github actions

GitHub Actions: Enterprise runners and fine-grained access settings with runner groups

Image of Joe Bourne

GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full control of the hardware, operating system, and installed software in your runner environment. We first enabled self-hosted runners with individual repositories. Then, we expanded controls to enable sharing runners across repositories and run-time selection of runners with organization runners and custom labeling.

Today, we’re excited to announce two new features that make it even easier to manage and secure self-hosted runners for your company:

  • Enterprise self-hosted runners are runners associated with your enterprise account, and enable resource sharing and management across your organizations.
  • Self-hosted runner groups put you in control of which organizations and repositories can use certain runners. This helps you ensure runners are used for their intended purpose, such as making GPUs available only to the projects that need them.

Enterprise self-hosted runners

Sharing runners across the organizations in your company is now easier than ever with enterprise runners, and their setup follows the same, simple process as that for setting up runners with your repository or organization.

Whether you’re programmatically registering runners through the API, or manually configuring the runner through the GitHub user interface, you’re now able to associate runners with your enterprise account. As always, each runner can be configured with custom labels to enable run-time selection of specific runners for specific jobs.

Screenshot of self-hosted runner groups

Self-hosted runner groups

With self-hosted runner groups, you no longer have to give specific repositories access to all your runners, even if those repositories only required access to a subset of those runners. Runner groups allow you to separate your runners, and to define unique access settings for each group. Runner groups are available in your enterprise accounts, or organizations on a Github Enterprise plan.

Screenshot of UI for adding new runners / groups

For groups created in an enterprise account, access settings will control which organizations can use the runners in that group. You can opt to open the group to all organizations in the account, or only to a selected list. Access settings will work similarly for groups created in an organization, and will control which repositories can use the runners in a group.

Combine runner groups with custom labels for maximum control and flexibility. Keep a set of runners separate for doing production deployment, private projects separate from public, or make GPUs available only to the projects that need them.

Screenshot showing runner lists

Get Started and Learn More

If you’re brand new to GitHub Actions and are looking for ways to learn more or get started, head over to lab.github.com to find great, self-paced learning courses like GitHub Actions: Hello World.

Learn more about enterprise runners and runner groups:

To see what else is coming up for Actions and to provide feedback directly to the product team, head over to the GitHub Roadmap.

From the Actions team, happy workflow automating, everybody!