This gist gives instructions for running the github action runners in kubernetes. It uses the evryfs project here
The operator communicates with GitHub in order to determine available jobs and execute workflow on runners. Authentication to GitHub is available using the following modes:
As a GitHub app. This is the preferred mode as it provides enhanced security and increased API quota, and avoids exposure of tokens to runner pods.
Follow the guide for creating GitHub applications. There is no need to define a callback url or webhook secret as they are not used by this integration.
Depending on whether the GitHub application will operate at a repository or organization level, the following permissions must be set:
Repository level
- Actions - Read/Write
- Administration - Read/Write
Organization level
- Self Hosted Runners - Read/Write
Once the GitHub application has been created, obtain the integration ID and download the private key.
A Github application can only be used by injecting environment variables into the Operator deployment. It is recommended that credentials be stored as Kubernetes secrets and then injected into the operator deployment.
Create a secret called github-runner-app by executing the following command in the namespace containing the operator:
kubectl create secret generic github-runner-app --from-literal=GITHUB_APP_INTEGRATION_ID=<Github App Id> --from-file=GITHUB_APP_PRIVATE_KEY=<Generated-key.pem>Now install the helm chart like so
helm repo add evryfs-oss https://evryfs.github.io/helm-charts/
kubectl create namespace github-actions-runner-operator
helm upgrade --install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator --set githubapp.integrationId=<Github App Id> --set githubapp.existingSecret=github-runner-app --set githubapp.enabled=true