A dockerized action runner based on myoung34/docker-github-actions-runner with minimal tweaks to support Lithic workflows. The project is covered in more detail in privacy-com/pulumi-github-actions-runner
- Runners are uniquely named with a UUID suffix
- A GitHub PAT is passed into the container to set up
.gitconfig - Additional packages installed to support builds
This is a public repo, and sensitive values should be handled accordingly. Right now that is being done via GitHub Secrets.
Included below are some caveats to using this runner in workflows, duplicated from the original repo.
It is known that currently tokens (ACCESS_TOKEN / RUNNER_TOKEN ) are not safe from exfiltration. If you are using this runner make sure that any workflow changes are gated by a verification process (in the actions settings) so that malicious PR's cannot exfiltrate these.
Please note that while this runner installs and allows docker, github actions itself does not support using docker from a self hosted runner yet. For more information:
Also, some GitHub Actions Workflow features, like Job Services, won't be usable and will result in an error.
Currently runners do not support containerd
***LINK TO DOCKER IMAGE LIST HERE ***
If you're using a RHEL based OS with SELinux, add --security-opt=label=disable to prevent permission denied
name: Package
on:
release:
types: [created]
jobs:
build:
runs-on: self-hosted
steps:
- uses: actions/checkout@v1
- name: build packages
run: make all