From facac8474ea0ac547954a89c6b80206c54a5cae5 Mon Sep 17 00:00:00 2001 From: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Date: Thu, 16 Oct 2025 10:49:10 +0100 Subject: [PATCH 1/7] Adds workflow for assigning DIY docs PR/issues openers to their creators (#57995) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/assign-diy-docs.yml | 30 +++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/assign-diy-docs.yml diff --git a/.github/workflows/assign-diy-docs.yml b/.github/workflows/assign-diy-docs.yml new file mode 100644 index 000000000000..ca9b04ea6a9e --- /dev/null +++ b/.github/workflows/assign-diy-docs.yml @@ -0,0 +1,30 @@ +name: Assign DIY docs issues + +on: + issues: + types: labeled + workflow_call: + +permissions: + contents: read +jobs: + assign_diy_docs_issues: + name: Assign issues labelled with "DIY docs" to the issue creator + if: >- + github.repository_owner == 'github' && github.repository != 'github/docs' && + github.event.label.name == 'DIY docs' + runs-on: ubuntu-latest + steps: + - name: Assign to creator + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd + with: + script: | + const item = context.payload.issue; + const creator = item.user.login; + const issueNumber = item.number; + await github.rest.issues.addAssignees({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issueNumber, + assignees: [creator] + }); From 7655f31c565a83af5d2e2917a27fbe8ae936a86b Mon Sep 17 00:00:00 2001 From: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Date: Thu, 16 Oct 2025 11:39:11 +0100 Subject: [PATCH 2/7] Revert "Adds workflow for assigning DIY docs PR/issues openers" (#58018) --- .github/workflows/assign-diy-docs.yml | 30 --------------------------- 1 file changed, 30 deletions(-) delete mode 100644 .github/workflows/assign-diy-docs.yml diff --git a/.github/workflows/assign-diy-docs.yml b/.github/workflows/assign-diy-docs.yml deleted file mode 100644 index ca9b04ea6a9e..000000000000 --- a/.github/workflows/assign-diy-docs.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Assign DIY docs issues - -on: - issues: - types: labeled - workflow_call: - -permissions: - contents: read -jobs: - assign_diy_docs_issues: - name: Assign issues labelled with "DIY docs" to the issue creator - if: >- - github.repository_owner == 'github' && github.repository != 'github/docs' && - github.event.label.name == 'DIY docs' - runs-on: ubuntu-latest - steps: - - name: Assign to creator - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd - with: - script: | - const item = context.payload.issue; - const creator = item.user.login; - const issueNumber = item.number; - await github.rest.issues.addAssignees({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: issueNumber, - assignees: [creator] - }); From 39d1e86e983f32ab88c7d5277e14fd2b41afb874 Mon Sep 17 00:00:00 2001 From: Dylan Whitehead Date: Thu, 16 Oct 2025 08:38:08 -0400 Subject: [PATCH 3/7] Create docs-internal PR for Early Access preview (#57965) Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> From 5937c378c6eaa9e5b1631e6221b5e59a2a266a88 Mon Sep 17 00:00:00 2001 From: a1exmozz <187176404+a1exmozz@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:08:08 +0100 Subject: [PATCH 4/7] Update preview docs w/ user-initiated interaction and code acceptance activity count info (#57983) From 27ac28536282ac971c00413e1391ab40f042e9ff Mon Sep 17 00:00:00 2001 From: a1exmozz <187176404+a1exmozz@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:09:18 +0100 Subject: [PATCH 5/7] Add last_known_ide_version definition in metrics definition (#57984) From f76cddb5446214787d20905064990225ce65f4a6 Mon Sep 17 00:00:00 2001 From: a1exmozz <187176404+a1exmozz@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:10:28 +0100 Subject: [PATCH 6/7] Add documentation/FAQ clarifying metrics are only from IDE telemetry (#57985) From b52f875ef278c5589352c61141ff5c9e0cf6744d Mon Sep 17 00:00:00 2001 From: Steve-Glass <84886334+Steve-Glass@users.noreply.github.com> Date: Thu, 16 Oct 2025 10:15:38 -0400 Subject: [PATCH 7/7] Actions Docs Clarification (#57400) Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../concepts/runners/github-hosted-runners.md | 4 +- .../concepts/runners/support-for-arc.md | 2 +- .../deploy-runner-scale-sets.md | 66 +++++++++++-------- .../quickstart.md | 3 - .../network-details-for-ghecom.md | 62 +++++++++++++++++ .../azure-vnet-over-provisioning-resources.md | 2 +- 6 files changed, 105 insertions(+), 34 deletions(-) diff --git a/content/actions/concepts/runners/github-hosted-runners.md b/content/actions/concepts/runners/github-hosted-runners.md index 8d42e98c87a6..c6d53d0a8b75 100644 --- a/content/actions/concepts/runners/github-hosted-runners.md +++ b/content/actions/concepts/runners/github-hosted-runners.md @@ -71,7 +71,9 @@ We recommend using actions to interact with the software installed on runners. T If there is a tool that you'd like to request, please open an issue at [actions/runner-images](https://github.com/actions/runner-images). This repository also contains announcements about all major software updates on runners. -> [!NOTE] You can also install additional software on {% data variables.product.prodname_dotcom %}-hosted runners. See [AUTOTITLE](/actions/using-github-hosted-runners/customizing-github-hosted-runners). +> [!NOTE] +> * You can also install additional software on {% data variables.product.prodname_dotcom %}-hosted runners. See [AUTOTITLE](/actions/using-github-hosted-runners/customizing-github-hosted-runners). +> * While nested virtualization is technically possible while using runners, it is not officially supported. Any use of nested VMs is experimental and done at your own risk, we offer no guarantees regarding stability, performance, or compatibility. ## Cloud hosts used by {% data variables.product.prodname_dotcom %}-hosted runners diff --git a/content/actions/concepts/runners/support-for-arc.md b/content/actions/concepts/runners/support-for-arc.md index 22c83b019959..6b849e825cc9 100644 --- a/content/actions/concepts/runners/support-for-arc.md +++ b/content/actions/concepts/runners/support-for-arc.md @@ -23,7 +23,7 @@ GitHub only supports the latest Autoscaling Runner Sets version of ARC. Support ## Scope of support for Actions Runner Controller -If your support request is outside of the scope of what our team can help you with, we may recommend next steps to resolve your issue outside of {% data variables.contact.github_support %}. Your support request is possibly out of {% data variables.contact.github_support %}'s scope if the request is primarily about: +To ensure a smooth adoption of Actions Runner Controller, we recommend that organizations have a Kubernetes expert on staff. Many aspects of ARC installation, including container orchestration, networking, policy application, and integration with managed Kubernetes providers, fall outside GitHub Support’s scope and require in-depth Kubernetes knowledge. If your support request is outside of the scope of what our team can help you with, we may recommend next steps to resolve your issue outside of {% data variables.contact.github_support %}. Your support request is out of {% data variables.contact.github_support %}'s scope if the request is primarily about: * The legacy community-maintained version of ARC * Installing, configuring, or maintaining dependencies diff --git a/content/actions/tutorials/use-actions-runner-controller/deploy-runner-scale-sets.md b/content/actions/tutorials/use-actions-runner-controller/deploy-runner-scale-sets.md index cee02431ea0e..9064e4ef3d9d 100644 --- a/content/actions/tutorials/use-actions-runner-controller/deploy-runner-scale-sets.md +++ b/content/actions/tutorials/use-actions-runner-controller/deploy-runner-scale-sets.md @@ -592,16 +592,11 @@ In Kubernetes mode, ARC uses runner container hooks to create a new pod in the s #### Prerequisites -Kubernetes mode relies on persistent volumes to share job details between the runner pod and the container job pod. For more information, see the [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) section in the Kubernetes documentation. +Kubernetes mode supports two approaches for sharing job data between the runner pod and the container job pod. You can use persistent volumes, which remain the recommended option for scenarios requiring concurrent write access, or you can use container lifecycle hooks to restore and export job filesystems between pods without relying on RWX volumes. The lifecycle hook approach improves portability and performance by leveraging local storage and is ideal for clusters without shared storage. -To use Kubernetes mode, you must do the following. +#### Configuring Kubernetes mode with persistent volumes -* Create persistent volumes available for the runner pods to claim. -* Use a solution to automatically provision persistent volumes on demand. - -For testing, you can use a solution like [OpenEBS](https://github.com/openebs/openebs). - -#### Configuring Kubernetes mode +To use Kubernetes mode, you must create persistent volumes that the runner pods can claim and use a solution that automatically provisions these volumes on demand. For testing, you can use a solution like [OpenEBS](https://github.com/openebs/openebs). To enable Kubernetes mode, set the `containerMode.type` to `kubernetes` in your [`values.yaml`](https://github.com/actions/actions-runner-controller/blob/master/charts/gha-runner-scale-set/values.yaml) file. @@ -618,26 +613,41 @@ containerMode: {% data reusables.actions.actions-runner-controller-helm-chart-options %} -> [!NOTE] -> When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: -> -> ```bash -> Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. -> ``` -> -> To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. -> -> ```yaml -> template: -> spec: -> containers: -> - name: runner -> image: ghcr.io/actions/actions-runner:latest -> command: ["/home/runner/run.sh"] -> env: -> - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER -> value: "false" -> ``` +#### Configuring Kubernetes mode with container lifecycle hooks + +To enable Kubernetes mode using container lifecycle hooks, set the `containerMode.type` to `kubernetes-novolume` in your `values.yaml` file: + +```yaml +containerMode: + type: "kubernetes-novolume" +``` + +>[!NOTE] +>When using `kubernetes-novolume` mode, the container must run as `root` to support lifecycle hook operations. + +#### Troubleshooting Kubernetes mode + +When Kubernetes mode is enabled, workflows that are not configured with a container job will fail with an error similar to: + + ```bash + Jobs without a job container are forbidden on this runner, please add a 'container:' to your job or contact your self-hosted runner administrator. + ``` + +To allow jobs without a job container to run, set `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` to `false` on your runner container. This instructs the runner to disable this check. +> [!WARNING] +>Allowing jobs to run without a container in `kubernetes` or `kubernetes-novolume` mode can give the >runner pod elevated privileges with the Kubernetes API server, including the ability to create pods and access secrets. Before changing this default, we recommend carefully reviewing the potential security implications. + +```yaml + template: + spec: + containers: + - name: runner + image: ghcr.io/actions/actions-runner:latest + command: ["/home/runner/run.sh"] + env: + - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER + value: "false" +``` ### Customizing container modes diff --git a/content/actions/tutorials/use-actions-runner-controller/quickstart.md b/content/actions/tutorials/use-actions-runner-controller/quickstart.md index f74c3c208eef..a42286cdf1da 100644 --- a/content/actions/tutorials/use-actions-runner-controller/quickstart.md +++ b/content/actions/tutorials/use-actions-runner-controller/quickstart.md @@ -24,9 +24,6 @@ In order to use ARC, ensure you have the following. * For a managed cloud environment, you can use AKS. For more information, see [Azure Kubernetes Service](https://azure.microsoft.com/en-us/products/kubernetes-service) in the Azure documentation. * For a local setup, you can use minikube or kind. For more information, see [minikube start](https://minikube.sigs.k8s.io/docs/start/) in the minikube documentation and [kind](https://kind.sigs.k8s.io/) in the kind documentation. - > [!NOTE] - > OpenShift clusters are currently unsupported. - * Helm 3 * For more information, see [Installing Helm](https://helm.sh/docs/intro/install/) in the Helm documentation. * While it is not required for ARC to be deployed, we recommend ensuring you have implemented a way to collect and retain logs from the controller, listeners, and ephemeral runners before deploying ARC in production workflows. diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md index eafa275ed5f7..450544a31088 100644 --- a/content/admin/data-residency/network-details-for-ghecom.md +++ b/content/admin/data-residency/network-details-for-ghecom.md @@ -95,6 +95,68 @@ If you use Azure private networking for {% data variables.product.company_short | arm64 | `centralus`, `eastus2`, `westus3` | | GPU | `centralus`, `eastus2`, `westus3` | +### IP ranges for Azure private networking + +#### EU + +Actions IPs: +* 74.241.192.231 +* 20.4.161.108 +* 74.241.204.117 +* 20.31.193.160 + +EU region: +* 108.143.197.176/28 +* 20.123.213.96/28 +* 20.224.46.144/28 +* 20.240.194.240/28 +* 20.240.220.192/28 +* 20.240.211.208/28 + +#### Austrailia + +Actions IPs: +* 4.147.140.77 +* 20.53.114.78 + +Austraila region: +* 4.237.73.192/28 +* 20.5.226.112/28 +* 20.248.163.176/28 + +#### Required for all regions + +* `Storage` service tag +* Communication requirements for github.com + * 192.30.252.0/22 + * 185.199.108.0/22 + * 140.82.112.0/20 + * 143.55.64.0/20 + * 20.201.28.151/32 + * 20.205.243.166/32 + * 20.87.245.0/32 + * 4.237.22.38/32 + * 20.207.73.82/32 + * 20.27.177.113/32 + * 20.200.245.247/32 + * 20.175.192.147/32 + * 20.233.83.145/32 + * 20.29.134.23/32 + * 20.199.39.232/32 + * 20.217.135.5/32 + * 4.225.11.198/32 + * 4.208.26.197/32 + * 20.26.156.215/32 + +### Domains for Azure private networking + +* `*..ghe.com` +* `.ghe.com` +* `github.com` +* `*.githubusercontent.com` +* `*.blob.core.windows.net` +* `*.web.core.windows.net` + ## IP ranges for {% data variables.product.prodname_importer_proper_name %} If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations). diff --git a/data/reusables/actions/azure-vnet-over-provisioning-resources.md b/data/reusables/actions/azure-vnet-over-provisioning-resources.md index 1babdb901aa4..a7812eccbd37 100644 --- a/data/reusables/actions/azure-vnet-over-provisioning-resources.md +++ b/data/reusables/actions/azure-vnet-over-provisioning-resources.md @@ -1 +1 @@ -Multiple NICs may appear for a single job in your subscription because the {% data variables.product.prodname_actions %} service over-provisions resources to run jobs. Once a runner is idle, the {% data variables.product.prodname_actions %} service automatically de-provisions the resource and removes the corresponding NIC. +Starting in November 2025, NICs created by the {% data variables.product.prodname_actions %} service will no longer appear in your Azure subscriptions. Moving forward, NICs are now provisioned in a service subscription and assigned IP addresses from your subnet.