├── .gitignore ├── Docker Image ├── Dockerfile ├── Dockerfile.mac └── start.sh ├── Dockerfile.mac ├── LICENSE ├── README.md ├── SECURITY.md ├── docker-compose.mac.yml ├── docker-compose.yml └── start-mac.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | -------------------------------------------------------------------------------- /Docker Image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | ARG RUNNER_VERSION="2.317.0" 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | # Update and upgrade the system 7 | RUN apt update -y && apt upgrade -y 8 | 9 | # Add a user named docker 10 | RUN useradd -m docker 11 | 12 | # Install necessary packages 13 | RUN apt install -y --no-install-recommends \ 14 | curl build-essential libssl-dev libffi-dev python3 python3-venv python3-dev python3-pip jq 15 | RUN apt-get -yqq install ssh 16 | # Set up the actions runner 17 | RUN cd /home/docker && mkdir actions-runner && cd actions-runner \ 18 | && curl -o actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz \ 19 | && tar xzf actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz 20 | 21 | # Change ownership to docker user and install dependencies 22 | RUN chown -R docker /home/docker && /home/docker/actions-runner/bin/installdependencies.sh 23 | 24 | # Copy the start script and make it executable 25 | COPY start.sh /start.sh 26 | RUN chmod +x /start.sh 27 | 28 | # Switch to docker user 29 | USER docker 30 | 31 | # Define the entrypoint 32 | ENTRYPOINT ["/start.sh"] -------------------------------------------------------------------------------- /Docker Image/Dockerfile.mac: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | 3 | # Copy the start script to the runner's home directory and make it executable 4 | COPY start-mac.sh /home/runner/start.sh 5 | RUN chmod +x /home/runner/start.sh 6 | 7 | # Define the entrypoint 8 | ENTRYPOINT ["/home/runner/start.sh"] -------------------------------------------------------------------------------- /Docker Image/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | REPO=$REPO 4 | REG_TOKEN=$REG_TOKEN 5 | NAME=$NAME 6 | 7 | cd /home/docker/actions-runner || exit 8 | ./config.sh --url https://github.com/${REPO} --token ${REG_TOKEN} --name ${NAME} 9 | 10 | cleanup() { 11 | echo "Removing runner..." 12 | ./config.sh remove --unattended --token ${REG_TOKEN} 13 | } 14 | 15 | trap 'cleanup; exit 130' INT 16 | trap 'cleanup; exit 143' TERM 17 | 18 | ./run.sh & wait $! -------------------------------------------------------------------------------- /Dockerfile.mac: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/arm64 ubuntu:latest 2 | 3 | ARG RUNNER_VERSION="2.317.0" 4 | 5 | # Add a user for the runner 6 | RUN useradd -m -s /bin/bash runner 7 | 8 | # Install necessary packages including .NET Core dependencies 9 | RUN apt-get update && apt-get install -y \ 10 | curl \ 11 | jq \ 12 | python3 \ 13 | sudo \ 14 | libicu-dev \ 15 | libkrb5-3 \ 16 | zlib1g \ 17 | iputils-ping \ 18 | openssh-client \ 19 | && rm -rf /var/lib/apt/lists/* 20 | 21 | # Set up the runner user 22 | RUN echo "runner ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers 23 | 24 | WORKDIR /home/runner 25 | 26 | # Set up the actions runner for ARM64 27 | RUN mkdir -p /home/runner/actions-runner && cd /home/runner/actions-runner \ 28 | && curl -o actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz \ 29 | && tar xzf actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz 30 | 31 | # Install dependencies 32 | RUN cd /home/runner/actions-runner \ 33 | && ./bin/installdependencies.sh 34 | 35 | # Copy the start script and make it executable 36 | COPY start-mac.sh /home/runner/start.sh 37 | RUN chown runner:runner /home/runner/start.sh && chmod +x /home/runner/start.sh 38 | 39 | # Switch to runner user 40 | USER runner 41 | 42 | # Define the entrypoint 43 | ENTRYPOINT ["/home/runner/start.sh"] -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Youssef Bourourou 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Self-Hosted Runner Dockerization 2 | 3 | Welcome to the GitHub Self-Hosted Runner Dockerization repository. This project provides a Dockerized solution for setting up a self-hosted GitHub Actions runner. 4 | 5 | ## Features 6 | 7 | - **Docker Compose Setup**: Easily deploy self-hosted runners using Docker Compose. 8 | - **Customizable**: Use the provided Docker image or build your own using the Dockerfile. 9 | - **Scalable**: Deploy multiple runner replicas with resource constraints. 10 | - **Cross-Platform**: Support for Linux, macOS, and Windows environments. 11 | 12 | ## Repository Contents 13 | 14 | - `LICENSE`: The license file for this project. 15 | - `README.md`: The documentation file you are currently reading. 16 | - `docker-compose.yml`: The Docker Compose file to deploy the self-hosted runner on Linux. 17 | - `docker-compose.mac.yml`: The Docker Compose file to deploy the self-hosted runner on macOS. 18 | - `docker-compose.windows.yml`: The Docker Compose file to deploy the self-hosted runner on Windows. 19 | - `Docker Image/`: A directory containing the Dockerfiles and start scripts for building the runner images. 20 | 21 | ## Getting Started 22 | 23 | ### Prerequisites 24 | 25 | - Docker 26 | - Docker Compose 27 | 28 | ### Using Docker Compose on Linux 29 | 30 | 1. Clone the repository: 31 | 32 | ```sh 33 | git clone https://github.com/youssefbrr/self-hosted-runner.git 34 | cd self-hosted-runner 35 | ``` 36 | 37 | 2. Edit the `docker-compose.yml` file to specify your repository, registration token, and runner name. 38 | 39 | 3. Deploy the self-hosted runner: 40 | ```sh 41 | docker-compose up -d 42 | ``` 43 | 44 | ### Using Docker Compose on macOS 45 | 46 | 1. Clone the repository: 47 | 48 | ```sh 49 | git clone https://github.com/youssefbrr/self-hosted-runner.git 50 | cd self-hosted-runner 51 | ``` 52 | 53 | 2. Edit the `docker-compose.mac.yml` file to specify your repository, registration token, and runner name. 54 | 55 | 3. Deploy the self-hosted runner: 56 | ```sh 57 | docker-compose -f docker-compose.mac.yml up -d 58 | ``` 59 | 60 | ### Using Docker Compose on Windows 61 | 62 | 1. Prerequisites: 63 | 64 | - Install Docker Desktop for Windows 65 | - Enable WSL 2 (Windows Subsystem for Linux) 66 | - Install Ubuntu 20.04 from the Microsoft Store or enable it through PowerShell 67 | 68 | 2. Clone the repository: 69 | 70 | ```sh 71 | git clone https://github.com/youssefbrr/self-hosted-runner.git 72 | cd self-hosted-runner 73 | ``` 74 | 75 | 3. Edit the `docker-compose.windows.yml` file to specify your repository, registration token, and runner name. 76 | 77 | 4. Deploy the self-hosted runner: 78 | ```sh 79 | docker-compose -f docker-compose.windows.yml up -d 80 | ``` 81 | 82 | ### Building Your Own Docker Image on Linux 83 | 84 | 1. Clone the repository: 85 | 86 | ```sh 87 | git clone https://github.com/youssefbrr/self-hosted-runner.git 88 | cd self-hosted-runner 89 | ``` 90 | 91 | 2. Build the Docker image: 92 | 93 | ```sh 94 | cd Docker Image 95 | docker build -t custom-github-runner:latest ./ 96 | ``` 97 | 98 | 3. Edit the `docker-compose.yml` file to use your custom image. 99 | 100 | 4. Deploy the self-hosted runner: 101 | ```sh 102 | docker-compose up -d 103 | ``` 104 | 105 | ### Building Your Own Docker Image on macOS 106 | 107 | 1. Clone the repository: 108 | 109 | ```sh 110 | git clone https://github.com/youssefbrr/self-hosted-runner.git 111 | cd self-hosted-runner 112 | ``` 113 | 114 | 2. Build the Docker image: 115 | 116 | ```sh 117 | cd Docker Image 118 | docker build -t custom-github-runner-mac:latest -f Dockerfile.mac ./ 119 | ``` 120 | 121 | 3. Edit the `docker-compose.mac.yml` file to use your custom image. 122 | 123 | 4. Deploy the self-hosted runner: 124 | ```sh 125 | docker-compose -f docker-compose.mac.yml up -d 126 | ``` 127 | 128 | ### Building Your Own Docker Image on Windows 129 | 130 | 1. Clone the repository: 131 | 132 | ```sh 133 | git clone https://github.com/youssefbrr/self-hosted-runner.git 134 | cd self-hosted-runner 135 | ``` 136 | 137 | 2. Build the Docker image: 138 | 139 | ```sh 140 | cd Docker Image 141 | docker build -t custom-github-runner-windows:latest -f Dockerfile.windows ./ 142 | ``` 143 | 144 | 3. Edit the `docker-compose.windows.yml` file to use your custom image. 145 | 146 | 4. Deploy the self-hosted runner: 147 | ```sh 148 | docker-compose -f docker-compose.windows.yml up -d 149 | ``` 150 | 151 | ## Configuration 152 | 153 | ### Environment Variables 154 | 155 | - `REPO`: The GitHub repository to register the runner to (format: `/`). 156 | - `REG_TOKEN`: The registration token for the self-hosted runner from the GitHub repository settings. 157 | - `NAME`: The name of the self-hosted runner. 158 | 159 | ## Notes for macOS Users 160 | 161 | For macOS, keep in mind: 162 | 163 | 1. You need to have Docker Desktop for Mac installed and running. 164 | 2. The macOS runner uses different base images and paths compared to the Linux version. 165 | 3. Performance may differ from the Linux version due to the virtualization layer. 166 | 167 | ## Notes for Windows Users 168 | 169 | For Windows, keep in mind: 170 | 171 | 1. You need to have Docker Desktop for Windows installed and running. 172 | 2. WSL 2 must be enabled and properly configured. 173 | 3. The Ubuntu 20.04 distribution should be installed through WSL. 174 | 4. Performance may vary depending on your system's virtualization settings. 175 | 5. Make sure your Windows system meets the minimum requirements for running Docker Desktop and WSL 2. 176 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depend on the CVSS v3.0 Rating: 6 | 7 | | Version | Supported | 8 | | ------- | ------------------ | 9 | | 1.0.0 | :white_check_mark: | 10 | 11 | ## Reporting a Vulnerability 12 | 13 | If you discover a security vulnerability, please do the following: 14 | 15 | 1. **Contact us directly.** Do not create an issue or post in public forums. Instead, email us at [bourourouyoussef1@gmail.com](mailto:bourourouyoussef1@gmail.com) with the details of the vulnerability. Please include: 16 | - A description of the vulnerability. 17 | - Steps to reproduce the issue. 18 | - Any relevant logs or screenshots. 19 | 20 | 2. **Wait for a response.** We will acknowledge your email within 48 hours and provide a detailed response within 7 days, including an estimated timeline for a fix. 21 | 22 | 3. **Coordinate disclosure.** We are committed to addressing all reported security vulnerabilities promptly. We will work with you to coordinate an appropriate disclosure timeline. 23 | 24 | ### Security Updates 25 | 26 | We will inform users about any security vulnerabilities and their fixes via GitHub releases and the project’s README file. 27 | 28 | ### Preferred Languages 29 | 30 | We prefer all communications to be in English. 31 | 32 | Thank you for helping us keep this project secure! 33 | -------------------------------------------------------------------------------- /docker-compose.mac.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | 3 | services: 4 | runner: 5 | image: custom-github-runner-mac:latest 6 | platform: linux/arm64 7 | restart: always 8 | environment: 9 | - REPO=/ 10 | - REG_TOKEN= 11 | - NAME= 12 | volumes: 13 | - /var/run/docker.sock:/var/run/docker.sock 14 | deploy: 15 | mode: replicated 16 | replicas: 1 17 | resources: 18 | limits: 19 | cpus: "1" 20 | memory: 1G 21 | reservations: 22 | cpus: "0.5" 23 | memory: 512M 24 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | 3 | services: 4 | runner: 5 | image: youssefbrr/github-actions:latest # You can use this image or build your own 6 | restart: always 7 | environment: 8 | - REPO=/ 9 | - REG_TOKEN= 10 | - NAME= 11 | deploy: 12 | mode: replicated 13 | replicas: 2 14 | resources: 15 | limits: 16 | cpus: '0.5' 17 | memory: 512M 18 | reservations: 19 | cpus: '0.4' 20 | memory: 256M -------------------------------------------------------------------------------- /start-mac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | REPO=$REPO 4 | REG_TOKEN=$REG_TOKEN 5 | NAME=$NAME 6 | 7 | cd /home/runner/actions-runner || exit 8 | ./config.sh --url https://github.com/${REPO} --token ${REG_TOKEN} --name ${NAME} 9 | 10 | cleanup() { 11 | echo "Removing runner..." 12 | ./config.sh remove --unattended --token ${REG_TOKEN} 13 | } 14 | 15 | trap 'cleanup; exit 130' INT 16 | trap 'cleanup; exit 143' TERM 17 | 18 | ./run.sh & wait $! --------------------------------------------------------------------------------