."

Usage limits

There are some limits on GitHub Actions usage when using self-hosted runners. These limits are subject to change.

  • Workflow run time - Each workflow run is limited to 35 days. If a workflow run reaches this limit, the workflow run is cancelled. This period includes execution duration, and time spent on waiting and approval.
  • Job queue time - Each job for self-hosted runners can be queued for a maximum of 24 hours. If a self-hosted runner does not start executing the job within this limit, the job is terminated and fails to complete.
  • API 请求 - 一个存储库中所有操作在一小时内最多可以执行 1000 条 API 请求。 如果超出,额外的 API 调用将失败,这可能导致作业失败。
  • Job matrix - 作业矩阵在每次工作流程运行时最多可生成 256 个作业。 此限制适用于 GitHub Enterprise Server 托管和自托管运行器。
  • 工作流运行队列 - 每个存储库在 10 秒的间隔内可排队的工作流运行不超过 500 个。 如果工作流程运行达到此限制,该工作流程运行将会终止而无法完成。

Workflow continuity for self-hosted runners

如果 GitHub Actions 服务暂时不可用,则在触发后 30 分钟内没有排队时,运行的工作流程运行将被丢弃。 例如,如果触发了一个工作流程,而 GitHub Actions 服务在 31 分钟或更长时间内不可用,则该工作流程将不会被处理。

Supported architectures and operating systems for self-hosted runners

The following operating systems are supported for the self-hosted runner application.

Linux

  • Red Hat Enterprise Linux 7 or later
  • CentOS 7 or later
  • Oracle Linux 7
  • Fedora 29 or later
  • Debian 9 or later
  • Ubuntu 16.04 or later
  • Linux Mint 18 or later
  • openSUSE 15 or later
  • SUSE Enterprise Linux (SLES) 12 SP2 or later

Windows

  • Windows 7 64-bit
  • Windows 8.1 64-bit
  • Windows 10 64-bit
  • Windows Server 2012 R2 64-bit
  • Windows Server 2019 64-bit

macOS

  • macOS 10.13 (High Sierra) or later

Architectures

The following processor architectures are supported for the self-hosted runner application.

  • x64 - Linux, macOS, Windows.
  • ARM64 - Linux.
  • ARM32 - Linux.

Supported actions on self-hosted runners

Some extra configuration might be required to use actions from GitHub.com with GitHub Enterprise Server, or to use the actions/setup-LANGUAGE actions with self-hosted runners that do not have internet access. For more information, see "Managing access to actions from GitHub.com" and contact your GitHub Enterprise site administrator.

Communication between self-hosted runners and GitHub Enterprise Server

The self-hosted runner connects to GitHub Enterprise Server to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an HTTP(S) long poll that opens a connection to GitHub Enterprise Server for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run GitHub Actions jobs.

自托管运行器和 GitHub Enterprise Server 通过 HTTP(端口 80)或 HTTPS(端口 443)建立连接。 若要确保通过 HTTPS 进行连接,请为 your GitHub Enterprise Server instance 配置 TLS。 有关详细信息,请参阅“配置 TLS”。

Only an outbound connection from the runner to your GitHub Enterprise Server instance is required. There is no need for an inbound connection from your GitHub Enterprise Server instance to the runner.

GitHub Enterprise Server must accept inbound connections from your runners over HTTP(S) at your GitHub Enterprise Server instance's hostname and API subdomain, and your runners must allow outbound connections over HTTP(S) to your GitHub Enterprise Server instance's hostname and API subdomain.

Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and your GitHub Enterprise Server instance. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to your GitHub Enterprise Server instance, with no need for traffic to traverse a public network.

You can also use self-hosted runners with a proxy server. For more information, see "Using a proxy server with self-hosted runners."

For more information about troubleshooting common network connectivity issues, see "Monitoring and troubleshooting self-hosted runners."

Communication between self-hosted runners and GitHub.com

Self-hosted runners do not need to connect to GitHub.com unless you have enabled automatic access to GitHub.com actions for your GitHub Enterprise Server instance. For more information, see "About using actions in your enterprise."

If you have enabled automatic access to GitHub.com actions, then the self-hosted runner will connect directly to GitHub.com to download actions. You must ensure that the machine has the appropriate network access to communicate with the GitHub URLs listed below.

github.com
api.github.com
codeload.github.com

Note: Some of the domains listed above are configured using CNAME records. Some firewalls might require you to add rules recursively for all CNAME records. Note that the CNAME records might change in the future, and that only the domains listed above will remain constant.

Self-hosted runner security

Untrusted workflows running on your self-hosted runner pose significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:

  • Malicious programs running on the machine.
  • Escaping the machine's runner sandbox.
  • Exposing access to the machine's network environment.
  • Persisting unwanted or dangerous data on the machine.

For more information about security hardening for self-hosted runners, see "Security hardening for GitHub Actions."

Further reading