Skip to content

Latest commit

 

History

History
90 lines (60 loc) · 4.53 KB

File metadata and controls

90 lines (60 loc) · 4.53 KB
title shortTitle intro versions type topics defaultPlatform
Authenticating to the GitHub API
Authenticating
Learn how to authenticate to the {% data variables.product.company_short %} API to use {% data variables.product.prodname_actions_runner_controller %} with {% data variables.product.github %}.
fpt ghec ghes
*
*
>= 3.9
overview
Actions Runner Controller
linux

Legal notice

Overview

You can authenticate {% data variables.product.prodname_actions_runner_controller %} (ARC) to the {% data variables.product.prodname_dotcom %} API by using a {% data variables.product.prodname_github_app %} or by using a {% data variables.product.pat_v1 %}.

Note

You cannot authenticate using a {% data variables.product.prodname_github_app %} for runners at the enterprise level. For more information, see "AUTOTITLE."

Authenticating ARC with a {% data variables.product.prodname_github_app %}

  1. Create a {% data variables.product.prodname_github_app %} that is owned by an organization. For more information, see "AUTOTITLE". Configure the {% data variables.product.prodname_github_app %} as follows.

    1. For "Homepage URL," enter https://github.com/actions/actions-runner-controller.

    2. Under "Permissions," click Repository permissions. Then use the dropdown menus to select the following access permissions.

      • Administration: Read and write

        [!NOTE] Administration: Read and write is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope.

      • Metadata: Read-only

    3. Under "Permissions," click Organization permissions. Then use the dropdown menus to select the following access permissions.

      • Self-hosted runners: Read and write

{% data reusables.actions.arc-app-post-install-steps %}

  1. In the menu at the top-left corner of the page, click Install app, and next to your organization, click Install to install the app on your organization.

  2. After confirming the installation permissions on your organization, note the app installation ID. You will use it later. You can find the app installation ID on the app installation page, which has the following URL format:

    https://{% data variables.product.product_url %}/organizations/ORGANIZATION/settings/installations/INSTALLATION_ID

{% data reusables.actions.arc-app-post-install-set-secrets %}

Authenticating ARC with a {% data variables.product.pat_v1 %}

ARC can use {% data variables.product.pat_v1_plural %} to register self-hosted runners.

{% ifversion ghec or ghes %}

Note

Authenticating ARC with a {% data variables.product.pat_v1 %} is the only supported authentication method to register runners at the enterprise level.

{% endif %}

  1. Create a {% data variables.product.pat_v1 %} with the required scopes. The required scopes are different depending on whether you are registering runners at the repository{% ifversion ghec or ghes %}, organization, or enterprise{% else %} or organization{% endif %} level. For more information on how to create a {% data variables.product.pat_v1 %}, see "AUTOTITLE."

    The following is the list of required {% data variables.product.pat_generic %} scopes for ARC runners.

    • Repository runners: repo
    • Organization runners: admin:org {% ifversion ghec or ghes %}
    • Enterprise runners: manage_runners:enterprise {% endif %}
  2. To create a Kubernetes secret with the value of your {% data variables.product.pat_v1 %}, use the following command.

    {% data reusables.actions.arc-runners-namespace %}

    kubectl create secret generic pre-defined-secret \
       --namespace=arc-runners \
       --from-literal=github_token='YOUR-PAT'
  3. In your copy of the values.yaml file, pass the secret name as a reference.

    githubConfigSecret: pre-defined-secret

    {% data reusables.actions.actions-runner-controller-helm-chart-options %}

Legal notice

{% data reusables.actions.actions-runner-controller-legal-notice %}