Skip to main content

About self-hosted runners

You can host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

About self-hosted runners

A self-hosted runner is a system that you deploy and manage to execute jobs from GitHub Actions on GitHub AE. For more information about GitHub Actions, see "Understanding GitHub Actions" and "About GitHub Actions for enterprises."

セルフホストランナーでは、大規模なジョブを実行するために処理能力やメモリを強化したカスタムハードウェア構成を作ったり、ローカルネットワークで利用できるソフトウェアをインストールしたり、オペレーティングシステムを選択したりできます。 セルフホストランナーは、物理、仮想、コンテナ内、オンプレミス、クラウドにできます。

You can add self-hosted runners at various levels in the management hierarchy:

  • Repository-level runners are dedicated to a single repository.
  • Organization-level runners can process jobs for multiple repositories in an organization.
  • Enterprise-level runners can be assigned to multiple organizations in an enterprise account.

Your runner machine connects to GitHub AE using the GitHub Actions self-hosted runner application. GitHub Actionsランナーアプリケーションはオープンソースです。 runnerリポジトリに貢献し、Issueを登録できます。 When a new version is released, the runner application automatically updates itself when a job is assigned to the runner, or within a week of release if the runner hasn't been assigned any jobs.

A self-hosted runner is automatically removed from GitHub AE if it has not connected to GitHub Actions for more than 30 days.

For more information about installing and using self-hosted runners, see "Adding self-hosted runners" and "Using self-hosted runners in a workflow."

Characteristics of self-hosted runners

Self-hosted runners are a highly configurable way to run workflows in your own custom environment. Self-hosted runners:

  • Receive automatic updates for the self-hosted runner application only. You are responsible for updating the operating system and all other software.
  • Can use cloud services or local machines that you already pay for.
  • Are customizable to your hardware, operating system, software, and security requirements.
  • Don't need to have a clean instance for every job execution.
  • Are free to use with GitHub Actions, but you are responsible for the cost of maintaining your runner machines.
  • Can be organized into groups to restrict access to specific organizations and repositories. For more information, see "Managing access to self-hosted runners using groups."

Requirements for self-hosted runner machines

You can use any machine as a self-hosted runner as long at it meets these requirements:

Autoscaling your self-hosted runners

You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive. For more information, see "Autoscaling with self-hosted runners."

Usage limits

There are some limits on GitHub Actions usage when using self-hosted runners. These limits are subject to change.

  • ワークフローの実行時間 - ワークフローの各実行は72時間に制限されています。 ワークフローの実行がこの制限に達すると、そのワークフローの実行はキャンセルされます。
  • Job queue time - Each job for self-hosted runners can be queued for a maximum of 24 hours. If a self-hosted runner does not start executing the job within this limit, the job is terminated and fails to complete.
  • APIリクエスト - リポジトリ内のすべてのアクションにわたって、1時間のうちに最大1000回のAPIリクエストを実行できます。 この制限を超えた場合、超過のAPIコールは失敗し、それによってジョブも失敗するかもしれません。
  • Job matrix - ジョブマトリックスは、ワークフローの実行ごとに最大で256のジョブを生成できます。 この制限は、GitHub AEホスト及びセルフホストランナーの双方に適用されます。
  • Workflow run queue - リポジトリごとに10秒間隔で、500以上のワークフロー実行をキューに入れることはできません。 ワークフローの実行がこの制限に達すると、そのワークフローの実行は終了させられ、完了に失敗します。

Workflow continuity for self-hosted runners

GitHub Actionsサービスが一時的に利用できなくなっている場合、ワークフローの実行はトリガーされてから30分以内にキューイングされていなければ、破棄されます。 たとえば、ワークフローがトリガーされ、そしてGitHub Actionsサービスが31分以上利用できなければ、そのワークフローの実行は処理されません。

Supported architectures and operating systems for self-hosted runners

The following operating systems are supported for the self-hosted runner application.


  • Red Hat Enterprise Linux 7 or later
  • CentOS 7 or later
  • Oracle Linux 7
  • Fedora 29 or later
  • Debian 9 or later
  • Ubuntu 16.04 or later
  • Linux Mint 18 or later
  • openSUSE 15 or later
  • SUSE Enterprise Linux (SLES) 12 SP2 or later


  • Windows 7 64-bit
  • Windows 8.1 64-bit
  • Windows 10 64-bit
  • Windows Server 2012 R2 64-bit
  • Windows Server 2019 64-bit


  • macOS 10.13 (High Sierra) or later


The following processor architectures are supported for the self-hosted runner application.

  • x64 - Linux, macOS, Windows.
  • ARM64 - Linux only.
  • ARM32 - Linux only.

Communication between self-hosted runners and GitHub AE

The self-hosted runner connects to GitHub AE to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an HTTPS long poll that opens a connection to GitHub AE for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run GitHub Actions jobs.

セルフホストランナーとGitHub AEの通信はHTTPS(ポート443)です。

Only an outbound connection from the runner to Enterprise is required. There is no need for an inbound connection from Enterprise to the runner.

You must ensure that the self-hosted runner has appropriate network access to communicate with your GitHub AE URL and its subdomains. For example, if your subdomain for GitHub AE is octoghae, then you will need to allow the self-hosted runner to access,, and

If you use an IP address allow list, you must add your self-hosted runner's IP address to the allow list. For more information, see "Managing allowed IP addresses for your organization."

If you use an IP address allow list for your GitHub organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "Managing allowed IP addresses for your organization."

You can also use self-hosted runners with a proxy server. For more information, see "Using a proxy server with self-hosted runners."

For more information about troubleshooting common network connectivity issues, see "Monitoring and troubleshooting self-hosted runners."

Communication between self-hosted runners and

Self-hosted runners do not need to connect to unless you have enabled automatic access to actions for Enterprise. For more information, see "About using actions in your enterprise."

If you have enabled automatic access to actions, then the self-hosted runner will connect directly to to download actions. You must ensure that the machine has the appropriate network access to communicate with the GitHub URLs listed below.

Note: Some of the domains listed above are configured using CNAME records. Some firewalls might require you to add rules recursively for all CNAME records. Note that the CNAME records might change in the future, and that only the domains listed above will remain constant.

Self-hosted runner security

Untrusted workflows running on your self-hosted runner pose significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:

  • Malicious programs running on the machine.
  • Escaping the machine's runner sandbox.
  • Exposing access to the machine's network environment.
  • Persisting unwanted or dangerous data on the machine.

For more information about security hardening for self-hosted runners, see "Security hardening for GitHub Actions."

Further reading