Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

First see Adding Github Actions to a repo

If you have a repo or a job that is inappropriate to run on a shared resource, you may contact it@tufts.edu and request ESCP to create a custom private runner. For their convenience, include a link to this page in your request.

For ESCP:

  • If the runner is only needed by a single repo:

    • On the system where you want the runner to run, add the gitrunner1 service account, then login and sudo su - gitrunner1 become that user.

    • Browse (or have the user browse) to the repo in the GitHub web interface. Click Settings > Actions > Runners. Create a new runner. This will only be accessible by this repo.

    • They give you some instructions to install and configure the runner, but you need a few modifications:

      # Create a folder
$ mkdir actions-runner && cd actions-runner
# Download the latest runner package

Use whatever latest version they gave you:
$ curl -o actions-runner-linux-x64-[...]
$ tar xzf ./actions-runner-linux-x64-[...]

# Create the runner and start the configuration experience
$ ./config.sh --url [...]
# !!!!
# !!!! When prompted for name of runner group, just press enter for default.
# !!!! When prompted for name of runner, use hostname_username, for example, myhost-dev-01_gitrunner1
# !!!! When prompted for additional labels, enter "rhel-8" or whatever
# !!!! When prompted for work folder, press Enter for default _work
# !!!!

# !!!!!! DON'T DO THIS! This will launch the runner once in the terminal,
# !!!!!! and it will die when you logout. Instead, see below
# Last step, run it!
$ ./run.sh

# (Yes, do this). To run as a service:
# as root:
# In the following, Don't just copy and paste. Edit before doing it.
#     runasuser=gitrunnerX
#     cd /home/${runasuser}/actions-runner
#     ./svc.sh install ${runasuser}
#         It will create a service, and display the service name. You can start, such as:
#         systemctl enable --now actions.runner.Tufts-Technology-Services.myhost-dev-01_${runasuser}

# TODO!!
# selinux will block the runner.
# Going to have to do some of this:
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext

  • If the runner could be used by multiple repositories, create a restricted access Runner Group:

    • Go to the Organization. Settings > Actions > Runner groups.

    • Create a new runner group.

    • Edit the group properties, and select which permissions to apply. (Which repos are allowed to use this runner group)

    • Install the runner as described in the section above for a single runner, BUT when prompted for name of runner group, specify your new runner group.

    • After the runner has started, return to the web interface. Under “Runners,” ensure the Runner Group of the specific runner.

  • No labels