Skip to main content

此版本的 GitHub Enterprise 已停止服务 2022-06-03. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

Getting started with self-hosted runners for your enterprise

You can configure a runner machine for your enterprise so your developers can start automating workflows with GitHub Actions.

Enterprise owners can configure policies for GitHub Actions and add self-hosted runners to the enterprise.

About self-hosted runners for GitHub Actions

GitHub Actions allows people who use 您的 GitHub Enterprise Server 实例 to improve productivity by automating every phase of the software development workflow. For more information, see "About GitHub Actions for enterprises."

With GitHub Actions, developers can write and combine individual tasks called actions to create custom workflows. To enable GitHub Actions for 您的 GitHub Enterprise Server 实例, you must host at least one machine to execute jobs. This machine is called a self-hosted runner. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. Your runner machine connects to GitHub Enterprise Server using the GitHub Actions self-hosted runner application. Self-hosted runners can run Linux, Windows, or macOS. For more information, see "About self-hosted runners."

This guide shows you how to apply a centralized management approach to self-hosted runners for GitHub Actions in your enterprise. In the guide, you'll complete the following tasks.

  1. Configure a limited policy to restrict the actions that can run within your enterprise
  2. Deploy a self-hosted runner for your enterprise
  3. Create a group to manage access to the runners available to your enterprise
  4. Optionally, further restrict the repositories that can use the runner

You'll also find additional information about how to monitor and secure your self-hosted runners, how to access actions from GitHub.com, and how to customize the software on your runner machines.

After you finish the guide, users of 您的 GitHub Enterprise Server 实例 will be able to run workflow jobs from GitHub Actions on a self-hosted runner machine.

Prerequisites

1. Configure policies for GitHub Actions

First, enable GitHub Actions for all organizations, and configure a policy to restrict the actions that can run on 您的 GitHub Enterprise Server 实例. Optionally, organization owners can further restrict these policies for each organization.

  1. 在 GitHub Enterprise Server 的右上角,单击您的个人资料照片,然后单击 Enterprise settings(Enterprise 设置)GitHub Enterprise Server 上个人资料照片下拉菜单中的"Enterprise settings(企业设置)"

  2. 在企业账户侧边� �中,单击 Policies(政策)企业帐户侧边� �中的 Policies(政策)选项卡

  3. 在“ Policies(政策)”下,单击 Actions(操作)

  4. Under "Policies", select Enable for all organizations.

    Screenshot of "Enable for all organizations" policy for GitHub Actions

  5. Select Allow select actions and Allow actions created by GitHub to allow local actions, and actions created by GitHub.

    Screenshot of "Allow select actions" and "Allow actions created by GitHub" for GitHub Actions

  6. Click Save.

You can configure additional policies to restrict the actions available to users of 您的 GitHub Enterprise Server 实例. For more information, see "Enforcing policies for GitHub Actions in your enterprise."

2. Deploy the self-hosted runner for your enterprise

Next, add a self-hosted runner to your enterprise. GitHub Enterprise Server will guide you through installation of the necessary software on the runner machine. After you deploy the runner, you can verify connectivity between the runner machine and 您的 GitHub Enterprise Server 实例.

Adding the self-hosted runner

要将自托管的运行器添� 到企业,您必须是组织所有者。

  1. 在 GitHub Enterprise Server 的右上角,单击您的个人资料照片,然后单击 Enterprise settings(Enterprise 设置)GitHub Enterprise Server 上个人资料照片下拉菜单中的"Enterprise settings(企业设置)"

  2. 在企业账户侧边� �中,单击 Policies(政策)企业帐户侧边� �中的 Policies(政策)选项卡

  3. 在“ Policies(政策)”下,单击 Actions(操作)

  4. 单击 自托管运行器 选项卡。

  5. 单击 Add new(新增),然后单击 New runner(新运行器)

  6. Select the operating system image and architecture of your self-hosted runner machine.

  7. 您将看到指示您如何下载运行器应用程序并安装到自托管运行器机器上的说明。

    在自托管运行器机器上打开 shell,并按显示的顺序运行每个 shell 命令。

    注意: 在 Windows上,如果要将自托管运行器应用程序安装为服务,必须打开具有管理员权限的 shell。 我们还建议您使用 C:\actions-runner 作为自托管运行器应用程序的目录,以便 Windows 系统帐户可以访问运行器目录。

    这些说明将指导您完成以下任务:

    • 下载并提取自托管运行器应用程序。
    • 运行 config 脚本配置自托管运行器应用程序,并向 GitHub Actions 注册。 config 脚本需要目� � URL 和自动生成的时间限制令牌来验证请求。
      • 在 Windows上,config 脚本还会询问您是否想将自托管运行器应用程序安装为服务。 对于 Linux 和 macOS,您可以在完成添� 运行器后安装服务。 更多信息请参阅“将自托管运行器应用程序配置为服务”。
    • 运行自托管运行器应用程序以将机器连接到 GitHub Actions。

检查您的自托管运行器是否已成功添� 

After completing the steps to add a self-hosted runner, the runner and its status are now listed under "Self-hosted runners".

必须激活自托管运行器应用程序,运行器才能接受作业。 When the runner application is connected to GitHub Enterprise Server and ready to receive jobs, you will see the following message on the machine's terminal.

√ 已连接到 GitHub

2019-10-24 05:45:56Z: 正在监听作业

3. Manage access to the self-hosted runner using a group

You can create a runner group to manage access to the runner that you added to your enterprise. You'll use the group to choose which organizations can execute jobs from GitHub Actions on the runner.

GitHub Enterprise Server adds all new runners to a group. Runners can be in one group at a time. By default, GitHub Enterprise Server adds new runners to the "Default" group.

  1. 在 GitHub Enterprise Server 的右上角,单击您的个人资料照片,然后单击 Enterprise settings(Enterprise 设置)GitHub Enterprise Server 上个人资料照片下拉菜单中的"Enterprise settings(企业设置)"

  2. 在企业账户侧边� �中,单击 Policies(政策)企业帐户侧边� �中的 Policies(政策)选项卡

  3. 在“ Policies(政策)”下,单击 Actions(操作)

  4. 单击 自托管运行器 选项卡。

  5. Use the Add new drop-down, and select New group.

  6. Under "Group name", type a name for your runner group.

  7. To choose a policy for organization access, under "Organization access", select the Organization access drop-down, and click Selected organizations.

  8. To the right of the drop-down with the organization access policy, click .

  9. Select the organizations you'd like to grant access to the runner group.

  10. Optionally, to allow public repositories in the selected organizations to use runners in the group, select Allow public repositories.

    Warning:

    建议仅将自托管运行器用于私有仓库。 这是� 为,通过创建在工作流程中执行代� �的拉取请求,仓库的复刻可能会在您的自托管运行器上运行危险代� �。

    For more information, see "About self-hosted runners."

  11. Click Save group to create the group and apply the policy.

  12. To the right of "Default", click the number of runners in the group to show the runners.

  13. Select the runner that you deployed.

  14. To the right of "Runner groups", select the Move to group dropdown, and click the group that you previously created.

You've now deployed a self-hosted runner that can run jobs from GitHub Actions within the organizations that you specified.

4. Further restrict access to the self-hosted runner

Optionally, organization owners can further restrict the access policy of the runner group that you created. For example, an organization owner could allow only certain repositories in the organization to use the runner group.

For more information, see "Managing access to self-hosted runners using groups."

Next steps

Further reading