GARO is an experimental serverless (AWS Lambda) API for running GitHub Action runners in self-hosted, ephemeral EC2 instances.
The garo client will start up an instance and wait for it to be active.
See the client README for details and an example.
There are also the workflows here which use this tool.
Requirements for garo client (or direct API use)
- subnets with external internet access (recommend via a NAT gateway)
- security group for the runner instances
- 2x IAM roles (see terraform_module for these)
- role for assuming from API (with random external ID added as a condition)
- role for instances to use (allow assume from the first role)
- PAT in SSM (
/github/runner/pat) with repo write access (for adding runners to a repo) - Params in GitHub secrets / environment variables (recommend using GitHub Environments with branch protections)
See the development documentation.