Self-hosted Runner with rootless Docker

These are the steps I used to configure an Ubuntu 22.04 VM to function as a GitHub Runner with rootless Docker.

Create GitHub user

sudo useradd -m -G sudo -s $(which bash) github
sudo passwd github

Log in as github using machinectl (the rootless setup script won't work correctly if you just sudo su - $USER)

# install systemd-container if not already installed
sudo apt install systemd-container
# login as github
sudo machinectl shell github@

Install uidmap

sudo apt install uidmap

Install Docker

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Enable rootless Docker

sudo systemctl disable --now docker.service docker.socket
sudo rm /var/run/docker.sock

dockerd-rootless-setuptool.sh install

systemctl --user start docker
systemctl --user enable docker
sudo loginctl enable-linger $(whoami)

Create a directory for the runner (or one for each runner instance if you want parallel builds), set perms, and cd into the parent directory

sudo mkdir -p /opt/github/runner{1..4}
sudo chown -R github:github /opt/github
cd /opt/github

Download the runner softare

curl -O -L https://github.com/actions/runner/releases/download/v2.317.0/actions-runner-linux-x64-2.317.0.tar.gz

For each runner:

Extract runner software into the runner dir
tar xzf ./actions-runner-linux-x64-2.317.0.tar.gz --directory=runner1
Add a self-hosted runner to your repository and run the prescribed config command making sure to give each runner a unique name
cd runner1
./config.sh --url https://github.com/USER/REPO --token TOKEN
Configure it to run as a user service
sudo ./svc.sh install $(whoami)
sudo ./svc.sh start $(whoami)

Remove github from sudo group as it won't need any further elevation

sudo deluser github sudo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rootless-runner.md

rootless-runner.md

Self-hosted Runner with rootless Docker

Files

rootless-runner.md

Latest commit

History

rootless-runner.md

File metadata and controls

Self-hosted Runner with rootless Docker