Skip to main content
Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.

About self-hosted runners

You can host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

About self-hosted runners

A self-hosted runner is a system that you deploy and manage to execute jobs from GitHub Actions on GitHub Enterprise Cloud. For more information about GitHub Actions, see "Understanding GitHub Actions" and "About GitHub Actions for enterprises."

Os executores auto-hospedados oferecem mais controle de hardware, sistema operacional e ferramentas de software do que executores hospedados em GitHub. Com executores auto-hospedados, você pode criar configurações de hardware personalizadas que atendam às suas necessidades com energia de processamento ou memória para executar trabalhos maiores, instalar software de disponível na sua rede local e escolher um sistema operacional não oferecido por executores hospedados em GitHub. Os executores auto-hospedados podem ser físicos, virtuais, estar em um container, no local ou em uma nuvem.

You can add self-hosted runners at various levels in the management hierarchy:

  • Repository-level runners are dedicated to a single repository.
  • Organization-level runners can process jobs for multiple repositories in an organization.
  • Enterprise-level runners can be assigned to multiple organizations in an enterprise account.

A sua máquina do executor conecta-se ao GitHub Enterprise Cloud usando o aplicativo do executor auto-hospedado de GitHub Actions. O aplicativo de executor do GitHub Actions tem código aberto. Você pode contribuir e arquivar problemas no repositório runner. When a new version is released, the runner application automatically updates itself when a job is assigned to the runner, or within a week of release if the runner hasn't been assigned any jobs.

Um executor auto-hospedado é automaticamente removido de GitHub Enterprise Cloud se não se conectar a GitHub Actions por mais de 30 dias.

For more information about installing and using self-hosted runners, see "Adding self-hosted runners" and "Using self-hosted runners in a workflow."

Differences between GitHub-hosted and self-hosted runners

GitHub-hosted runners offer a quicker, simpler way to run your workflows, while self-hosted runners are a highly configurable way to run workflows in your own custom environment.

GitHub-hosted runners:

  • Receive automatic updates for the operating system, preinstalled packages and tools, and the self-hosted runner application.
  • Are managed and maintained by GitHub.
  • Provide a clean instance for every job execution.
  • Use free minutes on your GitHub plan, with per-minute rates applied after surpassing the free minutes.

Self-hosted runners:

  • Receive automatic updates for the self-hosted runner application only, though you may disable automatic updates of the runner. For more information about controlling runner software updates on self-hosted runners, see "Autoscaling with self-hosted runners." You are responsible for updating the operating system and all other software.
  • Can use cloud services or local machines that you already pay for.
  • Are customizable to your hardware, operating system, software, and security requirements.
  • Don't need to have a clean instance for every job execution.
  • Are free to use with GitHub Actions, but you are responsible for the cost of maintaining your runner machines.
  • Can be organized into groups to restrict access to specific workflows, organizations and repositories. For more information, see "Managing access to self-hosted runners using groups."

Requirements for self-hosted runner machines

You can use any machine as a self-hosted runner as long at it meets these requirements:

Autoscaling your self-hosted runners

You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive. For more information, see "Autoscaling with self-hosted runners."

Usage limits

There are some limits on GitHub Actions usage when using self-hosted runners. These limits are subject to change.

  • Tempo de execução do fluxo de trabalho - Cada execução do fluxo de trabalho é limitada a 35 dias. Se a execução de um fluxo de trabalho atingir esse limite, a execução do fluxo de trabalho será cancelada. Este período inclui duração de execução e tempo gasto em espera e aprovação.
  • Job queue time - Each job for self-hosted runners can be queued for a maximum of 24 hours. If a self-hosted runner does not start executing the job within this limit, the job is terminated and fails to complete.
  • Solicitações de API - Você pode executar até 1000 solicitações de API por hora em todas as ações dentro de um repositório. Se excedido, as chamadas de API adicionais falharão, o que pode causar falha nas tarefas.
  • Job matrix - Uma matriz de tarefas pode gerar 256 tarefas no máximo por execução do fluxo de trabalho. Este limite aplica-se tanto a executores hospedados em GitHub Enterprise Cloud quanto a executores auto-hospedados.
  • Fila de execução do fluxo de trabalho - Apenas 500 execuções do fluxo de trabalho podem ser enfileiradas em um segundo intervalo de 10 segundos por repositório. Se a execução de um fluxo de trabalho atingir esse limite, a execução do fluxo de trabalho terminará e falhará em ser concluída.

Workflow continuity for self-hosted runners

Se os serviços de GitHub Actions estiverem temporariamente indisponíveis, a execução do fluxo de trabalho será descartada se não tiver sido enfileirada em 30 minutos após ser acionada. Por exemplo, se um fluxo de trabalho for acionado e os serviços de GitHub Actions não estiverem disponíveis por 31 minutos ou mais, a execução do fluxo de trabalho não será processada.

Supported architectures and operating systems for self-hosted runners

The following operating systems are supported for the self-hosted runner application.

Linux

  • Red Hat Enterprise Linux 7 or later
  • CentOS 7 or later
  • Oracle Linux 7
  • Fedora 29 or later
  • Debian 9 or later
  • Ubuntu 16.04 or later
  • Linux Mint 18 or later
  • openSUSE 15 or later
  • SUSE Enterprise Linux (SLES) 12 SP2 or later

Windows

  • Windows 7 64-bit
  • Windows 8.1 64-bit
  • Windows 10 64-bit
  • Windows Server 2012 R2 64-bit
  • Windows Server 2019 64-bit

macOS

  • macOS 10.13 (High Sierra) or later

Architectures

The following processor architectures are supported for the self-hosted runner application.

  • x64 - Linux, macOS, Windows.
  • ARM64 - Linux only.
  • ARM32 - Linux only.

Communication between self-hosted runners and GitHub Enterprise Cloud

The self-hosted runner connects to GitHub Enterprise Cloud to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an HTTPS long poll that opens a connection to GitHub Enterprise Cloud for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run GitHub Actions jobs.

Since the self-hosted runner opens a connection to GitHub.com, you do not need to allow GitHub to make inbound connections to your self-hosted runner.

You must ensure that the machine has the appropriate network access to communicate with the GitHub hosts listed below. Some hosts are required for essential runner operations, while other hosts are only required for certain functionality.

Note: Some of the domains listed below are configured using CNAME records. Some firewalls might require you to add rules recursively for all CNAME records. Note that the CNAME records might change in the future, and that only the domains listed below will remain constant.

Needed for essential operations:

github.com
api.github.com

Needed for downloading actions:

codeload.github.com

Needed for runner version updates:

objects.githubusercontent.com
objects-origin.githubusercontent.com
github-releases.githubusercontent.com
github-registry-files.githubusercontent.com

Needed for uploading/downloading caches and workflow artifacts:

*.blob.core.windows.net

Needed for retrieving OIDC tokens:

*.actions.githubusercontent.com

In addition, your workflow may require access to other network resources. For example, if your workflow installs packages or publishes containers to GitHub Packages, then the runner will also require access to those network endpoints.

If you use an IP address allow list for your GitHub organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "Managing allowed IP addresses for your organization" or "Enforcing policies for security settings in your enterprise."

You can also use self-hosted runners with a proxy server. For more information, see "Using a proxy server with self-hosted runners."

For more information about troubleshooting common network connectivity issues, see "Monitoring and troubleshooting self-hosted runners."

Self-hosted runner security

Recomendamos que você use apenas executores auto-hospedados com repositórios privados. Isso acontece porque as bifurcações do seu repositório podem potencialmente executar código perigoso na sua máquina de executor auto-hospedada criando um pull request que executa o código em um fluxo de trabalho.

This is not an issue with GitHub-hosted runners because each GitHub-hosted runner is always a clean isolated virtual machine, and it is destroyed at the end of the job execution.

Untrusted workflows running on your self-hosted runner pose significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:

  • Malicious programs running on the machine.
  • Escaping the machine's runner sandbox.
  • Exposing access to the machine's network environment.
  • Persisting unwanted or dangerous data on the machine.

For more information about security hardening for self-hosted runners, see "Security hardening for GitHub Actions."

Further reading