Listen to this Post
GitHub Actions and workflows provide a powerful platform for automation and CI/CD pipelines. While GitHub offers free compute minutes on shared infrastructure, self-hosting runners can enhance control, security, and connectivity—especially when accessing private resources within AWS VPCs or internal networks.
Matheus das Mercês from PostNL demonstrates how to leverage self-hosted GitHub Actions runners on Amazon CodeBuild to securely execute pipelines while maintaining access to private resources.
You Should Know:
1. Setting Up Self-Hosted GitHub Runners on AWS
To deploy self-hosted runners on AWS, follow these steps:
- Launch an EC2 Instance or Use AWS CodeBuild:
Install dependencies on an EC2 Linux instance sudo apt update && sudo apt install -y docker.io git
2. Configure GitHub Runner:
- Navigate to your GitHub repo → Settings → Actions → Runners → New self-hosted runner.
- Follow the setup instructions:
mkdir actions-runner && cd actions-runner curl -o actions-runner-linux-x64-2.309.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.309.0/actions-runner-linux-x64-2.309.0.tar.gz tar xzf ./actions-runner-linux-x64-2.309.0.tar.gz ./config.sh --url https://github.com/your-repo --token YOUR_TOKEN ./run.sh
3. AWS CodeBuild Integration:
- Use AWS CodeBuild as a managed runner:
buildspec.yml for CodeBuild version: 0.2 phases: install: commands:</li> <li>echo "Installing GitHub Runner..." build: commands:</li> <li>./run.sh
2. Securing Private Resource Access
- VPC Endpoints: Ensure GitHub Actions can access AWS services privately.
aws ec2 create-vpc-endpoint --vpc-id YOUR_VPC_ID --service-name com.amazonaws.region.execute-api --route-table-ids YOUR_ROUTE_TABLE
- IAM Roles for CodeBuild:
aws iam attach-role-policy --role-name CodeBuildRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
3. Optimizing Workflows
Use `actions/checkout@v4` and custom steps:
jobs: build: runs-on: self-hosted steps: - uses: actions/checkout@v4 - run: | echo "Running on self-hosted runner" aws s3 ls private-bucket
What Undercode Say:
Self-hosted GitHub Actions runners on AWS provide better security, lower latency, and direct access to private resources. By integrating with CodeBuild and VPC endpoints, teams can maintain scalable, secure CI/CD pipelines without exposing internal systems.
Expected Output:
A fully automated, secure CI/CD pipeline using self-hosted GitHub Actions runners on AWS, capable of accessing private resources while minimizing exposure to public networks.
Reference:
Building Scalable CI/CD Pipelines with Self-Hosted GitHub Actions on Amazon CodeBuild
References:
Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
