我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Managing access to self-hosted runners using groups

You can use policies to limit access to self-hosted runners that have been added to an organization or enterprise.

本文内容

About self-hosted runner groups

Note: All organizations have a single default self-hosted runner group. Creating and managing additional self-hosted runner groups is only available to enterprise accounts, and for organizations owned by an enterprise account.

Self-hosted runner groups are used to control access to self-hosted runners at the organization and enterprise level. Enterprise admins can configure access policies that control which organizations in an enterprise have access to the runner group. Organization admins can configure access policies that control which repositories in an organization have access to the runner group.

When an enterprise admin grants an organization access to a runner group, organization admins can see the runner group listed in the organization's self-hosted runner settings. The organizations admins can then assign additional granular repository access policies to the enterprise runner group.

When new runners are created, they are automatically assigned to the default group. Runners can only be in one group at a time. You can move runners from the default group to another group. For more information, see "Moving a self-hosted runner to a group."

Creating a self-hosted runner group for an organization

All organizations have a single default self-hosted runner group. Organizations within an enterprise account can create additional self-hosted groups. Organization admins can allow individual repositories access to a runner group.

Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can move a runner from the default group to any group you create.

When creating a group, you must choose a policy that defines which repositories have access to the runner group.

  1. 在 GitHub 上,导航到组织的主页面。

  2. 在组织名称下,单击 Settings(设置)

    组织设置按钮

  3. 在左侧边栏中,单击 Actions(操作)

    操作设置

  4. In the Self-hosted runners section, click Add new, and then New group.

    Add runner group

  5. Enter a name for your runner group, and assign a policy for repository access.

    You can configure a runner group to be accessible to a specific list of repositories, or to all repositories in the organization. By default, public repositories can't access runners in a runner group, but you can use the Allow public repositories option to override this.

    Warnung 建议不要将自托管运行器用于公共仓库。

    通过创建在工作流程中执行代码的拉取请求,公共仓库的复刻可能会在您的自托管运行器上运行危险代码。 Weitere Informationen findest Du unter „Informationen zu selbst-gehosteten Runnern“.

    Add runner group options

  6. Click Save group to create the group and apply the policy.

Creating a self-hosted runner group for an enterprise

Enterprises can add their self-hosted runners to groups for access management. Enterprises can create groups of self-hosted runners that are accessible to specific organizations in the enterprise account. Organization admins can then assign additional granular repository access policies to the enterprise runner groups.

Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can assign the runner to a specific group during the registration process, or you can later move the runner from the default group to a custom group.

When creating a group, you must choose a policy that defines which organizations have access to the runner group.

  1. 在 GitHub 的右上角,单击您的个人资料照片,然后单击 Your enterprises(您的企业)

    GitHub 上个人资料照片下拉菜单中的"Your enterprises(您的企业)"

  2. 在企业列表中,单击您想要查看的企业。

    企业列表中的企业名称

  3. 在企业账户侧边栏中,单击 Policies(政策)

    企业帐户侧边栏中的 Policies(政策)选项卡

  4. 在“ Policies(政策)”下,单击 Actions(操作)

  5. Click the Self-hosted runners tab.

  6. Click Add new, and then New group.

    Add runner group

  7. Enter a name for your runner group, and assign a policy for organization access.

    You can configure a runner group to be accessible to a specific list of organizations, or all organizations in the enterprise. By default, public repositories can't access runners in a runner group, but you can use the Allow public repositories option to override this.

    Warnung 建议不要将自托管运行器用于公共仓库。

    通过创建在工作流程中执行代码的拉取请求,公共仓库的复刻可能会在您的自托管运行器上运行危险代码。 Weitere Informationen findest Du unter „Informationen zu selbst-gehosteten Runnern“.

    Add runner group options

  8. Click Save group to create the group and apply the policy.

Changing the access policy of a self-hosted runner group

You can update the access policy of a runner group, or rename a runner group.

  1. In the Self-hosted runners section of the settings page, click next to the runner group you'd like to configure, then click Edit name and [organization|repository] access.

    Manage repository permissions

  2. Modify your policy options, or change the runner group name.

    Warning 建议不要将自托管运行器用于公共仓库。

    通过创建在工作流程中执行代码的拉取请求,公共仓库的复刻可能会在您的自托管运行器上运行危险代码。 For more information, see "About self-hosted runners."

Moving a self-hosted runner to a group

New self-hosted runners are automatically assigned to the default group, and can then be moved to another group.

  1. In the Self-hosted runners section of the settings page, locate the current group of the runner you want to move group and expand the list of group members.
    View runner group members
  2. Select the checkbox next to the self-hosted runner, and then click Move to group to see the available destinations.
    Runner group member move
  3. To move the runner, click on the destination group.
    Runner group member move

Removing a self-hosted runner group

Self-hosted runners are automatically returned to the default group when their group is removed.

  1. In the Self-hosted runners section of the settings page, locate the group you want to delete, and click the button.

    View runner group settings

  2. To remove the group, click Remove group.

    View runner group settings

  3. Review the confirmation prompts, and click Remove this runner group.

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。