{"id":15020005,"url":"https://github.com/docker/github-actions-runner","last_synced_at":"2025-07-26T02:33:24.381Z","repository":{"id":197315288,"uuid":"698428092","full_name":"docker/github-actions-runner","owner":"docker","description":"Docker's containerized github-actions runner","archived":false,"fork":false,"pushed_at":"2023-10-01T01:57:14.000Z","size":24,"stargazers_count":21,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-07-20T01:37:23.187Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/docker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-29T22:40:49.000Z","updated_at":"2025-06-05T12:50:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"e3ac1129-e84f-4915-a4fb-55bc709d5caf","html_url":"https://github.com/docker/github-actions-runner","commit_stats":{"total_commits":10,"total_committers":2,"mean_commits":5.0,"dds":0.09999999999999998,"last_synced_commit":"df90229e2124eb18cd8d1ef6c4fbed9c26e9cdfc"},"previous_names":["docker/github-actions-runner"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/docker/github-actions-runner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fgithub-actions-runner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fgithub-actions-runner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fgithub-actions-runner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fgithub-actions-runner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/docker","download_url":"https://codeload.github.com/docker/github-actions-runner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fgithub-actions-runner/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267107560,"owners_count":24037279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T19:54:27.294Z","updated_at":"2025-07-26T02:33:24.331Z","avatar_url":"https://github.com/docker.png","language":"Shell","readme":"Sysbox-Powered Github Actions Runner\n====================================\n\nThe GitHub-action runner image generated by this repository is expected to be powered by the [Sysbox](https://github.com/nestybox/sysbox) container runtime. The runner binary being utilized and the associated configuration process have been extracted and documented [here](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/hosting-your-own-runners).\n\nThere are similar containerized github-actions runners (GHA) out there, such as the one this repository is originally [based on](https://github.com/myoung34/docker-github-actions-runner). However, our main purpose is to offer differentiated value by utilizing the Sysbox runtime.\n\nFinally, I'd like to point out that the scope of this repository is limited to Docker-generated GHA runner deployments. Please refer to the [GHA-controller](https://github.com/actions/actions-runner-controller) project for Kubernetes scenarios.\n\n## Why Sysbox?\n\nThese are some of the issues we have identified to justify the creation of this repository:\n\n* Equivalent solutions rely on the execution of `privileged` containers, which are known to pose serious security challenges.\n* Other solutions bind-mount the host's docker-engine socket into the GHA runner container, representing a security threat.\n* The above limitations constrain the use of one GHA runner per host. That is, `privileged` containers offer weak isolation among containers/host, and a single docker-engine can't be shared across multiple docker-clis.\n\nSysbox addresses the above challenges by providing stronger isolation among GHA runner instances and between runners and the host. Sysbox also allows the execution of Docker binaries (and plugins) within a container without resorting to `privileged` containers. In consequence, Sysbox can be used to host multiple GHA runners within the same machine.\n\n## Quick-Start ##\n\n* Install Sysbox runtime in a Linux VM as indicated [here](https://github.com/nestybox/sysbox#installing-sysbox). Alternatively (easiest approach), launch an EC2 instance using Docker's DinD AMI (todo: provide details), which already contains all the required components.\n\n* Git clone this repo and execute the `gha_runner_create.sh` script with the following parameters:\n\n```\n$ ./gha_runner_create.sh \u003crunner-name\u003e \u003corg\u003e \u003crepo-name\u003e \u003crunner-token\u003e\n```\n\nExample:\n\n```\n$ ./gha_runner_create.sh gha-runner-1 nestybox sysbox-pkgr AEEK3VNZQDRMZVBWK5QFV6DFDCYMY\n27dfce314877c7dcc19110d04b61a3904d24fa093aace80e63a9cff8676abede\n$\n```\n\nNote 1: The runner-token must be previously generated by going through the simple steps depicted in this GH [guide](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository). Notice that we only need to extract the `runner-token` displayed in the GH instructions, hence, there's no need to complete the suggested steps (our runner will take care of this process for us).\n\nNote 2: This script can be easily modified to use a GH Personal-Access-Token, further simplifying the runner creation process since we wouldn't need to obtain a runner-token.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fgithub-actions-runner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdocker%2Fgithub-actions-runner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fgithub-actions-runner/lists"}