A recipe to build and run docker containers serving a GitHub Actions self-hosted runner.
-
create a fine-grain token on GitHub with the following permissions:
- repository access:
All repositories - permissions:
- repository permissions:
- Administration:
Read and write - Metadata:
Read-only(automatically set)
- Administration:
- organisation permissions:
- Self-hosted runners:
Read and write
- Self-hosted runners:
- repository permissions:
- repository access:
-
Save the token string within the
TOKENvariable in theghe-actions-docker.envfile.
-
create a Rocky 9 VM from a VM template
-
install docker and jq (as root):
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo dnf install docker-ce docker-ce-cli containerd.io jq -
create the local user
gherunner(as root):useradd -m gherunner -
start and enable the docker service (as root):
systemctl start docker systemctl enable docker -
add the
gherunneruser to thedockergroup (as root):usermod -G docker gherunner -
as the
gherunneruser, download the latest release of this repo in a writable location (i.e./home/gherunner) -
set the
GITHUB,TARGETandTOKENsettings as appropriate in theghe-actions-docker.envfile (further information and examples are provided in this file).
To build the container image (as the gherunner user):
docker build --tag ghe-actions-runner .
To run the container image (as the gherunner user):
docker compose up --scale runner=X -d
where X is the number of runners.
Runners should automatically clean up after themselves once stopped, but if
a SIGKILL occurs, a container may get stuck in the "Offline" state. Should
this happen, run the ./delete-offline-runners.sh script.
This script reads the GITHUB, TARGET and TOKEN settings from the
ghe-actions-docker.env file .
docker image list- view a list of built imagesdocker container list- view a list of running containersdocker stop $(docker ps -a -q)- stop all running containersdocker rm $(docker ps -a -q)- delete all containers (running and stopped)