pro tip! if you simply need a connection from github actions to your local network, tailscale is a great solution. It could still be useful even if you are using self-hosted runners in case your runners still don't have direct access to your desired network. No firewall holes, no SSH bastions/jump-hosts - just the tailscale daemon in your workflow and a subnet router somewhere in your private network.
You don't need to create an organization to use self-hosted runners. You can use them with repos on your personal profile too, it's just that you have to add the runner individually to each repository
True. Not only that, but you'll need to install a runner for each repository. I started down that path and realized I'm going to have 23 docker apps in 23 repositories with 23 runners to manage if I did that. So, I create an organization( it was free ) and I'm figuring out if I need to move the repos to the organization to use the 1 org runner, or if members of the organization can use them in their personal repositories.
Awesome tutorial, thanks for this. Just a tip for those without organizations. You can also setup Action Runners within a Repo. No need to setup organizations. And having automation helps with security, ways to deploy back if anything breaks, you can check what you have done, you can redeploy everything again if needed and the list goes on. Thanks for the video!
Great Tutorial. i never use before because I usually use Jenkins to clone, build, test and deploy. but this is a great video for add new insights about CI/CD Tools.
The security concerns of running arbitrary code that was pushed to a repository were not fully addressed. Self hosted runners should be as isolated as possible and only put on private repos or ran with something like Gitea or GitLab in a private, internal environment
@@digital-activity you already don't need to pay for it with GitHub- it's free on public repos. Just cuz you can build a house without doors so you don't have to pay for it doesn't mean you should. Using a front door/implementing security shouldn't be an after though.
I'm confused about where to install it. Since there wasn't any guidance on which folder to be in, I changed directory into the /tmp folder and followed the instructions to install it as a service. Will it run find like that? Or should I uninstall and reinstall someplace else?
Thanks for tutorial! There is no much info on the internet explaining self hosted runners, so it is very appreciated. Could you also make a simular for CircleCI?
The only thing I want is to limit the runner to be able to only ever communicate with whitelisted things in K8s. In case of hostile takeover of my repo, (say merging a new GitHub action) I want to be able to know that the runner is only ever having access to internal hosts I have pre-authorized it. Should I use nginx for this or native K8s or is there even a whitelist config in the runner?
I would argue the same. How ever, that requires additional overhead and more skill. This video is a quick guide, where as going down the argo route is a lot more long winded and opens you to more security concerns.
That's true about every CNCF solution. There are many options, and they can all solve a problem similarly. Why not one thing versus another often comes down to opinions and subjectivity. We could all ask, "Why not XYZ?" about everything. This is also why teams struggle with CNCF solutions.
That will depende allot of the maturity of the team and the use case. GitOps adds complexity for example in a pipeline to deploy an application with GitOps how the pipeline knows that the deployment just finished?
Awesome tutorial. Thank you, Christian. I need to know which VS code extension that you use in this tutorial that auto-suggest the Github Action scripts?
Hi, just little question on other subject. Is this possible to do multiwan in proxmox. With exemple opentcpm, or other and how do ? If is possible. Ty for all.
Shouldn't you deploy to Kubernetes with the kubectl set image deployments/YourAppName YourAppName=IMAGE:TAG command then you can check your rollout status like this: kubectl rollout status deployment/YourAppName - Then it will do a slow roll of your application.
@@christianlempa true just adding that in -- great video. I spent a lot of time on it yesterday. Having a wonderful time trying to figure out how to put a datetime into a enviroment var so I can put it into the image tag. Thanks for getting into my rabbit hole. Having alot of fun.
I am pretty excited too. In the same way, I also want to use it with Terraform ✌️ Thank you so much. I still have to learn Kubernetes I know the overview just need to get my hands dirty 😈
I just used the gh runner self hosted to deploy minio on my local kubernetes cluster using terraform, it was a pretty fun project to do ngl, thanks for the vid Chris :)
Moinsen. Genau richtig der Zeitpunkt muss mein Projekt für FIAE abgeben und mal jemand der mir die Runner erklärt. Bin bei 1:39 und schon am Kommentieren. Hmmm... Mal sehen was da noch kommt, sonst gibt es mega Diskussion im Discord. Versprochen. Grüße aus HH, dein dich lieb... upsie :)
@@matthi1786 Danke. Ja geprüft und über 90 Punkte in Projekt und mündlicher. 😃 Projekt war "Praktikaverwaltung für FachinformatikernInnen", Zielgruppe FI-Ausbilder. Also eine Verwaltungssoftware für Praktika-Verträge und natürlich mit DB (Maria, Dapper als ORM, WPf als UI, MVVM und DependencyInjection und sowas...) Liebe grüße aus HaHa und jetzt als FIFI.. aähh meinte FIAE 💾
bro can you put more video about github action and also use EKS cluster to deploy the kubernetes deployment file. and give the more definetion about the parameter which like "uses". thanks for this videos
Please reduce background music. So much so you can completely mute it. Your content is so good but it’s so hard to comprehend because of sound track. You can see many UA-camrs don’t have any background at all and it sounds so professional.
pro tip! if you simply need a connection from github actions to your local network, tailscale is a great solution. It could still be useful even if you are using self-hosted runners in case your runners still don't have direct access to your desired network. No firewall holes, no SSH bastions/jump-hosts - just the tailscale daemon in your workflow and a subnet router somewhere in your private network.
That's a great idea man! Thanks for sharing :)
You don't need to create an organization to use self-hosted runners. You can use them with repos on your personal profile too, it's just that you have to add the runner individually to each repository
Thanks for sharing! Corrected it in the video.
True. Not only that, but you'll need to install a runner for each repository. I started down that path and realized I'm going to have 23 docker apps in 23 repositories with 23 runners to manage if I did that. So, I create an organization( it was free ) and I'm figuring out if I need to move the repos to the organization to use the 1 org runner, or if members of the organization can use them in their personal repositories.
@@majorgear1021 was it personal to you or did all members of your org get to use it?
Awesome tutorial, thanks for this.
Just a tip for those without organizations. You can also setup Action Runners within a Repo. No need to setup organizations.
And having automation helps with security, ways to deploy back if anything breaks, you can check what you have done, you can redeploy everything again if needed and the list goes on. Thanks for the video!
Thank you, you're absolutely correct! I changed it in the video :)
Great Tutorial.
i never use before because I usually use Jenkins to clone, build, test and deploy.
but this is a great video for add new insights about CI/CD Tools.
Thank you! ;) Jenkins sounds indeed interesting
Thank you, Christian. Is this some kind of extension or copilot which autosuggest you inside VS Code?
The security concerns of running arbitrary code that was pushed to a repository were not fully addressed. Self hosted runners should be as isolated as possible and only put on private repos or ran with something like Gitea or GitLab in a private, internal environment
this is more lilke "how to use github actions on my homelab and don't need to pay for it video, not a security oriented one.
@@digital-activity you already don't need to pay for it with GitHub- it's free on public repos. Just cuz you can build a house without doors so you don't have to pay for it doesn't mean you should. Using a front door/implementing security shouldn't be an after though.
Thanks for the demo...tried in my home lab and it was fun...
I'm confused about where to install it. Since there wasn't any guidance on which folder to be in, I changed directory into the /tmp folder and followed the instructions to install it as a service.
Will it run find like that? Or should I uninstall and reinstall someplace else?
Thanks for tutorial! There is no much info on the internet explaining self hosted runners, so it is very appreciated. Could you also make a simular for CircleCI?
I am using it in combination with Maven builds and ArgoCD. Actions is very useful but some features aren’t fully mature enough yet
The only thing I want is to limit the runner to be able to only ever communicate with whitelisted things in K8s. In case of hostile takeover of my repo, (say merging a new GitHub action) I want to be able to know that the runner is only ever having access to internal hosts I have pre-authorized it. Should I use nginx for this or native K8s or is there even a whitelist config in the runner?
for kubernetes why not the gitops + argocd approach ?
I would argue the same. How ever, that requires additional overhead and more skill. This video is a quick guide, where as going down the argo route is a lot more long winded and opens you to more security concerns.
That's true about every CNCF solution. There are many options, and they can all solve a problem similarly. Why not one thing versus another often comes down to opinions and subjectivity. We could all ask, "Why not XYZ?" about everything. This is also why teams struggle with CNCF solutions.
That will depende allot of the maturity of the team and the use case. GitOps adds complexity for example in a pipeline to deploy an application with GitOps how the pipeline knows that the deployment just finished?
I will make a video about that in a couple of weeks, stay tuned!
Awesome tutorial. Thank you, Christian. I need to know which VS code extension that you use in this tutorial that auto-suggest the Github Action scripts?
It’s called GitHub copilot
Very well explained! I love actions and automations 😍 I am already using it with Terraform for a bit of my infrastructure setup.
Thank you! :) Sounds cool
Can you show how to setup a powershell environment runner?
Not done it myself sry
Hi, just little question on other subject.
Is this possible to do multiwan in proxmox. With exemple opentcpm, or other and how do ?
If is possible.
Ty for all.
Shouldn't you deploy to Kubernetes with the kubectl set image deployments/YourAppName YourAppName=IMAGE:TAG command then you can check your rollout status like this: kubectl rollout status deployment/YourAppName - Then it will do a slow roll of your application.
Well that is not really the main point of the video
@@christianlempa true just adding that in -- great video. I spent a lot of time on it yesterday. Having a wonderful time trying to figure out how to put a datetime into a enviroment var so I can put it into the image tag. Thanks for getting into my rabbit hole. Having alot of fun.
I am pretty excited too. In the same way, I also want to use it with Terraform ✌️
Thank you so much. I still have to learn Kubernetes I know the overview just need to get my hands dirty 😈
Oh yeah, using it with Terraform will be incredible!
Perfect man, you are the best :)
Thank you! :)
this is awesome vid thank you
I just used the gh runner self hosted to deploy minio on my local kubernetes cluster using terraform, it was a pretty fun project to do ngl, thanks for the vid Chris :)
Sounds like a cool project!
Moinsen. Genau richtig der Zeitpunkt muss mein Projekt für FIAE abgeben und mal jemand der mir die Runner erklärt. Bin bei 1:39 und schon am Kommentieren. Hmmm... Mal sehen was da noch kommt, sonst gibt es mega Diskussion im Discord. Versprochen. Grüße aus HH, dein dich lieb... upsie :)
Hahaha, hoffe dir hat's gefallen! LG :D
Das klingt nach einem spannende Projekt für FIAE. Hoffe es hat alles geklappt und du bist fertig.
@@matthi1786 Danke. Ja geprüft und über 90 Punkte in Projekt und mündlicher. 😃 Projekt war "Praktikaverwaltung für FachinformatikernInnen", Zielgruppe FI-Ausbilder. Also eine Verwaltungssoftware für Praktika-Verträge und natürlich mit DB (Maria, Dapper als ORM, WPf als UI, MVVM und DependencyInjection und sowas...) Liebe grüße aus HaHa und jetzt als FIFI.. aähh meinte FIAE 💾
Thanks.
thanks
Yes!
keep your shirt
bro can you put more video about github action and also use EKS cluster to deploy the kubernetes deployment file.
and give the more definetion about the parameter which like "uses".
thanks for this videos
Not using GKE, so that won’t happen unfortunately:(
Please reduce background music. So much so you can completely mute it. Your content is so good but it’s so hard to comprehend because of sound track.
You can see many UA-camrs don’t have any background at all and it sounds so professional.
❗️👎🏾terrible background music
❤️👍🏻 great tutorial
Be like Nana ❤️✅, she has 1 MILLION subscribers without those stupid background musics 🤮