Getting started with self-hosted runners for your enterprise

About self-hosted runners for GitHub Actions

GitHub Actions permite los usuarios que utilicen your GitHub Enterprise Server instance mejorar la productividad mediante la automatización de todas las fases del flujo de trabajo de desarrollo de software. For more information, see "About GitHub Actions for enterprises."

With GitHub Actions, developers can write and combine individual tasks called actions to create custom workflows. To enable GitHub Actions for your GitHub Enterprise Server instance, you must host at least one machine to execute jobs. This machine is called a self-hosted runner. Los ejecutores autohospedados pueden ser físicos, virtuales, en un contenedor, locales o en una nube. La máquina de tu ejecutor se conecta aGitHub Enterprise Server utilizando la aplicación para ejecutores auto-hospedados de GitHub Actions. Self-hosted runners can run Linux, Windows, or macOS. For more information, see "About self-hosted runners."

This guide shows you how to apply a centralized management approach to self-hosted runners for GitHub Actions in your enterprise. In the guide, you'll complete the following tasks.

1. Configure a limited policy to restrict the actions that can run within your enterprise
2. Deploy a self-hosted runner for your enterprise
3. Create a group to manage access to the runners available to your enterprise
4. Optionally, further restrict the repositories that can use the runner

You'll also find additional information about how to monitor and secure your self-hosted runners, how to access actions from GitHub.com, and how to customize the software on your runner machines.

After you finish the guide, users of your GitHub Enterprise Server instance will be able to run workflow jobs from GitHub Actions on a self-hosted runner machine.

Prerequisites

• Las GitHub Actions se deben habilitar para GitHub Enterprise Server. Un administrador de sitio puede habilitar y configurar GitHub Actions para la instancia. Para obtener más información, vea "Introducción a GitHub Actions para GitHub Enterprise Server".

• Debe tener acceso a la máquina que usará como ejecutor autohospedado en su entorno.

• La conexión entre los ejecutores autohospedados y GitHub Enterprise Server se realiza mediante HTTP (puerto� 80) o HTTPS (puerto� 443). Para garantizar la conectividad por HTTPS, configura el TLS para your GitHub Enterprise Server instance. Para más información, vea "Configuración de TLS". Para obtener más información, vea "Acerca de los ejecutores autohospedados".

• Your enterprise must own at least one organization. For more information, see "About organizations" and "Creating a new organization from scratch."

1. Configure policies for GitHub Actions

First, enable GitHub Actions for all organizations, and configure a policy to restrict the actions that can run on your GitHub Enterprise Server instance. Optionally, organization owners can further restrict these policies for each organization.

1. En la esquina superior derecha de GitHub Enterprise Server, haga clic en la foto de perfil y luego en Configuración de empresa.

2. En la barra lateral de la empresa, haz clic en Directivas.

3. En " Directivas", haz clic en Acciones.

4. Under "Policies", select Enable for all organizations.

   

5. Select Permitir seleccionar acciones and Allow actions created by GitHub to allow local actions, and actions created by GitHub.

   

6. Click Save.

You can configure additional policies to restrict the actions available to users of your GitHub Enterprise Server instance. For more information, see "Enforcing policies for GitHub Actions in your enterprise."

2. Deploy the self-hosted runner for your enterprise

Next, add a self-hosted runner to your enterprise. GitHub Enterprise Server will guide you through installation of the necessary software on the runner machine. After you deploy the runner, you can verify connectivity between the runner machine and your GitHub Enterprise Server instance.

Adding the self-hosted runner

To add a self-hosted runner to an enterprise, you must be an enterprise owner.

1. En la esquina superior derecha de GitHub Enterprise Server, haga clic en la foto de perfil y luego en Configuración de empresa.

2. En la barra lateral de la empresa, haz clic en Directivas.

3. En " Directivas", haz clic en Acciones.

4. Haz clic en la pestaña Ejecutores.

5. Click Add new, then click New runner.

6. La imagen y arquitectura de tu sistema operativo para tu máquina del ejecutor auto-hospedado.

7. Verás instrucciones que te mostrarán cómo descargar la aplicación del ejecutor e instalarla en tu máquina de ejecutor autoalojado.

   Abre un shell en tu máquina de ejecutor autoalojado y ejecuta cada comando del shell en el orden que se muestra.

   Nota: En Windows, si quiere instalar la aplicación de ejecutor autohospedado como un servicio, tendrá que abrir un shell con privilegios de administrador. También se recomienda usar C:\actions-runner como directorio para la aplicación del ejecuto autohospedado de modo que las cuentas del sistema de Windows puedan acceder al directorio del ejecutor.

   Las instrucciones te guían para completar estas tareas:

   • Descargar y extraer la aplicación de ejecutor autoalojado.
   • Ejecutar el script config para configurar la aplicación de ejecutor autohospedado y registrarla con GitHub Actions. El script config necesita la URL de destino y un token generado automáticamente de duración limitada para autenticar la solicitud.
     • En Windows, el script config también le pregunta si quiere instalar la aplicación de ejecutor autohospedado como un servicio. Para Linux y macOS, puedes instalar un servicio después de que termines de agregar el ejecutor. Para más información, vea "Configuración de la aplicación de ejecutor autohospedado como servicio".
   • Ejecutar la aplicación del ejecutor autoalojado para conectar la máquina a las GitHub Actions.

Revisar que tu ejecutor auto-hospedado se haya agregado exitosamente

Después de completar estos pasos para agregar un ejecutor autohospedado, este ejecutor y su estado ahora se muestran en "Self-hosted runners" (Ejecutores autohospedados).

La aplicación del ejecutor autoalojado debe estar activa para que el ejecutor acepte trabajos. Cuando la aplicación del ejecutor esté conectada a GitHub Enterprise Server y esté lista para recibir trabajos, verá el siguiente mensaje en el terminal de la máquina.

√ Connected to GitHub

2019-10-24 05:45:56Z: Listening for Jobs

3. Manage access to the self-hosted runner using a group

You can create a runner group to manage access to the runner that you added to your enterprise. You'll use the group to choose which organizations can execute jobs from GitHub Actions on the runner.

GitHub Enterprise Server adds all new runners to a group. Runners can be in one group at a time. By default, GitHub Enterprise Server adds new runners to the "Default" group.

1. En la esquina superior derecha de GitHub Enterprise Server, haga clic en la foto de perfil y luego en Configuración de empresa.

2. En la barra lateral de la empresa, haz clic en Directivas.

3. En " Directivas", haz clic en Acciones.

4. Haz clic en la pestaña Ejecutores.

5. Use the Add new drop-down, and select New group.

6. Under "Group name", type a name for your runner group.

7. To choose a policy for organization access, under "Organization access", select the Organization access drop-down, and click Selected organizations.

8. To the right of the drop-down with the organization access policy, click .

9. Select the organizations you'd like to grant access to the runner group.

10. Optionally, to allow public repositories in the selected organizations to use runners in the group, select Allow public repositories.

    Warning:

    Te recomendamos que solo utilices los ejecutores auto-hospedados con los repositorios privados. Esto se debe a que las bifurcaciones de tu repositorio público podrían ejecutar un código peligroso en tu máquina de ejecutor auto-hospedado al crear una solicitud de cambios que excluya el código en un flujo de trabajo.

    For more information, see "About self-hosted runners."

11. Click Save group to create the group and apply the policy.

12. To the right of "Default", click the number of runners in the group to show the runners.

13. Select the runner that you deployed.

14. To the right of "Runner groups", select the Move to group dropdown, and click the group that you previously created.

You've now deployed a self-hosted runner that can run jobs from GitHub Actions within the organizations that you specified.

4. Further restrict access to the self-hosted runner

Optionally, organization owners can further restrict the access policy of the runner group that you created. For example, an organization owner could allow only certain repositories in the organization to use the runner group.

For more information, see "Managing access to self-hosted runners using groups."

Next steps

• You can monitor self-hosted runners and troubleshoot common issues. For more information, see "Monitoring and troubleshooting self-hosted runners."

• GitHub recommends that you review security considerations for self-hosted runner machines. For more information, see "Security hardening for GitHub Actions."

• You can manually sync repositories on GitHub.com containing actions to your enterprise on GitHub Enterprise Server. Alternatively, you can allow members of your enterprise to automatically access actions from GitHub.com by using GitHub Connect. For more information, see the following.

  • "Manually syncing actions from GitHub.com"
  • "Enabling automatic access to GitHub.com actions using GitHub Connect"

• You can customize the software available on your self-hosted runner machines, or configure your runners to run software similar to GitHub-hosted runners available for customers using GitHub.com. The software that powers runner machines for GitHub Actions is open source. For more information, see the actions/runner and actions/runner-images repositories.

Further reading

• "Configuring the self-hosted runner application as a service"
• "Using self-hosted runners in a workflow"