University of Bern
Dokumentationen
  1. Dokumentationen
  2. GitHub
  3. GitHub Actions
  4. Self-hosted Runner

Dokumentationen

Self-hosted Runner

Self-hosted Runner

The IT Services (ID) operate self-hosted runners for GitHub Actions, available for both GitHub Enterprise Server (GHES) and GitHub Enterprise Cloud (GHEC). They run on infrastructure managed by IT Services on Azure and enable workflows with access to University of Bern resources.

Technical foundation

The self-hosted runners are based on the GitHub Actions Runner Controller (ARC), a Kubernetes operator that provisions runners as scalable scale sets on an Azure Kubernetes Service (AKS) cluster.

Characteristics of the provided runners:

  • Each job runs in a fresh, isolated container (Docker-in-Docker mode).
  • Automatic scaling: The cluster starts additional runners as needed and terminates them after the job completes.
  • Internet and Azure connectivity is available.
  • Natively supports Docker-based jobs and services.

Availability

Platform Runner label Note
GHES (github.unibe.ch) uni-runner Available for all GHES organizations
GHEC (github.com) Organization-specific Depends on the respective organization; inquire with IT Services

For GHEC, a separate runner scale set is operated for each organization. The exact runner name for a given organization is available via the ServicePortal.

Usage in a workflow

GHES

jobs:
  build:
    runs-on: uni-runner
    steps:
      - uses: actions/checkout@v4
      - name: Build
        run: make build

GHEC (example)

jobs:
  deploy:
    runs-on: ub-runner   # Organization's runner name
    steps:
      - uses: actions/checkout@v4
      - name: Deploy
        run: ./deploy.sh

Runner image

The default image for the runners is maintained in the repository cloud-azure-ghrunner-image and is publicly accessible. It is based on the official ghcr.io/actions/actions-runner image and includes the following pre-installed tools:

Tool Description
Build Essentials gcc, make and other GNU base tools
wget, zstd Download and archiving tools
Azure CLI (az) For deployments on Microsoft Azure
Docker Compose For starting multi-container setups in jobs

The image is automatically rebuilt and published on every merge to the main branch.

Extending the image

If workflows require additional tools not included in the default image, there are two options:

Option 1 – Pull request (recommended for general needs):
A pull request can be opened in the repository cloud-azure-ghrunner-image to add the required packages or configurations to the Dockerfile. After review and merge by IT Services, the tool becomes available to all organizations.

Option 2 – Custom image:
A custom Docker image can be provided, either based on the default image or fully standalone. Contact IT Services via the ServicePortal to clarify the technical integration.

Dedicated runner with local network access

By default, the self-hosted runners do not have access to the local network of the University of Bern. If an organization requires workflows that need access to internal resources (e.g., internal databases, network drives, internal APIs), a dedicated runner with a fixed IP address and connection to the university network can be requested.

This runner:

  • is reserved exclusively for the requesting organization,
  • has a dedicated IP address integrated into the university's local network,
  • is configured and operated by IT Services.

Request: Open a ticket via the ServicePortal describing the use case and the required network access.