Hacker News new | past | comments | ask | show | jobs | submit login

Word of advice, if you are thinking of running self hosted runners and use Actions for your organisation, do yourself a favour and check them out in a year or two and use something like Argo Workflows or Tekton instead.

GHA isn’t a product thought for GH private organisations, you will find that every much needed feature for this use is very low in GH roadmap.




We run GHA with auto-scaling self hosted runners at scale (~1000+ runners at peak hours) pretty well for PyTorch but it is a labor of love and patience.

However I'd say that Github's been pretty receptive to feedback and has actively fixed almost every wall that we've run into (if we haven't been able to fix it for ourselves)


Could you provide more details?


Sure, the main things for me are:

It doesn’t matter how smart you are with reusable workflows you will never get to a truly DRY setup that scales for dozens of repositories.

Another major pain is that we still haven’t private actions. It was due end of 2021 (maybe it is out now but I checked a couple of days ago).

Setting up runners to look after a pool of repositories needs elevated permissions.

GH offers a way to enforce a list of enabled actions but this does not work with private binary registries hosting pre built Docker actions. The only thing that could prevent you to pull software at runtime from the internet, which means, if you want to have a decent security posture all you are left with is referencing actions using the full git sha version.

Many common use case require hacks, which is fun for a weekend project but isn’t great for a large scale operation. An example is simply running a workflow dynamically targeting the folders containing changes. At the moment you have to create a job, generate a build matrix on the fly and pass it in input as the matrix to the actual job.


Annoyingly, the private actions roadmap item https://github.com/github/roadmap/issues/74 was modified to "internal actions", i.e., only for GitHub Enterprise; notice how in the edit history it was changed from "private" to "internal". It's been released just a few days ago: https://github.blog/changelog/share-github-actions-within-yo...


Yes the change from private to internal was sneaky but I am glad we got something now!


> Another major pain is that we still haven’t private actions. It was due end of 2021 (maybe it is out now but I checked a couple of days ago).

I'm looking forward to this landing too. In the meantime, though, checking out the repository that contains the Actions and referencing a local path works fine so this hasn't really been a blocker for us.

Edit: per sibling comment, it seems that this feature became available in the last few days. Nice!


Don't you have access to actions in private repositories, or is that not the same?


The only way I'm aware of to use a private action is to clone the repository it's in using a personal access token, and then use a local relative path to the action to run it.


another thing I have seen is preloading them on the runner itself and reference them via relative path




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: