facc7976fe
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
10 KiB
title, intro, versions, permissions, topics, allowTitleToDifferFromFilename, shortTitle
| title | intro | versions | permissions | topics | allowTitleToDifferFromFilename | shortTitle | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Setting up Dependabot to run on self-hosted action runners using the Actions Runner Controller | You can configure the {% data variables.product.prodname_actions_runner_controller %} to run {% data variables.product.prodname_dependabot %} on self-hosted runners. |
|
{% data reusables.permissions.dependabot-various-tasks %} |
|
true | Configure ARC |
Working with the {% data variables.product.prodname_actions_runner_controller %} (ARC)
This article provides step-by-step instructions for setting up ARC on a Kubernetes cluster and configuring {% data variables.product.prodname_dependabot %} to run on self-hosted action runners. The article:
- Contains an overview of the ARC and {% data variables.product.prodname_dependabot %} integration.
- Provides detailed installation and configuration steps using helm scripts.
What is ARC?
The {% data variables.product.prodname_actions_runner_controller %} is a Kubernetes controller that manages self-hosted {% data variables.product.prodname_actions %} as Kubernetes pods. It allows you to dynamically scale and orchestrate runners based on your workflows, providing better resource utilization and integration with Kubernetes environments. See AUTOTITLE.
{% data variables.product.prodname_dependabot %} on ARC
You can run {% data variables.product.prodname_dependabot %} on self-hosted {% data variables.product.prodname_actions %} runners managed within a Kubernetes cluster via ARC. This enables auto-scaling, workload isolation, and better resource management for {% data variables.product.prodname_dependabot %} jobs, ensuring that dependency updates can run efficiently within an organization's controlled infrastructure while integrating seamlessly with {% data variables.product.prodname_actions %}.
Setting up ARC for {% data variables.product.prodname_dependabot %} on your Local environment
Prerequisites
- A Kubernetes cluster
- For a managed cloud environment, you can use Azure Kubernetes Service (AKS).
- For a local setup, you can use minikube.
- Helm
- A package manager for Kubernetes.
Setting up ARC
-
Install ARC. For more information, see AUTOTITLE.
-
Create a work directory for the ARC setup and create a shell script file (for example,
helm_install_arc.sh) to install the latest ARC version.mkdir ARC touch helm_install_arc.sh chmod 755 helm_install_arc.sh -
Edit
helm_install_arc.shwith this bash script for installing ARC.NAMESPACE="arc-systems" helm install arc \ --namespace "${NAMESPACE}" \ --create-namespace \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller -
Execute the
helm_install_arc.shscript file../helm_install_arc.sh -
Now, you need to configure the runner scale set. For this, let's start by creating and editing a file with the following bash script.
touch arc-runner-set.sh chmod 755 arc-runner-set.shINSTALLATION_NAME="dependabot" NAMESPACE="arc-runners" GITHUB_CONFIG_URL=REPO_URL GITHUB_PAT=PAT helm install "${INSTALLATION_NAME}" \ --namespace "${NAMESPACE}" \ --create-namespace \ --set githubConfigUrl="${GITHUB_CONFIG_URL}" \ --set githubConfigSecret.github_token="${GITHUB_PAT}" \ --set containerMode.type="dind" \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set -
Execute the
arc-runner-set.shscript file../arc-runner-set.sh
Note
- The installation name of the runner scale set has to be
dependabotin order to target the dependabot job to the runner.- The
containerMode.type="dind"configuration is required to allow the runner to connect to the Docker daemon.- If an organization-level or enterprise-level runner is created, then the appropriate scopes should be provided to the {% data variables.product.pat_generic_title_case %} (PAT).
- A {% data variables.product.pat_v1 %} (PAT) can be created. The token should have the following scopes based on whether you are creating a repository, organization or enterprise level runner scale set.
- Repository level: repo
- Organization level: admin:org
- Enterprise level: admin:enterprise
For information about creating a {% data variables.product.pat_v1 %}, see AUTOTITLE.
Adding runner groups
Runner groups are used to control which organizations or repositories have access to runner scale sets. To add a runner scale set to a runner group, you must already have a runner group created.
For information about creating runner groups, see AUTOTITLE.
Don't forget to add the following setting to the runner scale set configuration in the helm chart.
--set runnerGroup="<Runner group name>" \
Checking your installation
-
Check your installation.
helm list -AOutput:
➜ ARC git:(master) ✗ helm list -A NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION arc arc-systems 1 2025-04-11 14:41:53.70893 -0500 CDT deployed gha-runner-scale-set-controller-0.11.0 0.11.0 arc-runner-set arc-runners 1 2025-04-11 15:08:12.58119 -0500 CDT deployed gha-runner-scale-set-0.11.0 0.11.0 dependabot arc-runners 1 2025-04-16 21:53:40.080772 -0500 CDT deployed gha-runner-scale-set-0.11.0 -
Check the manager pod using this command.
kubectl get pods -n arc-systemsOutput:
➜ ARC git:(master) ✗ kubectl get pods -n arc-systems NAME READY STATUS RESTARTS AGE arc-gha-rs-controller-57c67d4c7-zjmw2 1/1 Running 8 (36h ago) 6d9h arc-runner-set-754b578d-listener 1/1 Running 0 11h dependabot-754b578d-listener 1/1 Running 0 14h
Setting up {% data variables.product.prodname_dependabot %}
{% ifversion fpt or ghec %}
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %}
- Under "{% data variables.product.prodname_dependabot %}", scroll to "{% data variables.product.prodname_dependabot %} on Action Runners", and select Enable for "{% data variables.product.prodname_dependabot %} on self-hosted runners".
{% elsif ghes %}
- Create an organization on {% data variables.product.prodname_ghe_server %}. For more information, see AUTOTITLE.
- Create a runner group. See Adding runner groups.
- Enable the dependency graph from the {% data variables.enterprise.management_console %}. See AUTOTITLE.
- Enable {% data variables.product.prodname_github_connect %} for your enterprise. See AUTOTITLE.
- Enable {% data variables.product.prodname_dependabot_alerts %} for the enterprise. See AUTOTITLE.
{% endif %}
Triggering a {% data variables.product.prodname_dependabot %} run
Now that you've set up ARC, you can start a {% data variables.product.prodname_dependabot %} run.
{% data reusables.dependabot.trigger-run %}
Viewing the generated ARC runners
You can view the ARC runners that have been created for the {% data variables.product.prodname_dependabot %} job.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.actions-tab %}
-
On the left sidebar, click Runners.
-
Under "Runners", click Self-hosted runners to view the list of all the runners available in the repository. You can see the ephemeral dependabot runner that has been created.
You can also view the same dependabot runner pod created in your kubernetes cluster from the terminal by executing this command.
➜ ARC git:(master) ✗ kubectl get pods -n arc-runners NAME READY STATUS RESTARTS AGE dependabot-sw8zn-runner-4mbc7 2/2 Running 0 46s
Additionally, you can verify:
-
The logs, by checking the runner and machine name. See AUTOTITLE.
-
The version update pull requests created by the dependabot job in the Pull requests tab of the repository.
