GitHub runner
- Canonical IS DevOps
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 295 | Today | |
latest/stable | 290 | 11 Nov 2024 | |
latest/stable | 1 | 09 Feb 2022 | |
latest/beta | 290 | 11 Nov 2024 | |
latest/beta | 234 | 05 Aug 2024 | |
latest/edge | 300 | Today | |
latest/edge | 299 | Yesterday | |
latest/edge | 4 | 26 Apr 2022 | |
1/stable | 177 | 05 Jun 2024 | |
1/edge | 177 | 05 Jun 2024 |
juju deploy github-runner --channel beta
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
How to comply with repository policies
The charm enforces a set of best practice GitHub repository settings. Self-hosted runners managed by the charm will not run jobs on repositories not compliant with the practices. This will be opt-in in the future.
The repository settings are enforced with this Python library. The rules enforced are different depending on how the GitHub Actions workflow is triggered. The details can be found in the README.
In this guide, a recommended set of policies will be presented, but any set repository settings that passes the Python library checks will work with the self-hosted runners managed by this charm.
Recommended policy
- For outside collaborators the permission should be set to read. See here for instructions to change collaborator permissions. Outside collaborators will still be able to contribute with pull requests, but reviews will be needed. Details in a later section.
- Create the following branch protection rules, with the instructions here:
- branch name pattern matching only the default branch of the repository, such as
main
, with the follow enabled:Dismiss stale pull request approvals when new commits are pushed
Do not allow bypassing the above settings
- branch name pattern matching only the default branch of the repository, such as
With these settings, the common workflow of creating branches with pull requests and merging to the default branch is supported. Other GitHub Actions workflow triggers such as workflow_dispatch, push, and schedule are supported as well.
Working with outside collaborators
Contributions from outside collaborators (in the case where a repository is public) need to be handled slightly differently. As such, this charm requires pull requests by outside collaborators to be reviewed by someone with write
permission or above. Once the review is completed, the reviewer should add a comment including the following string: /canonical/self-hosted-runners/run-workflows <commit SHA>
, where <commit SHA>
is the commit SHA of the approved commit. Once posted, the self-hosted runners will run the workflow for this commit.