Linking the certs configuration docs of self-hosted runner for Dependabot on actions (#48779)
This commit is contained in:
Siara
@@ -64,6 +64,10 @@ If you specify more than 14 concurrent runners on a VM, you must also update the
|
||||
|
||||
{% data variables.product.prodname_dependabot %} runners require access to the public internet, {% data variables.product.prodname_dotcom_the_website %}, and any internal registries that will be used in {% data variables.product.prodname_dependabot %} updates. To minimize the risk to your internal network, you should limit access from the Virtual Machine (VM) to your internal network. This reduces the potential for damage to internal systems if a runner were to download a hijacked dependency.
|
||||
|
||||
### Certificate configuration for {% data variables.product.prodname_dependabot %} runners
|
||||
|
||||
If your {% data variables.product.prodname_ghe_server %} instance uses a self-signed certificate, or if {% data variables.product.prodname_dependabot %} needs to interact with registries that use self-signed certificates, those certificates must also be installed on the self-hosted runners that run {% data variables.product.prodname_dependabot %} jobs. This security hardens the connection. You must also configure Node.js to use the certificate, because most actions are written in JavaScript and run using Node.js, which does not use the operating system certificate store.
|
||||
|
||||
### Adding self-hosted runners for {% data variables.product.prodname_dependabot %} updates
|
||||
|
||||
1. Provision self-hosted runners, at the repository, organization, or enterprise account level. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners)" and "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners)."
|
||||
@@ -74,6 +78,8 @@ If you specify more than 14 concurrent runners on a VM, you must also update the
|
||||
- Recommended approach: [Run the Docker daemon as a non-root user (Rootless mode)](https://docs.docker.com/engine/security/rootless/)
|
||||
- Alternative approach: [Manage Docker as a non-root user](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user)
|
||||
- Verify that the runners have access to the public internet and can only access the internal networks that {% data variables.product.prodname_dependabot %} needs.
|
||||
- Install any self-signed certificates for your {% data variables.product.prodname_ghe_server %} instance or for registries that {% data variables.product.prodname_dependabot %} will need to interact with.
|
||||
- Configure Node.js to use the same certificate. For more information, see "[AUTOTITLE](/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise#configuring-nodejs-to-use-the-certificate)."
|
||||
|
||||
1. Assign a `dependabot` label to each runner you want {% data variables.product.prodname_dependabot %} to use. For more information, see "[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners#assigning-a-label-to-a-self-hosted-runner)."
|
||||
|
||||
|
||||
Reference in New Issue
Block a user