Posted inDocker

Build Your Own GitHub Actions Runner with Docker: Fast, Secure, and 100% Cost-Effective

Docker tutorial - IT technology blog
Docker tutorial - IT technology blog

Deploy Your First Runner in 5 Minutes

Need a “homegrown” CI/CD machine immediately? With just a few Docker commands, you can turn your personal laptop or a $5/month VPS into a powerful assistant for GitHub Actions. I assume you already have Docker installed.

Step 1: Get the Token from GitHub

First, issue a “passport” for your runner:

  1. Open your Repository on GitHub.
  2. Navigate to Settings > Actions > Runners.
  3. Click New self-hosted runner and select the Linux operating system.
  4. Copy the TOKEN code at the end of the configuration command. Skip those tedious .tar.gz download commands; we’ll be using Docker.

Step 2: Activate the Docker Container

Instead of manual installation, we’ll use a highly optimized community Image. Open your Terminal and paste the following command:

docker run -d --restart always --name github-runner \
  -e REPO_URL="https://github.com/user/your-repo" \
  -e RUNNER_NAME="docker-runner-01" \
  -e RUNNER_TOKEN="YOUR_TOKEN_HERE" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  myoung34/github-runner:latest

Go back to the Settings tab in your browser. If you see the green Idle dot appear, congratulations, you’ve succeeded!

Why Should You Switch to a Self-hosted Runner?

By default, GitHub grants each Free account about 2,000 build minutes per month on their virtual machines. It sounds like a lot, but it runs out quickly if you run tests continuously. Here are 3 reasons why I decided to build my own runner:

  • Bypass Limits: No more worrying about the 2,000-minute quota. You can build 24/7 without spending an extra dime.
  • Significant Speed Boost: GitHub VMs usually only have 2 vCPUs and 7GB of RAM. In my Java project tests, build time dropped from 12 minutes to 4 minutes when running on a private server with an NVMe drive.
  • Internal Network Access: You can deploy directly to databases or servers within your LAN/VPC without exposing ports to the Internet.

Why Docker Instead of Bare-metal?

Installing the runner directly onto the operating system (Bare-metal) is the fastest way to turn your server into a “junk yard.” After dozens of builds, leftover libraries and temporary files will consume your entire hard drive.

Using Docker provides three vital advantages:

1. Always a Clean Environment

Every time you restart the container, you get a fresh environment. The “it works on my machine but not on the server” issue caused by Node.js or Python version conflicts will completely disappear.

2. Instant Scalability

When a project hits peak periods with dozens of Pull Requests daily, you just need to increase the number of containers. The system will automatically balance the load without needing a fresh configuration.

3. The Magic of Docker-in-Docker (DinD)

Thanks to the /var/run/docker.sock mapping, the runner inside the container can control the host’s Docker. This allows you to build, tag, and push other Docker Images as smoothly as if you were working directly on the host.

Professional Management with Docker Compose

Typing docker run repeatedly is time-consuming. Let’s wrap the configuration into a docker-compose.yml file for easier management and backups.

version: '3.8'
services:
  runner:
    image: myoung34/github-runner:latest
    restart: always
    environment:
      - REPO_URL=https://github.com/your-org/your-repo
      - RUNNER_TOKEN=ABC123XYZ
      - RUNNER_NAME=prod-runner
      - RUNNER_LABELS=linux,docker,high-perf
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./runner-data:/data # Cache data to speed up subsequent builds

Just run docker-compose up -d, and everything will operate stably automatically.

“Hard-won” Experience from Real-world Operation

After maintaining a runner system for over a year, I’ve gathered 3 important lessons:

1. Don’t Let Your Hard Drive Drown in Junk

Every time you build a Docker image, old layers accumulate quickly. One week I forgot to check, and my 100GB drive was full after just 3 days. Set up a cronjob to run docker system prune -f at 3 AM daily for automatic cleanup.

2. Security Warning for Public Repos

Special Note: Never use self-hosted runners for Public projects. Malicious actors can create Pull Requests containing harmful code (like rm -rf /) and your runner will execute it right on your home server. Use it for Private Repos only.

3. Smart Labeling

To assign the correct runner to each job, use Labels in your .github/workflows/main.yml workflow file:

jobs:
  deploy:
    runs-on: [self-hosted, high-perf]
    steps:
      - uses: actions/checkout@v3
      - name: Build App
        run: docker build -t my-app .

Operating your own runner might seem like a lot of work initially, but the freedom and performance it brings are well worth it. I hope this guide helps you optimize your CI/CD process more effectively.

Share:
Tags: