{"id":31782104,"url":"https://github.com/grammatonic/github-runner","last_synced_at":"2026-03-01T23:07:24.696Z","repository":{"id":313230699,"uuid":"1050566951","full_name":"GrammaTonic/github-runner","owner":"GrammaTonic","description":"🚀 Self-hosted GitHub Actions runners with Docker containerization, Chrome browser support for web UI testing, comprehensive CI/CD pipelines, monitoring stack, and production-ready deployment automation. Perfect for teams needing reliable, scalable, and secure runner infrastructure.","archived":false,"fork":false,"pushed_at":"2026-02-27T20:27:47.000Z","size":1217,"stargazers_count":1,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-27T22:57:39.604Z","etag":null,"topics":["chrome-runner","cicd","devops","docker","github-actions","monitoring","playwright","prometheus-metrics","selenium","self-hosted-runner","web-ui-testing"],"latest_commit_sha":null,"homepage":"https://github.com/GrammaTonic/github-runner/wiki","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GrammaTonic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["GrammaTonic"],"buy_me_a_coffee":"grammatonic"}},"created_at":"2025-09-04T16:00:42.000Z","updated_at":"2026-02-27T18:10:43.000Z","dependencies_parsed_at":"2025-09-04T18:33:34.927Z","dependency_job_id":"43ecee98-57cc-46b9-955b-141f45ed8006","html_url":"https://github.com/GrammaTonic/github-runner","commit_stats":null,"previous_names":["grammatonic/github-runner"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/GrammaTonic/github-runner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrammaTonic%2Fgithub-runner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrammaTonic%2Fgithub-runner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrammaTonic%2Fgithub-runner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrammaTonic%2Fgithub-runner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GrammaTonic","download_url":"https://codeload.github.com/GrammaTonic/github-runner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrammaTonic%2Fgithub-runner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29987656,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T22:42:38.399Z","status":"ssl_error","status_checked_at":"2026-03-01T22:41:51.863Z","response_time":124,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chrome-runner","cicd","devops","docker","github-actions","monitoring","playwright","prometheus-metrics","selenium","self-hosted-runner","web-ui-testing"],"created_at":"2025-10-10T09:14:36.319Z","updated_at":"2026-03-01T23:07:24.690Z","avatar_url":"https://github.com/GrammaTonic.png","language":"Shell","readme":"# Base Image: Ubuntu Resolute (25.10 Pre-release)\n\nThis repository uses `ubuntu:resolute` as the base image for Chrome runner containers. This is a pre-release version of Ubuntu (25.10) chosen for access to the latest system libraries and browser dependencies.\n\n**CVE Mitigation Strategy:**\n- Many CVEs in Node.js, npm, and transitive dependencies cannot be patched directly due to upstream packaging.\n- We use npm `overrides` and local installs to patch all app-level dependencies.\n- CVEs present only in npm's internal modules are documented and monitored; they do not affect runtime security for the runner or browser tests.\n- All images are scanned with Trivy and results are saved to `test-results/docker/` for auditability.\n\n**Security Note:**  \nIf you require a fully supported, production-grade image, use a stable Ubuntu LTS release (e.g., `ubuntu:24.04`). See [DEPLOYMENT.md](docs/DEPLOYMENT.md) for migration instructions.\n# GitHub Actions Self-Hosted Runner\n\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/GrammaTonic/github-runner)](https://github.com/GrammaTonic/github-runner/releases/latest)\n[![Docker Image](https://img.shields.io/badge/docker-ghcr.io%2Fgrammatonic%2Fgithub--runner-blue)](https://ghcr.io/grammatonic/github-runner)\n[![CI/CD Pipeline](https://github.com/GrammaTonic/github-runner/actions/workflows/ci-cd.yml/badge.svg)](https://github.com/GrammaTonic/github-runner/actions/workflows/ci-cd.yml)\n[![Chrome Runner](https://img.shields.io/badge/Chrome%20Runner-Production%20Ready-success?style=flat-square\u0026logo=google-chrome)](https://github.com/GrammaTonic/github-runner/wiki/Chrome-Runner)\n[![Security](https://img.shields.io/badge/Security-Trivy%20Scanned-success?style=flat-square\u0026logo=security)](https://github.com/GrammaTonic/github-runner/actions/workflows/security-advisories.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nA comprehensive, production-ready GitHub Actions self-hosted runner solution with monitoring, scaling, and security features.\n\nNote: Documentation workflows and repo prompts were recently improved — see\n`.github/prompts/Wiki-Readme.prompt.md` and `docs/examples/update-docs-example.md` for guidance on updating docs to match code changes.\n\n## 📊 Current Versions\n\n| Component                 | Standard Runner  | Chrome Runner    | Chrome-Go Runner | Status            |\n| ------------------------- | ---------------- | ---------------- | ---------------- | ----------------- |\n| **Image Version**         | v2.2.1           | v2.2.1           | v2.2.1           | ✅ Latest         |\n| **GitHub Actions Runner** | v2.331.0         | v2.331.0         | v2.331.0         | ✅ Latest         |\n| **Base OS**               | Ubuntu 25.10 Resolute | Ubuntu 25.10 Resolute | Ubuntu 25.10 Resolute | ✅ Pre-release |\n| **Node.js**               | -                | 24.14.0          | 24.14.0          | ✅ Latest         |\n| **Go**                    | -                | -                | 1.26.0           | ✅ Latest         |\n| **Python**                | 3.10+            | 3.10+            | 3.10+            | ✅ Latest         |\n| **Playwright**            | -                | v1.58.2          | v1.58.2          | ✅ Latest         |\n| **Cypress**               | -                | v15.11.0         | v15.11.0         | ✅ Latest         |\n| **Chrome**                | -                | 142.0.7444.162   | 142.0.7444.162   | ✅ Latest         |\n\n\u003e 📋 For detailed version information, see [Version Overview](docs/VERSION_OVERVIEW.md)\n\n## 🔒 Security Status \u0026 Workflow Sync\n\n- ✅ **CVE-2026-23950**: Node-tar arbitrary file overwrite vulnerability patched (`tar@7.5.4`)\n- ✅ **VDB-216777/CVE-2020-36632**: Flat package vulnerability patched (`flat@5.0.2`)\n- ✅ **CVE-2025-9288**: Cypress SHA.js vulnerability patched (`sha.js@2.4.12`)\n- ✅ **CVE-2024-37890**: WebSocket DoS vulnerability patched (`ws@8.17.1`)\n- ✅ **Trivy Security Scanning**: Automated weekly vulnerability scans (filesystem, main runner, Chrome runner)\n- ✅ **Container Hardening**: Non-root execution, minimal attack surface\n- ✅ **Workflow Sync**: All security scan jobs (`security-scan`, `security-container-scan`, `security-chrome-scan`) are present in `.github/workflows/ci-cd.yml` and must be kept in sync across all branches. Use `git diff develop .github/workflows/ci-cd.yml` to verify parity before merging. If you see a warning about missing scan jobs, update and sync your workflow files, then re-run the workflow.\n\n## 🚀 Features \u0026 Security Scanning\n\n- **Three Runner Types**: Standard, Chrome (browser testing), and Chrome-Go (Go + browser testing)\n- **Containerized Runners**: Docker-based runners with multi-platform support (amd64/arm64)\n- **Automated Dependency Management**: Zero-touch Dependabot automation with auto-merge and auto-rebase\n- **Performance Optimized**: BuildKit cache mounts, multi-stage builds, 50-70% faster rebuilds\n- **Auto-scaling**: Dynamic scaling based on workload demands using Docker Compose\n- **Monitoring**: Prometheus metrics and Grafana dashboards for performance tracking\n- **Security**: Comprehensive vulnerability scanning, security patches, and container hardening\n- **CI/CD Integration**: Automated building, testing, and deployment with GitHub Actions\n- **High Availability**: Health checks, automatic restarts, and failover mechanisms\n- **Multi-Environment**: Support for dev, staging, and production environments\n- **Cache Optimization**: Persistent volume caching for build artifacts and dependencies\n- **Security Scanning**: Weekly Trivy scans (filesystem, container, Chrome runner) with automated SARIF reporting and GitHub Security tab integration\n\n### 🆕 Recent Improvements (November 2025)\n\n- ✅ **Dependabot Automation**: Zero-touch dependency updates with auto-merge and hourly auto-rebase workflows\n- ✅ **Performance Optimizations**: BuildKit cache mounts reduce build times by 50-70% (19s standard, 24s Chrome, 4m34s Chrome-Go)\n- ✅ **Multi-Stage Builds**: Standard runner image reduced by 370MB (17% smaller) with improved security\n- ✅ **Chrome-Go Runner**: New variant combining Go 1.26.0 toolchain with browser testing capabilities\n- ✅ **Cross-Branch Caching**: Feature branches leverage develop/main cache, eliminating redundant rebuilds\n- ✅ **Image Size Optimizations**: Standard ~1.8GB, Chrome ~4.1GB, Chrome-Go ~4.5GB (all optimized)\n- ✅ **CI/CD Enhancements**: Conditional Dependabot provisioning, artifact status files, clean logs\n- ✅ Chrome runners updated to Chrome `142.0.7444.162`, Playwright `1.58.2`, and Cypress `15.11.0`\n- ✅ npm override to force `tar@7.5.4` inside all embedded npm distributions, closing CVE-2026-23950 (upgraded from 7.5.2)\n\n## 📦 Installation\n\n### Using Git Clone\n\n```sh\n# Build the Chrome runner image (amd64 only)\ndocker buildx build --platform linux/amd64 -f docker/Dockerfile.chrome -t github-runner:chrome-latest .\n\n# Start the runner with Docker Compose\ndocker compose -f docker/docker-compose.chrome.yml up -d\n```\n\n\u003e **Note:** The Chrome runner image is only supported on `linux/amd64`. If you attempt to build or run on ARM, the build will fail.\n\n```bash\ngh repo clone GrammaTonic/github-runner\ncd github-runner\n```\n\n### Using Release Archive\n\n```bash\nwget https://github.com/GrammaTonic/github-runner/archive/v2.2.0.tar.gz\ntar -xzf v2.2.0.tar.gz\ncd github-runner-2.2.0\n```\n\n### Using Docker Images\n\nPre-built Docker images are available for each release:\n\n```bash\n# Standard Runner (latest)\ndocker pull ghcr.io/grammatonic/github-runner:v2.2.1\ndocker pull ghcr.io/grammatonic/github-runner:latest\n\n# Chrome Runner (latest)\ndocker pull ghcr.io/grammatonic/github-runner-chrome:v2.2.1\ndocker pull ghcr.io/grammatonic/github-runner-chrome:latest\n\n# Chrome-Go Runner (latest)\ndocker pull ghcr.io/grammatonic/github-runner-chrome-go:v2.2.1\ndocker pull ghcr.io/grammatonic/github-runner-chrome-go:latest\n\n# Development versions\ndocker pull ghcr.io/grammatonic/github-runner:develop\ndocker pull ghcr.io/grammatonic/github-runner-chrome:develop\ndocker pull ghcr.io/grammatonic/github-runner-chrome-go:develop\n\n# Semantic versioning\ndocker pull ghcr.io/grammatonic/github-runner:2.2.1\ndocker pull ghcr.io/grammatonic/github-runner:2.2\ndocker pull ghcr.io/grammatonic/github-runner:2\n```\n\n## 📋 Prerequisites\n\n- Docker 20.10+ and Docker Compose v2\n- GitHub Personal Access Token with repo permissions\n- (Optional) Kubernetes cluster for advanced deployment\n- (Optional) Cloud provider account for remote deployment\n\n## ⚡ Quick Start\n\n\u003e 📖 **For detailed setup instructions**, see our comprehensive [Quick Start Guide](docs/setup/quick-start.md)\n\n### One-Command Setup\n\nFor the fastest deployment experience:\n\n```bash\ngit clone https://github.com/GrammaTonic/github-runner.git\ncd github-runner\n./scripts/quick-start.sh\n```\n\nThe interactive script will guide you through:\n\n- ✅ **Runner type selection** (Standard, Chrome, or Both)\n- ✅ Prerequisite checks (Docker, permissions)\n- ✅ Environment configuration with validation\n- ✅ Automatic runner deployment\n- ✅ Health verification and troubleshooting\n\n### Runner Types Available\n\n- **Standard Runner**: General CI/CD with Docker, Node.js, Python (optimized with multi-stage build)\n- **Chrome Runner**: UI testing with Chrome, Selenium, Playwright, Cypress\n- **Chrome-Go Runner**: Go development + browser testing (Go 1.25.4 + all Chrome runner features)\n- **All Runners**: Deploy all three types with separate configurations for comprehensive coverage\n\n### Manual Setup (Alternative)\n\n### 1. Clone and Setup\n\n```bash\ngit clone https://github.com/GrammaTonic/github-runner.git\ncd github-runner\ncp config/runner.env.example config/runner.env\n```\n\n### 2. Configure Environment\n\nEdit `config/runner.env`:\n\n```bash\n# Required\nGITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx\nGITHUB_REPOSITORY=owner/repo\n\n# Optional\nRUNNER_LABELS=self-hosted,docker,linux\nRUNNER_NAME_PREFIX=runner\nENVIRONMENT=production\n```\n\n### 3. Start Runners\n\n```bash\n# Production setup (recommended)\ndocker compose -f docker/docker-compose.production.yml up -d\n\n# Chrome runner for browser testing\ndocker compose -f docker/docker-compose.chrome.yml up -d\n\n# Chrome-Go runner for Go + browser testing\ndocker compose -f docker/docker-compose.chrome-go.yml up -d\n\n# Scale runners based on demand\ndocker compose -f docker/docker-compose.production.yml up -d --scale github-runner=3\ndocker compose -f docker/docker-compose.chrome.yml up -d --scale github-runner-chrome=2\ndocker compose -f docker/docker-compose.chrome-go.yml up -d --scale github-runner-chrome-go=1\n```\n\n### 4. Verify Setup\n\n```bash\n# Check runner status\ndocker compose -f docker/docker-compose.production.yml ps\n\n# View logs\ndocker compose -f docker/docker-compose.production.yml logs -f github-runner\n\n# Check runner registration in GitHub\ndocker compose -f docker/docker-compose.production.yml logs github-runner | grep \"Listening for Jobs\"\n```\n\n## 🌐 Chrome Runner for Web UI Testing\n\n**Specialized runner for browser automation and web UI testing with 60% performance improvement.**\n\n### ✨ Features\n\n- ✅ **Google Chrome Stable** + automatically matched ChromeDriver\n- ✅ **Testing Frameworks**: Playwright, Cypress, Selenium pre-installed\n- ✅ **Resource Isolation**: Dedicated browser processes prevent contention\n- ✅ **Performance**: 60% faster web UI tests vs standard runners\n- ✅ **Scaling**: Horizontal scaling for parallel test execution\n\n### 🚀 Quick Start\n\n```bash\n# Build and deploy Chrome Runner\n./scripts/build-chrome.sh --push\ndocker-compose -f docker/docker-compose.chrome.yml up -d\n\n# Scale for parallel testing\ndocker-compose -f docker/docker-compose.chrome.yml up -d --scale chrome-runner=3\n```\n\n### 📝 Use in GitHub Actions\n\n```yaml\njobs:\n  ui-tests:\n    runs-on: [self-hosted, chrome, ui-tests]\n    steps:\n      - uses: actions/checkout@v4\n      - name: Run Playwright tests\n        run: npx playwright test\n      - name: Run Cypress tests\n        run: npx cypress run\n```\n\n### 🔧 Configuration\n\n```bash\n# Chrome Runner specific environment\nCHROME_RUNNER_LABELS=chrome,ui-tests,browser\nHEADLESS_CHROME=true\nCHROME_SANDBOX=false\n```\n\n📚 **Full Documentation**: [Chrome Runner Wiki](https://github.com/GrammaTonic/github-runner/wiki/Chrome-Runner)\n\n## 🤖 Automated Dependency Management\n\n**Zero-touch dependency updates with Dependabot automation.**\n\n### ✨ Features\n\n- ✅ **Auto-Merge**: Automatically approves and merges Dependabot PRs after CI passes\n- ✅ **Auto-Rebase**: Hourly checks keep out-of-date PRs current for sequential merging\n- ✅ **CI Validation**: All updates require passing builds, tests, and security scans\n- ✅ **Weekly Schedule**: Monday 09:00 dependency checks (github-actions, docker)\n- ✅ **Zero Human Intervention**: Complete automation from PR creation to merge\n\n### 🔄 Automated Workflow\n\n1. **Monday 09:00** - Dependabot creates PRs for github-actions and docker updates\n2. **Auto-Approve** - Workflow automatically approves PRs\n3. **CI Validation** - Full test suite, builds, and security scans run\n4. **Auto-Merge** - First PR passes and merges automatically\n5. **Auto-Rebase** - Hourly workflow rebases remaining out-of-date PRs\n6. **Sequential Merge** - PRs merge one-by-one as CI passes\n\n### 📊 Benefits\n\n- **Time Savings**: ~10 hours/year on dependency management\n- **Security**: Updates applied within hours of release\n- **Quality**: All updates validated by full CI/CD pipeline\n- **Reliability**: Automatic rebase prevents \"ahead\" branch issues\n\n📚 **Configuration**: See [`.github/dependabot.yml`](.github/dependabot.yml) and workflows in [`.github/workflows/`](.github/workflows/)\n\n## ⚡ Performance Optimizations\n\n**BuildKit cache mounts and multi-stage builds for 50-70% faster builds.**\n\n### 🚀 Performance Results\n\n| Runner Type     | Build Time | Improvement | Image Size | Reduction |\n| --------------- | ---------- | ----------- | ---------- | --------- |\n| **Standard**    | 19s        | 96% faster  | ~1.8GB     | 17% smaller |\n| **Chrome**      | 24s        | 99% faster  | ~4.1GB     | Optimized |\n| **Chrome-Go**   | 4m 34s     | 48% faster  | ~4.5GB     | Optimized |\n\n### ✨ Optimizations\n\n- ✅ **BuildKit Cache Mounts**: apt, npm, and download caches persist across builds\n- ✅ **Multi-Stage Builds**: Standard runner separates build and runtime dependencies\n- ✅ **Cross-Branch Caching**: Feature branches leverage develop/main cache\n- ✅ **100% Cache Hit Rate**: Unchanged dependencies never re-downloaded\n- ✅ **985MB Bandwidth Saved**: Per rebuild with cache hits\n\n### 📊 Impact\n\n- **First Build**: Normal download times (establishes cache)\n- **Subsequent Builds**: 50-70% faster with cache hits\n- **Annual Savings**: ~118 hours build time, ~3.6TB bandwidth\n- **CI Efficiency**: Faster feedback loops, reduced resource usage\n\n📚 **Full Analysis**: See [docs/PERFORMANCE_RESULTS.md](docs/PERFORMANCE_RESULTS.md)\n\n## 📁 Project Structure\n\n```\ngithub-runner/\n├── .github/              # GitHub Actions workflows\n├── cache/                # Local cache directories\n├── config/               # Configuration templates\n├── docker/               # Container configurations\n├── docs/                 # Documentation\n├── monitoring/           # Health checks and monitoring\n├── scripts/              # Automation scripts\n└── README.md            # This file\n```\n\n## ⚙️ Configuration\n\n### Runner Configuration\n\nEdit `config/runner.env`:\n\n| Variable             | Description                 | Example              | Required |\n| -------------------- | --------------------------- | -------------------- | -------- |\n| `GITHUB_TOKEN`       | GitHub PAT with repo access | `ghp_xxxxxxxxxxxx`   | ✅       |\n| `GITHUB_REPOSITORY`  | Target repository           | `owner/repo`         | ✅       |\n| `RUNNER_NAME_PREFIX` | Prefix for runner names     | `runner`             | ❌       |\n| `RUNNER_LABELS`      | Custom runner labels        | `self-hosted,docker` | ❌       |\n| `ENVIRONMENT`        | Environment designation     | `production`         | ❌       |\n\n### Build Configuration\n\nThe build system uses environment variables or defaults:\n\n```bash\n# Override registry settings if needed\nexport DOCKER_REGISTRY=ghcr.io\nexport DOCKER_NAMESPACE=grammatonic\n\n# Build with custom settings\n./scripts/build.sh --push\n```\n\n## 🚀 Deployment\n\n### Local Development\n\n```bash\n# Start with basic configuration (choose runner type)\ndocker compose -f docker/docker-compose.production.yml up -d\n```\n\n### Production Deployment\n\n```bash\n# Install Docker (if needed)\ncurl -fsSL https://get.docker.com | sh\n\n# Clone and configure\ngit clone https://github.com/GrammaTonic/github-runner.git\ncd github-runner\ncp config/runner.env.example config/runner.env\n# Edit config/runner.env with your settings\n\n# Deploy standard runners\ndocker compose -f docker/docker-compose.production.yml up -d\n\n# Or deploy Chrome runners for UI testing\ndocker compose -f docker/docker-compose.chrome.yml up -d\n```\n\n## 📊 Monitoring\n\n### Health Checks\n\n```bash\n# Check runner health\ncurl http://localhost:8080/health\n\n# Prometheus metrics\ncurl http://localhost:9090/metrics\n\n# Grafana dashboard\nopen http://localhost:3000\n```\n\n## 🔧 Maintenance\n\n### Scaling\n\n```bash\n# Scale up\ndocker compose -f docker/docker-compose.yml up -d --scale runner=5\n\n# Scale down\ndocker compose -f docker/docker-compose.yml up -d --scale runner=1\n```\n\n### Updates\n\n```bash\n# Pull latest images\ndocker compose -f docker/docker-compose.yml pull\n\n# Restart services\ndocker compose -f docker/docker-compose.yml up -d\n```\n\n## 🐛 Troubleshooting\n\n### Common Issues\n\n**Runner not appearing in GitHub:**\n\n```bash\n# Check logs\ndocker compose logs runner\n\n# Verify token permissions\n# Token needs 'repo' scope for private repos\n```\n\n**High resource usage:**\n\n```bash\n# Monitor resources\ndocker stats\n\n# Adjust compose file resource limits if needed\n# Edit docker/docker-compose.production.yml or docker/docker-compose.chrome.yml\n```\n\n### Debug Mode\n\n```bash\n# Enable debug logging\necho \"RUNNER_DEBUG=1\" \u003e\u003e config/runner.env\n\n# Restart runners\ndocker compose logs -f runner\n```\n\n## 🔒 Security\n\nThis project includes comprehensive security scanning and monitoring:\n\n### Automated Security Scanning\n\n- **Weekly Vulnerability Scans**: Automated Trivy scans every Monday\n- **Multi-Target Analysis**: Filesystem, container, and Chrome runner scanning\n- **GitHub Security Integration**: Results uploaded to Security tab (not cluttering issues)\n- **SARIF Format**: Rich vulnerability data with remediation guidance\n\n### Security Features\n\n- **Container Security**: Regular base image updates and vulnerability patches\n- **Dependency Scanning**: Automated detection of vulnerable packages\n- **Secret Management**: Secure token handling and environment isolation\n- **Security Policies**: Defined security standards and response procedures\n\n### Viewing Security Results\n\n1. **Security Tab**: Go to repository's Security tab → Code scanning\n2. **Workflow Artifacts**: Download detailed reports from Actions → Security Advisory Management\n3. **Weekly Summaries**: Automated summary reports with priority actions\n\n### Security Documentation\n\n- 📋 [Security Advisory Workflow](docs/features/SECURITY_ADVISORY_WORKFLOW.md)\n- 🔄 [Security Migration Guide](docs/features/SECURITY_WORKFLOW_MIGRATION.md)\n- 🛡️ [Security Policy](.github/SECURITY.md)\n\n**Note**: Security vulnerabilities are managed through GitHub's Security tab, not through GitHub Issues, keeping your project issues clean and organized.\n\n## 🆘 Support\n\n- 📖 [Documentation](docs/)\n- 📊 [Version Overview](docs/VERSION_OVERVIEW.md) - Comprehensive version tracking and security status\n- ⚙️ [GitHub Actions Workflows](.github/WORKFLOWS.md)\n- 🐛 [Issue Tracker](https://github.com/GrammaTonic/github-runner/issues)\n- 💬 [Discussions](https://github.com/GrammaTonic/github-runner/discussions)\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](docs/community/CONTRIBUTING.md) for details.\n\n### Development Setup\n\n```bash\n# Fork and clone\ngit clone https://github.com/yourusername/github-runner.git\ncd github-runner\n\n# Switch to develop branch (integration branch)\ngit checkout develop\ngit pull origin develop\n\n# Create feature branch from develop\ngit checkout -b feature/amazing-feature\n\n# Make changes and test\nmake test\n\n# Submit pull request to develop branch\n```\n\n**Important**: All regular development work should be done on feature branches created from `develop` and merged into `develop` via pull requests. Never commit directly to `main`. Hotfixes may be created from `main` when necessary and must be merged back into `develop` afterwards.\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🙏 Acknowledgments\n\n- GitHub Actions team for the self-hosted runner API\n- Docker community for containerization best practices\n- Prometheus and Grafana teams for monitoring solutions\n\n---\n\n⭐ If this project helps you, please consider giving it a star on GitHub!\n\n# Test commit to trigger CI/CD\n\n# Documentation Parity Update (2025-09-10)\n\n## 📝 Recent Improvements\n\n- Playwright screenshot artifact upload now copies from container to host for reliable CI/CD artifact collection\n- Image verification added for both Chrome and normal runners in CI/CD workflows\n- Diagnostics and health checks improved for runner startup and container validation\n- Chrome runner documentation updated for Playwright, Cypress, Selenium, and browser automation best practices\n- Normal runner Dockerfile and entrypoint improved for diagnostics and healthcheck reliability\n- All documentation blocks, examples, and API docs synced with latest code and workflow changes\n\nSee [docs/README.md](docs/README.md) and [docs/chrome-runner.md](docs/chrome-runner.md) for full details.\n","funding_links":["https://github.com/sponsors/GrammaTonic","https://buymeacoffee.com/grammatonic"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrammatonic%2Fgithub-runner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrammatonic%2Fgithub-runner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrammatonic%2Fgithub-runner/lists"}