Note: GitHub-hosted runners are not currently supported on GitHub Enterprise Server. You can see more information about planned future support on the GitHub public roadmap.
About self-hosted runners
Self-hosted runners offer more control of hardware, operating system, and software tools than GitHub-hosted runners provide. With self-hosted runners, you can choose to create a custom hardware configuration with more processing power or memory to run larger jobs, install software available on your local network, and choose an operating system not offered by GitHub-hosted runners. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud.
You can add self-hosted runners at various levels in the management hierarchy:
- Repository-level runners are dedicated to a single repository.
- Organization-level runners can process jobs for multiple repositories in an organization.
- Enterprise-level runners can be assigned to multiple organizations in an enterprise account.
Your runner machine connects to GitHub Enterprise Server using the GitHub Actions self-hosted runner application. The GitHub Actions runner application is open source. You can contribute and file issues in the runner repository. When a new version is released, the runner application automatically updates itself when a job is assigned to the runner, or within a week of release if the runner hasn't been assigned any jobs.
A self-hosted runner is automatically removed from GitHub Enterprise Server if it has not connected to GitHub Actions for more than 30 days.
For more information about installing and using self-hosted runners, see "Adding self-hosted runners" and "Using self-hosted runners in a workflow."
Differences between GitHub-hosted and self-hosted runners
GitHub-hosted runners offer a quicker, simpler way to run your workflows, while self-hosted runners are a highly configurable way to run workflows in your own custom environment.
GitHub-hosted runners:
- Receive automatic updates for the operating system, preinstalled packages and tools, and the self-hosted runner application.
- Are managed and maintained by GitHub.
- Provide a clean instance for every job execution.
- Use free minutes on your GitHub plan, with per-minute rates applied after surpassing the free minutes.
Self-hosted runners:
- Receive automatic updates for the self-hosted runner application only. You are responsible for updating the operating system and all other software.
- Can use cloud services or local machines that you already pay for.
- Are customizable to your hardware, operating system, software, and security requirements.
- Don't need to have a clean instance for every job execution.
- Are free to use with GitHub Actions, but you are responsible for the cost of maintaining your runner machines.
Requirements for self-hosted runner machines
You can use any machine as a self-hosted runner as long at it meets these requirements:
- You can install and run the self-hosted runner application on the machine. For more information, see "Supported architectures and operating systems for self-hosted runners."
- The machine can communicate with GitHub Actions. For more information, see "Communication between self-hosted runners and GitHub Enterprise Server."
- The machine has enough hardware resources for the type of workflows you plan to run. The self-hosted runner application itself only requires minimal resources.
- If you want to run workflows that use Docker container actions or service containers, you must use a Linux machine and Docker must be installed.
Usage limits
There are some limits on GitHub Actions usage when using self-hosted runners. These limits are subject to change.
- Workflow run time - Each workflow run is limited to 72 hours. If a workflow run reaches this limit, the workflow run is cancelled.
- Job queue time - Each job for self-hosted runners can be queued for a maximum of 24 hours. If a self-hosted runner does not start executing the job within this limit, the job is terminated and fails to complete.
- API requests - You can execute up to 1000 API requests in an hour across all actions within a repository. If exceeded, additional API calls will fail, which might cause jobs to fail.
- Job matrix - A job matrix can generate a maximum of 256 jobs per workflow run. This limit also applies to self-hosted runners.
- Workflow run queue - No more than 500 workflow runs can be queued in a 10 second interval per repository. If a workflow run reaches this limit, the workflow run is terminated and fails to complete.
Workflow continuity for self-hosted runners
If GitHub Actions services are temporarily unavailable, then a workflow run is discarded if it has not been queued within 30 minutes of being triggered. For example, if a workflow is triggered and the GitHub Actions services are unavailable for 31 minutes or longer, then the workflow run will not be processed.
Supported architectures and operating systems for self-hosted runners
The following operating systems are supported for the self-hosted runner application.
Linux
- Red Hat Enterprise Linux 7 or later
- CentOS 7 or later
- Oracle Linux 7
- Fedora 29 or later
- Debian 9 or later
- Ubuntu 16.04 or later
- Linux Mint 18 or later
- openSUSE 15 or later
- SUSE Enterprise Linux (SLES) 12 SP2 or later
Windows
- Windows 7 64-bit
- Windows 8.1 64-bit
- Windows 10 64-bit
- Windows Server 2012 R2 64-bit
- Windows Server 2016 64-bit
- Windows Server 2019 64-bit
macOS
- macOS 10.13 (High Sierra) or later
Architectures
The following processor architectures are supported for the self-hosted runner application.
x64
- Linux, macOS, Windows.ARM64
- Linux only.ARM32
- Linux only.
Supported actions on self-hosted runners
Some extra configuration might be required to use actions from GitHub.com with GitHub Enterprise Server, or to use the actions/setup-LANGUAGE
actions with self-hosted runners that do not have internet access. For more information, see "Managing access to actions from GitHub.com" and contact your GitHub Enterprise site administrator.
Communication between self-hosted runners and GitHub Enterprise Server
The self-hosted runner polls GitHub Enterprise Server to retrieve application updates and to check if any jobs are queued for processing. The self-hosted runner uses a HTTPS long poll that opens a connection to GitHub Enterprise Server for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run GitHub Actions jobs.
The connection between self-hosted runners and GitHub Enterprise Server is over HTTP (port 80) and HTTPS (port 443).
You must ensure that the machine has the appropriate network access to communicate with your GitHub Enterprise Server instance. Self-hosted runners connect directly to your GitHub Enterprise Server instance and do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and your GitHub Enterprise Server instance. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to your GitHub Enterprise Server instance, with no need for traffic to traverse a public network.
You can also use self-hosted runners with a proxy server. For more information, see "Using a proxy server with self-hosted runners."
Communication between self-hosted runners and GitHub.com
Self-hosted runners do not need to connect to GitHub.com unless you have enabled automatic access to GitHub.com actions using GitHub Connect.
If you have enabled automatic access to GitHub.com actions using GitHub Connect, then the self-hosted runner will connect directly to GitHub.com to download actions. You must ensure that the machine has the appropriate network access to communicate with the GitHub URLs listed below.
Note: Some of the domains listed below are configured using CNAME
records. Some firewalls might require you to add rules recursively for all CNAME
records. Note that the CNAME
records might change in the future, and that only the domains listed below will remain constant.
github.com
api.github.com
codeload.github.com
Self-hosted runner security
Untrusted workflows running on your self-hosted runner pose significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:
- Malicious programs running on the machine.
- Escaping the machine's runner sandbox.
- Exposing access to the machine's network environment.
- Persisting unwanted or dangerous data on the machine.
For more information about security hardening for self-hosted runners, see "Security hardening for GitHub Actions."