title | shortTitle | intro | versions | type | topics | defaultPlatform | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Authenticating to the GitHub API |
Authenticating |
Learn how to authenticate to the {% data variables.product.company_short %} API to use {% data variables.product.prodname_actions_runner_controller %} with {% data variables.product.github %}. |
|
overview |
|
linux |
You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}.
Note
You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "AUTOTITLE."
-
Create a {% data variables.product.prodname_github_app %} that is owned by an organization. For more information, see "AUTOTITLE". Configure the {% data variables.product.prodname_github_app %} as follows.
-
For "Homepage URL," enter
https://github.com/actions/actions-runner-controller
. -
Under "Permissions," click Repository permissions. Then use the dropdown menus to select the following access permissions.
-
Administration: Read and write
[!NOTE]
Administration: Read and write
is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. -
Metadata: Read-only
-
-
Under "Permissions," click Organization permissions. Then use the dropdown menus to select the following access permissions.
- Self-hosted runners: Read and write
-
{% data reusables.actions.arc-app-post-install-steps %}
-
In the menu at the top-left corner of the page, click Install app, and next to your organization, click Install to install the app on your organization.
-
After confirming the installation permissions on your organization, note the app installation ID. You will use it later. You can find the app installation ID on the app installation page, which has the following URL format:
https://{% data variables.product.product_url %}/organizations/ORGANIZATION/settings/installations/INSTALLATION_ID
{% data reusables.actions.arc-app-post-install-set-secrets %}
ARC can use {% data variables.product.pat_v1_plural %} to register self-hosted runners.
{% ifversion ghec or ghes %}
Note
Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level.
{% endif %}
-
Create a {% data variables.product.pat_v1 %} with the required scopes. The required scopes are different depending on whether you are registering runners at the repository{% ifversion ghec or ghes %}, organization, or enterprise{% else %} or organization{% endif %} level. For more information on how to create a {% data variables.product.pat_v1 %}, see "AUTOTITLE."
The following is the list of required {% data variables.product.pat_generic %} scopes for ARC runners.
- Repository runners:
repo
- Organization runners:
admin:org
{% ifversion ghec or ghes %} - Enterprise runners:
manage_runners:enterprise
{% endif %}
- Repository runners:
-
To create a Kubernetes secret with the value of your {% data variables.product.pat_v1 %}, use the following command.
{% data reusables.actions.arc-runners-namespace %}
kubectl create secret generic pre-defined-secret \ --namespace=arc-runners \ --from-literal=github_token='YOUR-PAT'
-
In your copy of the
values.yaml
file, pass the secret name as a reference.githubConfigSecret: pre-defined-secret
{% data reusables.actions.actions-runner-controller-helm-chart-options %}
{% data reusables.actions.actions-runner-controller-legal-notice %}