github-actions-runner

Docker's containerized github-actions runner

MIT License

Stars
13
Committers
1
View Code on GitHub View on X
Ecosystems: Docker, Docker Compose

Sysbox-Powered Github Actions Runner

The GitHub-action runner image generated by this repository is expected to be powered by the Sysbox container runtime. The runner binary being utilized and the associated configuration process have been extracted and documented here.

There are similar containerized github-actions runners (GHA) out there, such as the one this repository is originally based on. However, our main purpose is to offer differentiated value by utilizing the Sysbox runtime.

Finally, I'd like to point out that the scope of this repository is limited to Docker-generated GHA runner deployments. Please refer to the GHA-controller project for Kubernetes scenarios.

Why Sysbox?

These are some of the issues we have identified to justify the creation of this repository:

  • Equivalent solutions rely on the execution of privileged containers, which are known to pose serious security challenges.
  • Other solutions bind-mount the host's docker-engine socket into the GHA runner container, representing a security threat.
  • The above limitations constrain the use of one GHA runner per host. That is, privileged containers offer weak isolation among containers/host, and a single docker-engine can't be shared across multiple docker-clis.

Sysbox addresses the above challenges by providing stronger isolation among GHA runner instances and between runners and the host. Sysbox also allows the execution of Docker binaries (and plugins) within a container without resorting to privileged containers. In consequence, Sysbox can be used to host multiple GHA runners within the same machine.

Quick-Start

  • Install Sysbox runtime in a Linux VM as indicated here. Alternatively (easiest approach), launch an EC2 instance using Docker's DinD AMI (todo: provide details), which already contains all the required components.

  • Git clone this repo and execute the gha_runner_create.sh script with the following parameters:

$ ./gha_runner_create.sh <runner-name> <org> <repo-name> <runner-token>

Example:

$ ./gha_runner_create.sh gha-runner-1 nestybox sysbox-pkgr AEEK3VNZQDRMZVBWK5QFV6DFDCYMY
27dfce314877c7dcc19110d04b61a3904d24fa093aace80e63a9cff8676abede
$

Note 1: The runner-token must be previously generated by going through the simple steps depicted in this GH guide. Notice that we only need to extract the runner-token displayed in the GH instructions, hence, there's no need to complete the suggested steps (our runner will take care of this process for us).

Note 2: This script can be easily modified to use a GH Personal-Access-Token, further simplifying the runner creation process since we wouldn't need to obtain a runner-token.

Related Projects
sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as...

02 Aug 2020 2,728
builder

Home Assistant builder script

14 Apr 2019 69
gha-runners

Terraform to create GitHub Action self-hosted runners in EC2 using ASG

09 Jul 2021 26
push-to-ghcr

This action simplifies pushes of Docker images to ghcr.io repository and the Docker Hub

01 Jul 2021 29
distrobox

Use any linux distribution inside your terminal. Enable both backward and forward compatibility w...

18 Nov 2021 9,844
push-to-registry

GitHub Action to push a container image to an image registry.

13 Nov 2020 99
awesome-runners

A curated list of awesome self-hosted GitHub Action runners in a large comparison matrix

05 Feb 2021 678
gitlab-ci-stack

Full CI pipeline project based on Gitlab & Gitlab CI running Docker, completely automated setup b...

21 Mar 2018 177
docker-github-actions-runner

This will run the new self-hosted github actions runners with docker-in-docker

25 Nov 2019 1,625
containershare

open source, transparent container registry for reproducible science

23 Jul 2018 6
ml-workspace

🛠 All-in-one web-based IDE specialized for machine learning and data science.

27 May 2019 3,406