Implementing a GitHub self-hosted runner on a Synology NAS
Posted on Tue 16 January 2024 in tutorials
Note: this tutorial is based on the excellent post from Oleksandr Kirichenko found here.
Before You Start
This process may increase the attack surface of your NAS system and potentially pose security risks to your internal network. Therefore, it is recommended to use self-hosted runners only for private projects.
Setting Up the Synology NAS
Firstly, ensure that the Container Manager (Docker) package is installed from the official Synology Package Center. The NAS does not need to be internet-accessible as the Runner initiates connections, allowing the server to be fully shielded by the firewall.
We will be running the GitHub Actions Runner in a Docker container, which will in turn launch other containers, creating a Docker-in-Docker chain. To enable this:
- Activate SSH access in the Synology DSM control panel.
- Connect to your NAS via SSH.
- Execute
sudo chown -R 1000:1000 /var/run/docker.sock
to grant Docker access rights to the socket. - Create a symlink from
/var/run/docker.sock
to/volume1/docker/docker.sock
for container access:ln -s /var/run/docker.sock /volume1/docker/docker.sock
. - Create a directory for the GitHub runner container:
mkdir -p /volume1/docker/github-runner
.
Deploying the GitHub Runner Container
Next, we will deploy the GitHub Actions runner container. This runner is linked to a specific GitHub organization or repository, for which you will need to generate a token.
Then, launch the container with the following command, replacing the configuration values:
docker run -d --restart always --name github-runner \
-e RUNNER_TOKEN="YOUR_TOKEN" \
-e RUNNER_WORKDIR="/tmp/github-runner" \
-e RUNNER_ALLOW_RUNASROOT="true" \
-e ORG_RUNNER="true" \
-e ORG_NAME="YOUR_ORG" \
-v /volume1/docker/docker.sock:/var/run/docker.sock \
-v /volume1/docker/github-runner:/tmp/github-runner \
myoung34/github-runner:latest
You can now verify that your self-hosted runner is active in your GitHub organization or repository settings.