github-actions-runner-operator

README

github-actions-runner-operator

K8s operator for scheduling github actions runner pods. self-hosted-runners is a way to host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

This operator helps you scale and schedule runners on-demand in a declarative way.

Helm-chart based install

Helm3 chart is available from our existing helm repo.

helm repo add evryfs-oss https://evryfs.github.io/helm-charts/
kubectl create namespace github-actions-runner-operator
helm install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator

CRD

Declare a resource like in the example

Authentication modes

The operator's authentication towards GitHub can work in different two modes:

1. As a github app.

This is the preferred mode as it provides enhanced security and increased API quota, and avoids exposure of tokens to runner pods. You are advised to install the operator into its own namespace for the same reason.

Follow the guide, no need for defining callback url or webhook secret as they are not in use. Give the app read/write permission for self-hosted runners. Deploy the operator with the environment variables defining the secrets:

env:
- name: GITHUB_APP_INTEGRATION_ID
  value: ....
- name: GITHUB_APP_PRIVATE_KEY
  value: |
    -----BEGIN RSA PRIVATE KEY-----
    .....
    -----END RSA PRIVATE KEY-----

1. Using Personal Access Tokens (PAT)

Define a secret containing the token and refer it from the custom-resource The two modes can be combined, if a PAT is defined on the CR it will take precedence over the github-app auth mode.

Weaknesses

• There is a theoretical possibility that a runner pod can be deleted while running a build, if it is able to pick a build in the time between listing the api and doing the scaling logic.

development

Operator is based on Operator SDK / Kube builder and written in Go.