Programmatically registering self-hosted Runners

Hi all,

i’d like to programmatically register self-hosted Actions Runner on a given repository, but i have some issues obtaining the registration token that is needed to invoke the config.sh.

What i got so far:

But i always end up with the response “Resource not accessible by integration”.
Is it not possible to access this endpoint with an installation access token or is my app missing some permissions for that?
Or did i miss some steps on the way?

Thanks for your help & kind regards,
Jens

Have you tried using Personal access token?

I am registering the self-hosted runner from Dockerfile programmatically. Because I want to run the self-hosted runner inside the docker container. I got it working with PAT… Not with Github app.

I think if you are using the Gihub app, you could probably check the permission in the document. I think it needs to have the full right for repo and self-host permission. For organization runner, u need to give the full admin right too.

Thanks, we are currently doing in the same way as you do with the PAT, but we rather want to do it via a GitHub app for some different reasons.

And i just found out what i was missing to get i work with the GitHub App:
somehow i forgot to give it the required administration permission (https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps#permission-on-administration) so that endpoint can be used by the app.

With that everything works fine :slight_smile:

kind regards,
jens

Thanks. That’s a great new.

Can you please share what you did with Github app?

I did the followings.

  • Enter Homepage URL
  • No User authorization callback URL
  • Uncheck “Expire user authorization tokens”
  • Uncheck Webhook Active
  • Organization Permission (Admin: R/W, Self-hosted runners: R/W)
  • Generate the private key and download pem

I don’t like using the PAT. I’ve been asking around as below… No luck yet.

What I did so far is:

  • Created an app with the " Repository permissions" “Administration: Read & Write”
  • Generate and Download the Private Key
  • Install the App on a Repository
  • Used the Ruby Script form the Documentation to generate a JWT for the App
  • Used the generated JWT to call the API to get an Application Access Token:
curl -i -X POST \
-H "Authorization: Bearer <JWT>" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations/<Installation Id of your App for the Repo>/access_tokens \
 -d '{"repositories":["name-of-your-repo"]}'
  • Use the token in the response to call the endpoint to get the registration token for the runner for the repo
curl \
  -X POST \
  -H "Authorization: token <token>" \
  -H "Accept: application/vnd.github.machine-man-preview+json" \
  https://api.github.com/repos/<owner>/<name-of-your-repo>/actions/runners/registration-token
  • use the token from the response to call the ./config.sh from the runner

So this is all on a repository level, I did not try it for an organisation or so.

1 Like

I found I could do it with a personal access token as long as it had:

  • repo
  • admin:repo_hook

perms. Then it was just the one step with the personal access token.

Interesting… I’ve been looking for this info but could not find it. Is this (eg how to use a PAT with a self-hosted runner) officially documented anywhere?