Publicamos atualizações frequentes em nossa documentação, e a tradução desta página ainda pode estar em andamento. Para obter as informações mais recentes, acesse a documentação em inglês. Se houver problemas com a tradução desta página, entre em contato conosco.
O GitHub AE está atualmente sob versão limitada. Entre em contato com nossa Equipe de Vendas para saber mais.

Managing access to self-hosted runners using groups

You can use policies to limit access to self-hosted runners that have been added to an organization or enterprise.

Aviso: Os executores auto-hospedados estão atualmente desabilitados para GitHub AE. Isso porque GitHub AE oferece garantias para as fronteiras de segurança que são incompatíveis com a forma como os executores hospedados funcionam. No entanto, se você precisar usar executores auto-hospedados com GitHub AE e entender as implicações de segurança, você poderá entrar em contato com o suporte de GitHub para uma exceção de segurança que irá habilitar executores auto-hospedados.

Se você não precisar de executores auto-hospedados, você poderá usar s para executar seus fluxos de trabalho. Para obter mais informações, consulte "Sobre s".

Observação: GitHub Actions está atualmente na versão beta para GitHub AE.

About self-hosted runner groups

Self-hosted runner groups are used to control access to self-hosted runners at the organization and enterprise level. Enterprise admins can configure access policies that control which organizations in an enterprise have access to the runner group. Organization admins can configure access policies that control which repositories in an organization have access to the runner group.

When an enterprise admin grants an organization access to a runner group, organization admins can see the runner group listed in the organization's self-hosted runner settings. The organizations admins can then assign additional granular repository access policies to the enterprise runner group.

When new runners are created, they are automatically assigned to the default group. Runners can only be in one group at a time. You can move runners from the default group to another group. For more information, see "Moving a self-hosted runner to a group."

Creating a self-hosted runner group for an organization

All organizations have a single default self-hosted runner group. Organizations within an enterprise account can create additional self-hosted groups. Organization admins can allow individual repositories access to a runner group. For information about how to create a self-hosted runner group with the REST API, see "Self-hosted runner groups."

Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can move a runner from the default group to any group you create.

When creating a group, you must choose a policy that defines which repositories have access to the runner group.

  1. No your enterprise, navegue para a página principal da organização.

  2. Abaixo do nome da sua organização, clique em Settings.

    Botão de configurações da organização

  3. Na barra lateral esquerda, clique em Ações.

  4. In the "Self-hosted runners" section, click Add new, and then New group.

    Add runner group

  5. Enter a name for your runner group, and assign a policy for repository access.

    You can configure a runner group to be accessible to a specific list of repositories, or to all repositories in the organization. By default, only private repositories can access runners in a runner group, but you can override this. This setting can't be overridden if configuring an organization's runner group that was shared by an enterprise.

    Warning

    Recomendamos que você use apenas executores auto-hospedados com repositórios privados. Isso acontece porque as bifurcações do seu repositório podem potencialmente executar código perigoso na sua máquina de executor auto-hospedada criando um pull request que executa o código em um fluxo de trabalho.

    For more information, see "About self-hosted runners."

    Add runner group options

  6. Click Save group to create the group and apply the policy.

Creating a self-hosted runner group for an enterprise

Enterprises can add their self-hosted runners to groups for access management. Enterprises can create groups of self-hosted runners that are accessible to specific organizations in the enterprise account. Organization admins can then assign additional granular repository access policies to the enterprise runner groups. For information about how to create a self-hosted runner group with the REST API, see the Enterprise Administration GitHub Actions APIs.

Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can assign the runner to a specific group during the registration process, or you can later move the runner from the default group to a custom group.

When creating a group, you must choose a policy that defines which organizations have access to the runner group.

  1. No canto superior direito de GitHub AE, clique na sua foto de perfil e, em seguida, clique em Configurações da empresa. "Configurações da empresa" no menu suspenso para foto do perfil em GitHub AE

  2. Na barra lateral da conta corporativa, clique em Policies. Aba de políticas na barra lateral da conta corporativa

  3. Em " Policies (Políticas)", clique em Actions (Ações).

  4. Clique na aba Executores auto-hospedados .

  5. Click Add new, and then New group.

    Add runner group

  6. Enter a name for your runner group, and assign a policy for organization access.

    You can configure a runner group to be accessible to a specific list of organizations, or all organizations in the enterprise. By default, only private repositories can access runners in a runner group, but you can override this. This setting can't be overridden if configuring an organization's runner group that was shared by an enterprise.

    Warning

    Recomendamos que você use apenas executores auto-hospedados com repositórios privados. Isso acontece porque as bifurcações do seu repositório podem potencialmente executar código perigoso na sua máquina de executor auto-hospedada criando um pull request que executa o código em um fluxo de trabalho.

    For more information, see "About self-hosted runners."

    Add runner group options

  7. Click Save group to create the group and apply the policy.

Changing the access policy of a self-hosted runner group

You can update the access policy of a runner group, or rename a runner group.

  1. Na seção "Executores auto-hospedados" da página de configurações, clique em ao lado do grupo executor que você gostaria de configurar e, em seguida, clique em Editar nome e acesso [organization|repository]. Gerenciar permissões do repositório
  2. Modifique as suas opções de políticas, ou altere o nome do grupo do executor.

Automatically adding a self-hosted runner to a group

You can use the configuration script to automatically add a new self-hosted runner to a group. For example, this command registers a new self-hosted runner and uses the --runnergroup parameter to add it to a group named rg-runnergroup.

./config.sh --url $org_or_enterprise_url --token $token --runnergroup rg-runnergroup

The command will fail if the runner group doesn't exist:

Could not find any self-hosted runner group named "rg-runnergroup".

Moving a self-hosted runner to a group

If you don't specify a runner group during the registration process, your new self-hosted runners are automatically assigned to the default group, and can then be moved to another group.

  1. In the "Self-hosted runners" section of the settings page, locate the current group of the runner you want to move and expand the list of group members. View runner group members
  2. Select the checkbox next to the self-hosted runner, and then click Move to group to see the available destinations. Runner group member move
  3. To move the runner, click on the destination group. Runner group member move

Removing a self-hosted runner group

Self-hosted runners are automatically returned to the default group when their group is removed.

  1. In the "Self-hosted runners" section of the settings page, locate the group you want to delete, and click the button. View runner group settings

  2. To remove the group, click Remove group. View runner group settings

  3. Review the confirmation prompts, and click Remove this runner group.

Esse documento ajudou você?

Política de Privacidade

Ajude-nos a tornar esses documentos ótimos!

Todos os documentos do GitHub são de código aberto. Você percebeu que algo que está errado ou não está claro? Envie um pull request.

Faça uma contribuição

Ou, aprenda como contribuir.