It would be very useful to have an api endpoint that would allow me to generate setup tokens for self-hosted Actions Runners dynamically and allow me to have packerized AMIs that automagically pull the token and connect to github. The inability to do this currently drastically limits their usefulness for me.
Solved! Solved! Go to Solution.
There is no Github API to generate tokens. When you want to setup self-hosted runner, you can go to repo Settings > Actions > Self-hosted runners section, clicking on “Add runner” button. Then there is a token for you to use in Configure steps.
For more information of Adding self-hosted runners, please refer to https://help.github.com/cn/actions/automating-your-workflow-with-github-actions/adding-self-hosted-r...
Sorry to tell you that as a security precaution, Github doesn't provide an API to create personal access token. You need to follow the steps to create a PAT through web site. https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-...
So a normal PAT can be used for this purpose of registering a self hosted action runner? Does it need any specific permissions in order to do this?
I've confirmed that PAT tokens cannot currently be used for this purpose, only the tokens obtained via Actions > Add Runner work. Which is a bit of a problem for us as they appear to be short lived.
I don't entirely understand how allowing api access to retrieve a token would be less secure than, say, using api access to interact with branches and repos and pull requests. There are already authenticated endpoints that plenty of automation users leverage.
An API for this is on the roadmap. I don't have a timeline to share at the moment. But we'll be posting to the Changelog when this is available.
And to clear up some of the confusion around PATs/runner tokens. The runner token provided via the UI is a temporary token that expires after 60 minutes. It only has the ability to register runners.
PATs are not able to register runners.
Good to hear there will be an api to generate these tokens. We are trying to have self hosted action runners in aws fargate and so short lived tokens present a problem as the the runner tasks are transient. Also it would be benefitial to be able to scale them up and down as and when needed. Without the token api (or much longer lived tokens) this currently isn't possible.