Implementing a GitHub self-hosted runner on a Synology NAS

Note: this tutorial is based on the excellent post from Oleksandr Kirichenko found here.

Before You Start

This process may increase the attack surface of your NAS system and potentially pose security risks to your internal network. Therefore, it is recommended to use self-hosted runners only for private projects.

Setting Up the Synology NAS

Firstly, ensure that the Container Manager (Docker) package is installed from the official Synology Package Center. The NAS does not need to be internet-accessible as the Runner initiates connections, allowing the server to be fully shielded by the firewall.

We will be running the GitHub Actions Runner in a Docker container, which will in turn launch other containers, creating a Docker-in-Docker chain. To enable this:

1. Activate SSH access in the Synology DSM control panel.
2. Connect to your NAS via SSH.
3. Execute sudo chown -R 1000:1000 /var/run/docker.sock to grant Docker access rights to the socket.
4. Create a symlink from /var/run/docker.sock to /volume1/docker/docker.sock for container access: ln -s /var/run/docker.sock /volume1/docker/docker.sock.
5. Create a directory for the GitHub runner container: mkdir -p /volume1/docker/github-runner.

Deploying the GitHub Runner Container

Next, we will deploy the GitHub Actions runner container. This runner is linked to a specific GitHub organization or repository, for which you will need to generate a token.

Then, launch the container with the following command, replacing the configuration values:

docker run -d --restart always --name github-runner \  
-e RUNNER_TOKEN="YOUR_TOKEN" \
-e RUNNER_WORKDIR="/tmp/github-runner" \  
-e RUNNER_ALLOW_RUNASROOT="true" \
-e ORG_RUNNER="true" \
-e ORG_NAME="YOUR_ORG" \  
-v /volume1/docker/docker.sock:/var/run/docker.sock \
-v /volume1/docker/github-runner:/tmp/github-runner \  
myoung34/github-runner:latest

You can now verify that your self-hosted runner is active in your GitHub organization or repository settings.