github-actions-runner-operator
K8s operator for scheduling github actions runner pods.
self-hosted-runners
is a way to host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.
This operator helps you scale and schedule runners on-demand in a declarative way.
Helm-chart based install
Helm3 chart is available from our existing helm repo.
helm repo add evryfs-oss https://evryfs.github.io/helm-charts/
kubectl create namespace github-actions-runner-operator
helm install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator
CRD
Declare a resource like in the example
Authentication modes
The operator's authentication towards GitHub can work in different two modes:
- As a github app.
This is the preferred mode as it provides enhanced security and increased API quota, and avoids exposure of tokens to runner pods.
You are advised to install the operator into its own namespace for the same reason.
Follow the guide, no need for defining callback url or webhook secret as they are not in use.
Give the app read/write permission for self-hosted runners.
Deploy the operator with the environment variables defining the secrets:
env:
- name: GITHUB_APP_INTEGRATION_ID
value: ....
- name: GITHUB_APP_PRIVATE_KEY
value: |
-----BEGIN RSA PRIVATE KEY-----
.....
-----END RSA PRIVATE KEY-----
- Using Personal Access Tokens (PAT)
Define a secret containing the token and refer it from the custom-resource
The two modes can be combined, if a PAT is defined on the CR it will take precedence over the github-app auth mode.
Weaknesses
- There is a theoretical possibility that a runner pod can be deleted while running a build,
if it is able to pick a build in the time between listing the api and doing the scaling logic.
development
Operator is based on Operator SDK / Kube builder and written in Go.