Mastering GitHub Actions and Runners: A Comprehensive Guide

Raja NagoriRaja Nagori
4 min read

Table of contents

Alright, so imagine GitHub Actions and GitHub Runners as two main actors in a movie called "GitHub" – kind of like the dynamic duo Jai and Veeru from Sholay. These two have been fantastic for me, especially when it comes to my open-source tool, Nightingale: Docker for Pentesters.

Recently, I got invited by Dhiraj Beri for a collaboration on his Geeks@TWB community. Instead of focusing on security, I decided to share my development experience. I've been using GitHub Actions and Runners for several months now, and let me tell you, they've been absolute game-changers. They've drastically reduced the manual work I used to put into creating Docker images locally, building them, and pushing them to GitHub packages.

One thing to note is that with a free GitHub account, you have some limitations in terms of running and creating Docker images due to the resource constraints provided by GitHub. But even with those limitations, GitHub Actions and Runners have made my workflow much smoother.

Before I dive deeper, let me explain what GitHub Actions and Runners actually are.

Github Action

Don't know Action? No Problem, here is the information iykyk :P

They’re really powerful for automating tasks directly in your GitHub repositories. Basically, with GitHub Actions, you can set up workflows that handle things like building, testing, and deploying your code automatically. These workflows can be triggered by different events, like when you push code, open a pull request, or even on a schedule.

Github Runner

Now, about GitHub Runners. These are the environments where your GitHub Actions actually run. Think of them as the servers doing all the work behind the scenes. There are two types of runners: GitHub-hosted runners, which GitHub manages for you, and self-hosted runners, which you can set up on your own infrastructure. The cool thing about self-hosted runners is that they give you more flexibility and control over the environment your workflows run in.

Setting Up a GitHub Runner

Creating a Repository To begin, create a new repository on GitHub or use an existing one where you want to set up GitHub Actions.

Adding a GitHub Runner

  1. Navigate to your repository on GitHub.

  2. Go to the "Actions" tab.

  3. Click on "Set up a workflow yourself" or choose from templates.

  4. Add a new runner by following the setup instructions provided, whether it's a GitHub-hosted runner or a self-hosted runner.

Creating a GitHub Action Workflow

Understanding YAML Files GitHub Actions workflows are defined in YAML files stored in .github/workflows directory in your repository. The structure includes defining events (on), jobs (jobs), and steps (steps) that outline the tasks to be executed.

Hit here for an example of how I use both Github Hosted Runner for main branch and Self Hosted Runner for my development branch

  • If you use Github Hosted runner - YAML

  • If you use Self Hosted runner - YAML

In general

  • If you want to use the Github Hosted Runner
name: CI

on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest //Github Hosted Runner

    steps:
    - uses: actions/checkout@v2
    - name: Set up Node.js
      uses: actions/setup-node@v2
      with:
        node-version: '14'
    - name: Install dependencies
      run: npm install
    - name: Run tests
      run: npm test
  • If you want to use the Self Hosted Runner
name: CI

on: [push, pull_request]

jobs:
  build:
    runs-on: self-hosted //self Hosted Runner (you can put name of your choice while setup the runner in your machine)

    steps:
    - uses: actions/checkout@v2
    - name: Set up Node.js
      uses: actions/setup-node@v2
      with:
        node-version: '14'
    - name: Install dependencies
      run: npm install
    - name: Run tests
      run: npm test

Setup Self Hosted Github Runner

  • Create a repository

  • Head up to Settings tab.

  • Click on New self-hosted runner.

  • Select the choice of your Operating System.

  • And follow the command, shared by the runner respective of OS.

My 2-cents on using Github Action and Github Runner

Alright, let me tell you why using GitHub Actions and GitHub Runners together is such a great idea.

  • Seamless Integration:

    • You know how GitHub Actions are built right into your GitHub repositories? This makes it super easy to set up and automate your workflows without needing any external CI/CD tools.

  • Flexibility and Customization

    • The cool thing about GitHub Actions is that you can customize your workflows a lot. And with GitHub Runners, you have the choice of using GitHub-hosted or self-hosted runners, so you can pick the environment that works best for you.

  • Scalability

    • If you use GitHub-hosted runners, they can automatically scale to handle your workload. This means your tasks get processed quickly without you having to worry about managing any infrastructure. Only applicable, if you are using GitHub enterprise version.

  • Security

    • When you use self-hosted runners, you have complete control over the security of your environment. This is great for sensitive projects where you need to ensure everything meets your security standards.

  • Speed and Performance

    • GitHub Actions and Runners allow for parallel execution and matrix builds. This means you can run multiple jobs at the same time across different environments, speeding up your CI/CD processes significantly.
1
Subscribe to my newsletter

Read articles from Raja Nagori directly inside your inbox. Subscribe to the newsletter, and don't miss out.

github-actionsgitlab-runnerci-cdSecurityDocker

Written by

Raja Nagori
Raja Nagori

Raja Nagori, Product Security Engineer at Splunk, leads the OWASP-Nightingale tool, featured at Blackhat Arsenal ASIA, OWASP Global AppSec EU, and other prestigious events. His expertise includes Web and Network Penetration Testing, Threat Modeling, and Dev-Sec-Ops. Raja is passionate about knowledge sharing, frequently delivering talks at OWASP and enjoying guitar and bike trips in his spare time.