Action Runners#
There are two broad catagories of Action Runners: Github Hosted and Self-Hosted. Github's documentation on how to use a runner for a job can be found Here.
Dependabot can also be set to run on Runners
Github Hosted Runners#
This is the default. They incur a cost per minute to run once our pre-allocated number has been reached. Currently we are allocated 50,000 minutes per month across the enterprise.
- These runners do NOT have access to on-prem resources.
- While we are nowhere near our limit of minutes you are free to use these, if we start to exhaust minutes we will work with teams to migrate to the U of M provided runners (see below).
How to use github hosted runners
Self-hosted Runners#
GitHub does not recommend using public repositories with self-hosted runners. Forks of your public repository enable potentially dangerous code to be run on the self-hosted runners via pull request.
U of MN Hosted Runners#
To help reduce this toil and additional consumption of University resources (vms), Devex will supply/manage U of MN self-hosted runners for Github Actions. The runners are based off Github speced runners, but modified and run by Devex. The runners are deployed based on Github provided Actions Runner Controller
- These runners operate on UofM IP space and therefore can access on-prem resources.
- If you look on the Actions/runner groups page for your organization (github.com/organizations/YOUR-ORG-NAME/settings/actions/runner-groups) you will see a Default group listed under 'Shared by the Enterprise'. Example
- The runners are based off of this container image
- However it lacks some tools, so Devex maintains a custom version, updated monthly that adds some tools to the base. See here.
How to use the U of MN Runners#
All you have to do to is call out the label in the actions yaml file in .github/workflows/
There are 3 labels Devex provides:
- runs-on: arc-runner-enterprise This is the production runner that gets updated the 3rd Monday of each month
- runs-on: arc-runner-enterprise-beta This is the pre-production version that is updated the 1st Monday of each month
- runs-on: arc-runner-enterprise-dev This is used to test out-of-band updates based on customer needs. It is also updated the 1st Monday of each month
Note: Currently this does not support Windows runners
Example:
# Simple workflow for deploying static content to GitHub Pages
name: Deploy static content to Pages
on:
# Runs on pushes targeting the default branch
push:
branches: ["main"]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
# Single deploy job since we're just deploying
deploy:
runs-on: arc-runner-enterprise # Devex maintained arc-runner
#runs-on: arc-runner-enterprise-beta # Updated 2 weeks prior to production updates
#runs-on: arc-runner-enterprise-dev # Also Updated 2 weeks prior to production updates or as needed to test a change
steps: ACTION_STEPS_HERE
Update Cycle#
First Monday of the month#
Updates are made to the "beta" deployment of the runner (runs-on: arc-runner-enterprise-beta). This label will always be the latest version and is available for testing two weeks ahead of production patching to allow for testing your workflows to ensure no processes are interrupted after production patching.
Third Monday of the month#
Upgrades to our production runner (runs-on: arc-runner-enterprise) are the third Monday of the month. Announcements will be made via the #github slack channel. Scheduling may be adjusted due to holidays, OIT events, or issues found during the non-prod upgrade phase.
Build your own self-hosted runners#
Self hosted runners are installed on your own hosts and do not include any tools/apps/binaries. Each team would be required to manage the installation and updates on their own.
Self Hosted runners may be needed to access on-prem resources such as Artifactory.