{"id":43985209,"url":"https://github.com/veertuinc/anka-actions-up","last_synced_at":"2026-02-07T09:34:36.869Z","repository":{"id":62850489,"uuid":"558030455","full_name":"veertuinc/anka-actions-up","owner":"veertuinc","description":"A GitHub Action for starting VMs with the Anka Build Cloud Controller","archived":false,"fork":false,"pushed_at":"2023-07-20T11:28:09.000Z","size":306,"stargazers_count":8,"open_issues_count":7,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-01T09:44:40.909Z","etag":null,"topics":["anka","ci-cd","controller","github-actions","macos","veertu"],"latest_commit_sha":null,"homepage":"https://veertu.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/veertuinc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2022-10-26T19:07:15.000Z","updated_at":"2025-05-27T13:18:41.000Z","dependencies_parsed_at":"2023-01-11T17:23:53.190Z","dependency_job_id":null,"html_url":"https://github.com/veertuinc/anka-actions-up","commit_stats":{"total_commits":10,"total_committers":4,"mean_commits":2.5,"dds":0.6,"last_synced_commit":"94c366388e3d8ac8f1f8bae93f4458c76ac7aa52"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/veertuinc/anka-actions-up","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veertuinc%2Fanka-actions-up","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veertuinc%2Fanka-actions-up/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veertuinc%2Fanka-actions-up/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veertuinc%2Fanka-actions-up/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/veertuinc","download_url":"https://codeload.github.com/veertuinc/anka-actions-up/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veertuinc%2Fanka-actions-up/sbom","scorecard":{"id":917939,"data":{"date":"2025-08-11","repo":{"name":"github.com/veertuinc/anka-actions-up","commit":"994face8d57b96d6832febc7c4150030ce1f7645"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/11 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/veertuinc/anka-actions-up/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:16","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/veertuinc/.github/SECURITY.md:1","Info: Found linked content: github.com/veertuinc/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/veertuinc/.github/SECURITY.md:1","Info: Found text in security policy: github.com/veertuinc/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T22:00:57.768Z","repository_id":62850489,"created_at":"2025-08-24T22:00:57.768Z","updated_at":"2025-08-24T22:00:57.768Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29191420,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T07:37:03.739Z","status":"ssl_error","status_checked_at":"2026-02-07T07:37:03.029Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anka","ci-cd","controller","github-actions","macos","veertu"],"created_at":"2026-02-07T09:34:36.803Z","updated_at":"2026-02-07T09:34:36.863Z","avatar_url":"https://github.com/veertuinc.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Anka Actions - Up\n\nThis action is mean to be used with [anka-actions-down](https://github.com/veertuinc/anka-actions-up). Please be sure to read this first.\n\n## Prerequisites\n\n1. Install the github runner inside of your VM. This can be done with [our installation script](https://github.com/veertuinc/getting-started/blob/master/GITHUB_ACTIONS/install.sh).\n\n2. Add your Github [PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) and add it to your repo under https://github.com/{USER/ORG}/{REPONAME}/settings/secrets/actions. Your PAT should have \"repo\" if using classic tokens. Also, the user with the PAT must be added as an Admin collaborator to the repository. Fine-grained are not supported at the time of writing this.\n\n### Inputs\n\n| input name                          | required? | description                                                                                                                     |\n|-------------------------------------|-------------|---------------------------------------------------------------------------------------------------------------------------------|\n| `gh-pat`                            | **yes** | Github personal access token (requires `repo` scope in order to be able to create/remove self-hosted runners in the repository). |\n| `controller-url`                    | **yes** | The Anka Build Cloud Controller's URL to communicate with.                                                                       |\n| `template-id`                       | **yes** | UUID of the Anka VM Template in the Anka Build Cloud Registry.                                                                  |\n| `template-tag`                      | no | Anka VM Template's Tag.                                                                                                          |\n| `template-runner-dir`               | no | The directory where the runner was installed. (default: /Users/anka/actions-runner) |\n| `gh-owner`                          | no | GitHub repository owner.                                                                                                         |\n| `gh-repository`                     | no | GitHub repository the github action runner will be attached to.                                                                  |\n| `gh-base-url`                       | no | GitHub Enterprise Server base url with /api/v3 on the end. At the moment only v3 is supported.                                                                           |\n| `controller-root-token`             | no | Anka Build Cloud Controller's Root Token used for authentication.                                                                |\n| `controller-tls-ca`                 | no | Anka Build Cloud Controller TLS certificate's CA (needed if controller TLS cert is self-signed).                                 |\n| `controller-https-skip-cert-verify` | no | Skip the Anka Build Cloud Controller's TLS certificate verification.                                                             |\n| `controller-auth-cert`              | no | Certificate to use for authorization with the Anka Build Cloud Controller.                                                     |\n| `controller-auth-cert-key`          | no | Private key to use for authorization with the Anka Build Cloud Controller.                                                       |\n| `controller-auth-cert-passphrase`   | no | The Auth Certificate's passphrase.                                                                                              |\n| `controller-http-poll-delay`        | no | Delay (in seconds) between the HTTP requests to the Anka Build Cloud Controller's API.                                           |\n| `job-ttl`                           | no | TTL (in seconds) after which job will be forced to stop (fails with error) (disable with `0`).                                   |\n| `group-id`                          | no | Anka Node Group ID (not name) to target for starting the VM.                                                                     |\n| `node-id`                           | no | Anka Node ID (not name) to target for starting the VM.                                                                           |\n| `vcpu`                              | no | The vCPUs to set before starting the Anka VM.                                                                                    |\n| `vram`                              | no | The ram to set before starting the Anka VM.                                                                                      |\n\n### Outputs\n\n| output name | description |\n| --- | --- |\n| `action-id` | This is a unique action identifier, it will be set as an External ID in the VM Instance and also as a label on the created Github action runner |\n\n## Usage\n\n```yaml\njobs:\n \n  action-up:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        id: action-up\n        with:\n          gh-pat: ${{ secrets.SERVICE_USER_PAT }}\n          template-id: '9690461a-02b5-412d-8778-dab4167743db'\n          controller-url: 'https://controller.mysite.com'\n    outputs:\n      action-id: ${{ steps.action-up.outputs.action-id }}\n\n  inside_vm_job:\n    needs: action-up\n    runs-on: [ self-hosted, \"${{ needs.action-up.outputs.action-id }}\" ]\n    steps:\n      - name: Inside VM Job\n        id: inside_vm_job\n        run: |\n          echo \"running on runner inside of VM (${{ needs.action-up.outputs.action-id }})\"\n          echo \"user: $USER\"\n          echo \"home: $HOME\"\n          \n  action_down:\n    if: always()\n    needs: [ action-up, inside_vm_job ]\n    runs-on: ubuntu-latest\n    steps:\n      - uses: veertuinc/anka-actions-down@v1\n        with:\n          action-id: ${{ needs.action-up.outputs.action-id }}\n          gh-pat: ${{ secrets.SERVICE_USER_PAT }}\n          controller-url: 'https://controller.mysite.com'\n```\n\n### Authenticating using [Certificate Authentication](https://docs.veertu.com/anka/anka-build-cloud/advanced-security-features/certificate-authentication/)\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          controller-url: 'https://controller.mysite.com'\n          controller-auth-cert-passphrase: 'secret'\n          controller-auth-cert: ${{ secrets.CONTROLLER_CERT }}\n          controller-auth-cert-key: ${{ secrets.CONTROLLER_KEY }}\n          controller-https-skip-cert-verify: true # only needed if using self-signed cert for HTTPS/TLS\n```\n\n### Authenticating using [RTA (Root Token Auth)](https://docs.veertu.com/anka/anka-build-cloud/advanced-security-features/token-authentication/#protecting-your-cloud-with-rta-root-token-auth)\n\nWe do not recommend this as it exposes your root token. The root token has access to absolutely everything permissions-wise.\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          controller-url: 'https://controller.mysite.com'\n          controller-root-token: ${{ secrets.ROOT_TOKEN }}\n```\n\n### Job TTL\n\nThe maximum seconds a job can run. If this TTL is reached it will stop and be marked as failed. It can be disabled with `0`. If not set, it will default to 5 minutes (300 seconds).\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          controller-url: 'https://controller.mysite.com'\n          job-ttl: 300\n```\n\n### Controller HTTP Poll Delay\n\nThis is a interval between requests to your Anka Build Cloud Controller's REST API. It can be disabled with `0`. If not set, it will default to 5 minutes (300 seconds).\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          . . .\n          controller-http-poll-delay: 5\n```\n\n### Modifying the VM Template\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          template-id: 'template id'\n          template-tag: 'template tag'\n          group-id: 'anka node group'\n          node-id: 'anka node id'\n          # NOTE: using \"vcpu\" and \"vram\" requires the stored template to be in stopped state\n          vcpu: 'number of vCPUs to set for the VM'\n          vram: 'amount of RAM in megabytes to set for the VM'\n```\n\n### Using with Github Enterprise Server\n\nWhen using with GitHub Enterprise Server, set `gh-base-url` to the root URL of the API.\nFor example, if your GitHub Enterprise Server's hostname is `github.acme-inc.com`,\nthen set `gh-base-url` to `https://github.acme-inc.com/api/v3`\n\n```yaml\n    steps:\n      - uses: veertuinc/anka-actions-up@v1\n        with:\n          . . .\n          gh-base-url: 'https://github.acme-inc.com/api/v3'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveertuinc%2Fanka-actions-up","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fveertuinc%2Fanka-actions-up","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveertuinc%2Fanka-actions-up/lists"}