GitHub Community
Replies: 2 comments 1 reply
-
|
You could run the self-hosted agent in a Docker container, something like what is described in this article: https://dev.to/pwd9000/create-a-docker-based-self-hosted-github-runner-linux-container-48dh You'd host the container in Azure Container Apps and give it a managed identity that way: I ultimately moved away from self-hosted agents in favor of hosted agents with VNET integration, but I don't think it's possible to give those a managed identity. The main issue I had with running self-hosted agents in containers was the self-update didn't work for some reason. I ended up creating a workflow that would get the latest actions-runner version and redeploy the container with the latest version on a weekly basis. You also have to make sure your agent gets a unique name or it will fail to recreate when the container restarts or is updated with a new revision. Then you could have the issue where if a container gets stuck in a restart loop, you end up with 10k agents registered and I would run a script to delete those through the GitHub API. You're also paying for the container hosting whether you're running jobs or not, but that would also be the case with a VM generally. If I was going to run agents in a container again, I'd probably make sure they were ephemeral agents using Actions Runner Controller or something like that, but I haven't actually ever set that up. The easiest thing though is if you just have a VM lying around to run the agent on, that is on your VNET. We prefer not to have VMs in our cloud environment at all though. |
Beta Was this translation helpful? Give feedback.
-
|
Great solution @gburkecw! Nice work 😄 |
Beta Was this translation helpful? Give feedback.
-
|
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Hi! We'd like to add a test to our existing CI suite that tests authentication via Azure managed system identity. This requires, logically, that the test runs on one of the Azure services that support managed identity.
I know the default GH runners are running on Azure VMs. However, I don't think they have system identities enabled or exposed, have they?
Failing that, I assume we'd need self-hosted runners. There's a variety of articles on self-hosted Azure runners out there, with often conflicting advice. Does anyone have pointers on what the simplest and easiest to maintain setup might be?
Beta Was this translation helpful? Give feedback.
All reactions