Programmatically registering self-hosted Runners #27204

jmaukisch · 2020-12-02T09:16:28Z

jmaukisch
Dec 2, 2020

Hi all,

i’d like to programmatically register self-hosted Actions Runner on a given repository, but i have some issues obtaining the registration token that is needed to invoke the config.sh.

What i got so far:

I have an GitHub App installed on the Repository
I gerate a JWT
I call api.github.com/app/installations/123456/access_tokens with the JWT to get an access token for that repo for the installation
and with the returned token I try to call api.github.com/repos/owner/my-repo/actions/runners/registration-token for the repository

But i always end up with the response “Resource not accessible by integration”.
Is it not possible to access this endpoint with an installation access token or is my app missing some permissions for that?
Or did i miss some steps on the way?

Thanks for your help & kind regards,
Jens

Answered by jmaukisch

Dec 2, 2020

What I did so far is:

Created an app with the " Repository permissions" “Administration: Read & Write”
Generate and Download the Private Key
Install the App on a Repository
Used the Ruby Script form the Documentation to generate a JWT for the App
Used the generated JWT to call the API to get an Application Access Token:

curl -i -X POST \
-H "Authorization: Bearer <JWT>" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations/<Installation Id of your App for the Repo>/access_tokens \
 -d '{"repositories":["name-of-your-repo"]}'

Use the token in the response to call the endpoint to get the registration token for the runner for the repo

curl \
  -X POST …

View full answer

michaelsync · 2020-12-02T11:02:42Z

michaelsync
Dec 2, 2020

Have you tried using Personal access token?

I am registering the self-hosted runner from Dockerfile programmatically. Because I want to run the self-hosted runner inside the docker container. I got it working with PAT… Not with Github app.

I think if you are using the Gihub app, you could probably check the permission in the document. I think it needs to have the full right for repo and self-host permission. For organization runner, u need to give the full admin right too.

0 replies

jmaukisch · 2020-12-02T12:08:06Z

jmaukisch
Dec 2, 2020
Author

Thanks, we are currently doing in the same way as you do with the PAT, but we rather want to do it via a GitHub app for some different reasons.

And i just found out what i was missing to get i work with the GitHub App:
somehow i forgot to give it the required administration permission (https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps#permission-on-administration) so that endpoint can be used by the app.

With that everything works fine :slight_smile:

kind regards,
jens

0 replies

michaelsync · 2020-12-02T12:44:49Z

michaelsync
Dec 2, 2020

Thanks. That’s a great new.

Can you please share what you did with Github app?

I did the followings.

Enter Homepage URL
No User authorization callback URL
Uncheck “Expire user authorization tokens”
Uncheck Webhook Active
Organization Permission (Admin: R/W, Self-hosted runners: R/W)
Generate the private key and download pem

I don’t like using the PAT. I’ve been asking around as below… No luck yet.

0 replies

jmaukisch · 2020-12-02T14:22:48Z

jmaukisch
Dec 2, 2020
Author

What I did so far is:

Created an app with the " Repository permissions" “Administration: Read & Write”
Generate and Download the Private Key
Install the App on a Repository
Used the Ruby Script form the Documentation to generate a JWT for the App
Used the generated JWT to call the API to get an Application Access Token:

curl -i -X POST \
-H "Authorization: Bearer <JWT>" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/app/installations/<Installation Id of your App for the Repo>/access_tokens \
 -d '{"repositories":["name-of-your-repo"]}'

Use the token in the response to call the endpoint to get the registration token for the runner for the repo

curl \
  -X POST \
  -H "Authorization: token <token>" \
  -H "Accept: application/vnd.github.machine-man-preview+json" \
  https://api.github.com/repos/<owner>/<name-of-your-repo>/actions/runners/registration-token

use the token from the response to call the ./config.sh from the runner

So this is all on a repository level, I did not try it for an organisation or so.

0 replies

DrMerlin · 2020-12-09T23:44:08Z

DrMerlin
Dec 9, 2020

I found I could do it with a personal access token as long as it had:

repo
admin:repo_hook

perms. Then it was just the one step with the personal access token.

0 replies

larryclaman · 2020-12-10T16:29:27Z

larryclaman
Dec 10, 2020

Interesting… I’ve been looking for this info but could not find it. Is this (eg how to use a PAT with a self-hosted runner) officially documented anywhere?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Programmatically registering self-hosted Runners #27204

{{title}}

Replies: 6 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Programmatically registering self-hosted Runners #27204

jmaukisch Dec 2, 2020

Replies: 6 comments

michaelsync Dec 2, 2020

jmaukisch Dec 2, 2020 Author

michaelsync Dec 2, 2020

jmaukisch Dec 2, 2020 Author

DrMerlin Dec 9, 2020

larryclaman Dec 10, 2020

jmaukisch
Dec 2, 2020

michaelsync
Dec 2, 2020

jmaukisch
Dec 2, 2020
Author

michaelsync
Dec 2, 2020

jmaukisch
Dec 2, 2020
Author

DrMerlin
Dec 9, 2020

larryclaman
Dec 10, 2020