GitHub runner

  • Canonical IS DevOps
Channel Revision Published Runs on
latest/stable 295 Today
Ubuntu 22.04 Ubuntu 20.04
latest/stable 290 11 Nov 2024
Ubuntu 22.04 Ubuntu 20.04
latest/stable 1 09 Feb 2022
Ubuntu 22.04 Ubuntu 20.04
latest/beta 290 11 Nov 2024
Ubuntu 22.04
latest/beta 234 05 Aug 2024
Ubuntu 22.04
latest/edge 300 Today
Ubuntu 22.04 Ubuntu 20.04
latest/edge 299 Yesterday
Ubuntu 22.04 Ubuntu 20.04
latest/edge 4 26 Apr 2022
Ubuntu 22.04 Ubuntu 20.04
1/stable 177 05 Jun 2024
Ubuntu 22.04
1/edge 177 05 Jun 2024
Ubuntu 22.04
juju deploy github-runner --channel 1/stable
Show information

Platform:

Ubuntu
22.04 20.04

How to restrict self-hosted runner network access

The denylist configuration can be used to restrict network access for self-hosted runners.

This can be employed to prevent self-hosted runners from accessing the network on the Juju machine. Generally, all IPv4 local addresses should be included in the denylist:

  • 0.0.0.0/8
  • 10.0.0.0/8
  • 100.64.0.0/10
  • 127.0.0.0/8
  • 169.254.0.0/16
  • 172.16.0.0/12
  • 192.0.0.0/24
  • 192.0.2.0/24
  • 192.88.99.0/24
  • 192.168.0.0/16
  • 198.18.0.0/15
  • 198.51.100.0/24
  • 203.0.113.0/24
  • 224.0.0.0/4
  • 233.252.0.0/24
  • 240.0.0.0/4

Additionally, include any IPv4 address or CIDR block that the runner should not have access to on the denylist.


Help improve this document in the forum (guidelines). Last updated 8 months ago.