GitHub Self-Hosted Runner¶
This repository now expects the CI workflow to run on a labeled self-hosted runner instead of GitHub-hosted ubuntu-latest.
The workflow is intentionally limited to push on main plus workflow_dispatch. It does not run pull_request on the privileged self-hosted runner by default.
Required labels:
self-hostedlinuxx64dockernova-ve-ci
Recommended Runner VM¶
- OS:
Ubuntu 26.04 x86_64 - CPU:
4 vCPUminimum - RAM:
8 GBminimum - Disk:
60 GBminimum - Network: outbound internet access for GitHub, npm, PyPI, and container image pulls
Use a dedicated runner VM rather than the eventual deployment target when possible.
Bootstrap¶
On the runner VM:
That installs:
- Docker Engine + Compose plugin
- Host-native Ubuntu
26.04python3+venv - Node.js + npm
- git, curl, jq, and build prerequisites
Register The Runner¶
- Open the GitHub repository settings:
Settings -> Actions -> Runners -> New self-hosted runner- Choose:
Linuxx64- Log into the VM as
github-runner. - Download the runner package GitHub provides for that page.
- Configure it with the required labels:
./config.sh \
--url https://github.com/fahadysf/nova-ve \
--token <runner-registration-token> \
--labels self-hosted,linux,x64,docker,nova-ve-ci \
--name nova-ve-ci-01
- Install and start the runner service:
Validation¶
Confirm the runner is online in GitHub, then trigger the workflow manually with workflow_dispatch.
Expected capabilities:
docker compose config -qdocker compose up -d db- backend
pytest, import, andcompileall - frontend
npm ci,npm run check, andnpm run build
Operational Notes¶
- Do not route untrusted
pull_requestjobs onto this runner while it has Docker-capable host access. - The workflow now includes a
docker compose down -v || truecleanup step before the compose smoke test to reduce stale self-hosted-runner state. - The runner user must remain in the
dockergroup. - Keep the runner patched, and avoid using it as a shared general-purpose VM.