Setting up Dependabot to run on self-hosted action runners using the Actions Runner Controller

You can configure the Actions Runner Controller to run Dependabot on self-hosted runners.

누가 이 기능을 사용할 수 있나요?

쓰기 권한이 있는 사용자

이 문서의 내용

Working with the Actions Runner Controller (ARC)

Note

ARC support for Dependabot on GitHub Actions is currently in 공개 미리 보기 and subject to change.

This article provides step-by-step instructions for setting up ARC on a Kubernetes cluster and configuring Dependabot to run on self-hosted action runners. The article:

  • Contains an overview of the ARC and Dependabot integration.
  • Provides detailed installation and configuration steps using helm scripts.

What is ARC?

The Actions Runner Controller is a Kubernetes controller that manages self-hosted GitHub Actions as Kubernetes pods. It allows you to dynamically scale and orchestrate runners based on your workflows, providing better resource utilization and integration with Kubernetes environments. See Actions Runner Controller 정보.

Dependabot on ARC

You can run Dependabot on self-hosted GitHub Actions runners managed within a Kubernetes cluster via ARC. This enables auto-scaling, workload isolation, and better resource management for Dependabot jobs, ensuring that dependency updates can run efficiently within an organization's controlled infrastructure while integrating seamlessly with GitHub Actions.

Setting up ARC for Dependabot on your Local environment

Prerequisites

  • A Kubernetes cluster
    • For a managed cloud environment, you can use Azure Kubernetes Service (AKS).
    • For a local setup, you can use minikube.
  • Helm
    • A package manager for Kubernetes.

Setting up ARC

  1. Install ARC. For more information, see Actions Runner Controller에 대한 빠른 시작.

  2. Create a work directory for the ARC setup and create a shell script file (for example, helm_install_arc.sh) to install the latest ARC version.

    Bash
        mkdir ARC
    touch helm_install_arc.sh
    chmod 755 helm_install_arc.sh

  3. Edit helm_install_arc.sh with this bash script for installing ARC.

    Text
    NAMESPACE="arc-systems"
helm install arc \
    --namespace "${NAMESPACE}" \
    --create-namespace \
    oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller

  4. Execute the helm_install_arc.sh script file.

    ./helm_install_arc.sh

  5. Now, you need to configure the runner scale set. For this, let's start by creating and editing a file with the following bash script.

    Bash
    touch arc-runner-set.sh
chmod 755 arc-runner-set.sh
    Text
    INSTALLATION_NAME="dependabot"
NAMESPACE="arc-runners"
GITHUB_CONFIG_URL=REPO_URL
GITHUB_PAT=PAT
helm install "${INSTALLATION_NAME}" \
    --namespace "${NAMESPACE}" \
    --create-namespace \
    --set githubConfigUrl="${GITHUB_CONFIG_URL}" \
    --set githubConfigSecret.github_token="${GITHUB_PAT}" \
    --set containerMode.type="dind" \
    oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set

  6. Execute the arc-runner-set.sh script file.

    Bash
    ./arc-runner-set.sh

Note

  • The installation name of the runner scale set has to be dependabot in order to target the dependabot job to the runner.
  • The containerMode.type="dind" configuration is required to allow the runner to connect to the Docker daemon.
  • If an organization-level or enterprise-level runner is created, then the appropriate scopes should be provided to the Personal Access Token (PAT).
  • A personal access token (classic) (PAT) can be created. The token should have the following scopes based on whether you are creating a repository, organization or enterprise level runner scale set.
    • Repository level: repo
    • Organization level: admin:org
    • Enterprise level: admin:enterprise
      For information about creating a personal access token (classic), see 개인용 액세스 토큰 관리.

Adding runner groups

Runner groups are used to control which organizations or repositories have access to runner scale sets. To add a runner scale set to a runner group, you must already have a runner group created.

For information about creating runner groups, see 그룹을 사용하여 자체 호스트형 실행기에 대한 액세스 관리.

Don't forget to add the following setting to the runner scale set configuration in the helm chart.

Text
--set runnerGroup="<Runner group name>" \

Checking your installation

  1. Check your installation.

    Bash
    helm list -A

    Output:

    ➜  ARC git:(master) ✗ helm list -A
    NAME           NAMESPACE   REVISION UPDATED                              STATUS   CHART                                  APP VERSION
    arc            arc-systems 1        2025-04-11 14:41:53.70893 -0500 CDT  deployed gha-runner-scale-set-controller-0.11.0 0.11.0
    arc-runner-set arc-runners 1        2025-04-11 15:08:12.58119 -0500 CDT  deployed gha-runner-scale-set-0.11.0            0.11.0
    dependabot     arc-runners 1        2025-04-16 21:53:40.080772 -0500 CDT deployed gha-runner-scale-set-0.11.0

  2. Check the manager pod using this command.

    Bash
    kubectl get pods -n arc-systems

    Output:

    ➜  ARC git:(master) ✗ kubectl get pods -n arc-systems

NAME                                    READY   STATUS    RESTARTS      AGE
arc-gha-rs-controller-57c67d4c7-zjmw2   1/1     Running   8 (36h ago)   6d9h
arc-runner-set-754b578d-listener        1/1     Running   0             11h
dependabot-754b578d-listener            1/1     Running   0             14h

Setting up Dependabot

  1. GitHub에서 리포지토리의 기본 페이지로 이동합니다.

  2. 리포지토리 이름 아래에서 설정을 클릭합니다. "설정" 탭이 표시되지 않으면 드롭다운 메뉴를 선택한 다음 설정을 클릭합니다.

    탭을 보여 주는 리포지토리 헤더의 스크린샷. "설정" 탭이 진한 주황색 윤곽선으로 강조 표시됩니다.

  3. 사이드바의 "Security" 섹션에서 Advanced Security 를 클릭합니다.

  4. Under "Dependabot", scroll to "Dependabot on Action Runners", and select Enable for "Dependabot on self-hosted runners".

Triggering a Dependabot run

Now that you've set up ARC, you can start a Dependabot run.

  1. GitHub에서 리포지토리의 기본 페이지로 이동합니다.

  2. 리포지토리 이름 아래에서 Insights 탭을 클릭합니다.

  3. 왼쪽 사이드바에서 종속성 그래프를 클릭합니다.

    "종속성 그래프" 탭의 스크린샷. 탭이 주황색 윤곽선으로 강조 표시됩니다.

  4. Under "Dependency graph", click Dependabot.

  5. To the right of the name of manifest file you're interested in, click Recent update jobs.

  6. If there are no recent update jobs for the manifest file, click Check for updates to re-run a Dependabot version updates'job and check for new updates to dependencies for that ecosystem.

Viewing the generated ARC runners

You can the ARC runners that have been created for the Dependabot job.

  1. GitHub에서 리포지토리의 기본 페이지로 이동합니다.

  2. 리포지토리 이름 아래에서 작업을 클릭합니다.

    "github/docs" 리포지토리의 탭 스크린샷. "작업" 탭은 주황색 윤곽선으로 강조 표시됩니다.

  3. On the left sidebar, click Runners.

  4. Under "Runners", click Self-hosted runners to view the list of all the runners available in the repository. You can see the ephemeral dependabot runner that has been created.

    Screenshot showing a dependabot runner in the list of available runners. The runner is highlighted with an orange outline.

    You can also view the same dependabot runner pod created in your kubernetes cluster from the terminal by executing this command.

    Text
    ➜  ARC git:(master) ✗ kubectl get pods -n arc-runners
    NAME                            READY   STATUS    RESTARTS   AGE
    dependabot-sw8zn-runner-4mbc7   2/2     Running   0          46s

Additionally, you can verify:

  • The logs, by checking the runner and machine name. See Dependabot 작업 로그 보기.

    Example of log for a dependabot self hosted runner.

  • The version update pull requests created by the dependabot job in the Pull requests tab of the repository.