{"id":46410141,"url":"https://github.com/mt4110/ci-self-runner","last_synced_at":"2026-03-05T13:12:35.208Z","repository":{"id":339357418,"uuid":"1161450907","full_name":"mt4110/ci-self-runner","owner":"mt4110","description":"個人運用向け self-hosted CI runner kit for macOS。colima+docker+GitHub Actions を最短導入し、owner guard付きで verify を安全・再現的に実行する運用基盤。外部fork PRは拒否して事故を防止。運用を簡単化。安定運用。","archived":false,"fork":false,"pushed_at":"2026-02-27T10:12:15.000Z","size":666,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-27T15:40:19.195Z","etag":null,"topics":["go","self-hosted-runner","shell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mt4110.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-19T05:45:46.000Z","updated_at":"2026-02-27T10:12:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mt4110/ci-self-runner","commit_stats":null,"previous_names":["mt4110/ci-self-runner"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mt4110/ci-self-runner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mt4110%2Fci-self-runner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mt4110%2Fci-self-runner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mt4110%2Fci-self-runner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mt4110%2Fci-self-runner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mt4110","download_url":"https://codeload.github.com/mt4110/ci-self-runner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mt4110%2Fci-self-runner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30127438,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","self-hosted-runner","shell"],"created_at":"2026-03-05T13:12:34.472Z","updated_at":"2026-03-05T13:12:35.197Z","avatar_url":"https://github.com/mt4110.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# runner-kit (self-hosted runner + colima + docker)\n\nmacOS 向けの self-hosted runner 運用キットです。\n\n## 最短導線\n\n最初の1回だけ:\n\n```bash\ncd ~/dev/ci-self-runner\nbash ops/ci/install_cli.sh\n```\n\nCI対象リポジトリで（ローカル）:\n\n```bash\ncd ~/dev/maakie-brainlab\nci-self up\n```\n\n- `ci-self up` は `register + run-focus` を連続実行\n- `verify.yml` / PRテンプレートが無ければ自動雛形を生成\n- 雛形の生成はローカルファイル変更のみ（GitHub反映には commit/push が必要）\n- 対象リポジトリに `flake.nix` がある場合、runner マシンに `nix` の事前インストールが必要\n  - `ci-self` / `verify.yml` は `nix-daemon.sh` を自動読み込みして `nix` を検出（毎回の手動 `source` は不要）\n  - 既存の `verify.yml` が古い場合は `bash ops/ci/scaffold_verify_workflow.sh --repo \u003ctarget\u003e --apply --force` で更新\n\n## Mac mini ワンコマンド（推奨）\n\nMacBook から 1 コマンドで「鍵認証確認 -\u003e 同期 -\u003e Mac mini 実行 -\u003e 結果回収」まで行う:\n\n```bash\nci-self remote-ci --host \u003cuser\u003e@\u003cmac-mini-ip-or-host\u003e --project-dir '~/dev/maakie-brainlab' --repo mt4110/maakie-brainlab\n```\n\n`remote-ci` の実行内容:\n\n1. SSH 公開鍵認証（password禁止）を検証\n2. ローカル作業ツリーを Mac mini へ `rsync` 同期\n3. （repo指定時）runner bootstrap をベストエフォート実行\n4. Mac mini で `ops/ci/run_verify_full.sh` を実行\n5. `verify-full.status` と `out/logs` をローカル `out/remote/\u003chost\u003e/` に回収\n\n公開鍵未登録時は、`authorized_keys` 登録のヒントを出して停止します。\n\n補足:\n\n- `--host` は `ssh` の接続先文字列（`user@host` / IP / `~/.ssh/config` のHost別名）\n- `--project-dir` に `~` を使う場合は `--project-dir '~/\u003cpath\u003e'` のようにクオート\n- runner 初期化/復旧専用の旧導線は `ci-self remote-up`\n\n## さらに短縮する設定ファイル\n\n`ci-self` は `.ci-self.env` を自動読み込みします。\n\n作成:\n\n```bash\nci-self config-init\n```\n\n例:\n\n```env\nCI_SELF_REPO=mt4110/maakie-brainlab\nCI_SELF_REF=main\nCI_SELF_PROJECT_DIR=/Users/\u003cyou\u003e/dev/maakie-brainlab\nCI_SELF_REMOTE_HOST=\u003cyou\u003e@mac-mini.local\nCI_SELF_REMOTE_PROJECT_DIR=/Users/\u003cyou\u003e/dev/maakie-brainlab\nCI_SELF_PR_BASE=main\n```\n\n以後はオプションを減らして実行できます。\n\n## 主要コマンド\n\n- `ci-self up`: ローカル最短（register + run-focus）\n- `ci-self focus`: run-focus 後、PR未作成なら自動作成し checks を監視\n- `ci-self remote-ci`: 鍵必須・同期・Mac mini実行・結果回収を1コマンドで実行\n- `ci-self doctor --fix`: 依存/gh auth/colima/docker/runner_health を診断し可能な範囲で修復\n- `ci-self doctor --repo-dir \u003cpath\u003e`: `flake.nix` リポジトリの Nix 到達性も含めて診断\n- `ci-self remote-up`: SSH先で register + run-focus（同期しない旧導線）\n- `ci-self config-init`: `.ci-self.env` テンプレート生成\n\n注: `doctor --fix` は `gh auth login` だけは自動化できないため、未ログイン時は手動ログインが必要です。\n\n## 初回セットアップ（対象リポジトリ）\n\n```bash\n# 必須: ownerガード\ngh variable set SELF_HOSTED_OWNER -b \"$(gh repo view --json owner --jq .owner.login)\" -R \u003cowner/repo\u003e\n\n# 任意: 失敗通知\nprintf '%s' '\u003cdiscord-webhook-url\u003e' | gh secret set DISCORD_WEBHOOK_URL -R \u003cowner/repo\u003e\n\n# verify.yml が未作成なら（404回避）\nbash ops/ci/scaffold_verify_workflow.sh --repo ~/dev/\u003ctarget-repo\u003e --apply\n```\n\n## セキュリティ前提\n\n- 個人運用（single-owner）向け\n- self-hosted 実行は `SELF_HOSTED_OWNER` 一致時のみ許可\n- 外部コラボ / fork PR で使う場合は先に `docs/ci/SECURITY_HARDENING_TASK.md` を実施\n\n## 詳細\n\n- `docs/ci/QUICKSTART.md`\n- `docs/ci/RUNBOOK.md`\n- `docs/ci/SECURITY_HARDENING_TASK.md`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmt4110%2Fci-self-runner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmt4110%2Fci-self-runner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmt4110%2Fci-self-runner/lists"}