- Using GitHub-hosted runners with an Azure VNET is in beta and subject to change.
- Only 4-64 CPU Ubuntu and Windows runners are supported with Azure VNET. For more information on these runner types, see "Sobre executores maiores."
- Supported regions include
East US 2, and
West US 2. To request support for a region that is not in this list, fill out the region request form.
Se você estiver usando o Azure e o GitHub Enterprise Cloud, poderá criar executores hospedados pela GitHub na VNET do Azure. Isso permite usufruir da infraestrutura gerenciada pela GitHub para seu CI/CD e, ao mesmo tempo, fornece controle total sobre as políticas de rede dos seus executores. Para obter mais informações sobre VNETs do Azure, consulte O que é uma Rede Virtual do Azure?, na documentação do Azure.
You can connect multiple VNET-subnet pairs to GitHub.com and manage private resource access for your runners via runner groups. For more information about runner groups, see "Como controlar o acesso a executores maiores."
Using GitHub-hosted runners within Azure VNET allows you to perform the following actions.
- Privately connect a runner to resources inside an Azure VNET without opening internet ports, including on-premises resources accessible from the Azure VNET.
- Restrict what GitHub-hosted runners can access or connect to with full control over outbound network policies.
- Monitor network logs for GitHub-hosted runners and view all connectivity to and from a runner.
To facilitate communication between GitHub networks and your VNET, a GitHub-hosted runner's network interface card (NIC) deploys into your Azure VNET.
A NIC enables an Azure virtual machine (VM) to communicate with internet, Azure, and on-premises resources. This way, all communication is kept private within the network boundaries, and networking policies applied to the VNET also apply to the runner. For more information on how to manage a network interface, see Change network interface settings in the Azure documentation.
- A GitHub Actions workflow is triggered.
- The GitHub Actions service creates a runner.
- The runner service deploys the GitHub-hosted runner's network interface card (NIC) into your Azure VNET.
- The runner agent picks up the workflow job. The GitHub Actions service queues the job.
- The runner sends logs back to the GitHub Actions service.
- The NIC accesses on-premise resources.
Because the GitHub-hosted runner's NIC is deployed into your Azure VNET, networking policies applied to the VNET also apply to the runner.
For example, if your VNET is configured with an Azure ExpressRoute to provide access to on-premises resources (e.g. Artifactory) or connected to a VPN tunnel to provide access to other cloud-based resources, those access policies also apply to your runners. Additionally, any outbound rules applied to your VNET's network security group (NSG) also apply, giving you the ability to control outbound access for your runners.
If you have enabled any network logs monitoring for your VNET, you can also monitor network traffic for your runners.
To use GitHub-hosted runners with Azure VNET, you will need to configure your Azure resources then create an Azure private network configuration in GitHub. For more information, see "Configuring private networking for GitHub-hosted runners."