LogoLogo
HomeBlogGitHubGet Started FreeLogin
Earthly 0.8
Earthly 0.8
  • 👋Introduction
  • 💻Install Earthly
  • 🎓Learn the basics
    • Part 1: A simple Earthfile
    • Part 2: Outputs
    • Part 3: Adding dependencies With Caching
    • Part 4: Args
    • Part 5: Importing
    • Part 6: Using Docker In Earthly
    • Part 7: Using remote runners
    • Part 8a: Using Earthly in your current CI
    • Final words
  • ⭐Featured guides
    • Rust
  • 📖Docs
    • Guides
      • Importing
      • Build arguments and variables
      • Secrets
      • Functions
      • Using Docker in Earthly
      • Multi-platform builds
      • Authenticating Git and image registries
      • Integration Testing
      • Debugging techniques
      • Podman
      • Configuring registries
        • AWS ECR
        • GCP Artifact Registry
        • Azure ACR
        • Self-signed certificates
      • Using the Earthly Docker Images
        • earthly/earthly
        • earthly/buildkitd
      • ✅Best practices
    • Caching
      • Caching in Earthfiles
      • Managing cache
      • Caching via remote runners
    • Remote runners
    • Earthfile reference
      • Builtin args
      • Excluding patterns
      • Version-specific features
    • The earthly command
    • Earthly lib
    • Configuration reference
    • Examples
    • Misc
      • Alternative installation
      • Data collection
      • Definitions
      • Public key authentication
  • 🔧CI Integration
    • Overview
    • Use the Earthly CI Image
    • Build your own Earthly CI Image
    • Pull-Through Cache
    • Remote BuildKit
    • Vendor-Specific Guides
      • GitHub Actions
      • Circle CI
      • GitLab CI/CD
      • Jenkins
      • AWS CodeBuild
      • Google Cloud Build
      • Bitbucket Pipelines
      • Woodpecker CI
      • Kubernetes
  • ☁️Earthly Cloud
    • Overview
    • Managing permissions
    • Cloud secrets
    • Earthly Satellites
      • Managing Satellites
      • Using Satellites
      • Self-Hosted Satellites
      • GitHub runners
      • Best Practices
      • Bring Your Own Cloud (BYOC)
        • AWS
          • Requirements
          • CloudFormation
          • Terraform
          • Manual
        • VPN
          • Tailscale
Powered by GitBook
On this page
  • Creating a GitHub Actions integration
  • 1. Create a GitHub token
  • 2. Register the integration via CLI
  • 3. Configure your satellites
  • 4. Configure your GitHub Actions jobs
  • Listing registered integrations
  • Removing an integration
  • Organization integration
  • Single repository integration

Was this helpful?

Edit on GitHub
  1. Earthly Cloud
  2. Earthly Satellites

GitHub runners

PreviousSelf-Hosted SatellitesNextBest Practices

Last updated 10 months ago

Was this helpful?

This feature is experimental.

Not recommended for production usage yet, since it might introduce breaking changes in the future.

Feedback is welcome and much appreciated!

Earthly satellites are now bundled with a GitHub Actions runner, so they can directly pull jobs from GitHub Actions without the need of an intermediate runner.

These runners come with the Earthly CLI preinstalled and configured to use the satellite BuildKit instance, so GitHub Actions jobs will share the same satellite cache as the traditional satellite builds.

Creating a GitHub Actions integration

Satellite-based GitHub Actions runners can be enabled for a particular repository or for all repositories of a GitHub organization at once.

The integration process requires you to be a GitHub organization or repository admin, and to provide us with a GitHub token, so we can:

  • register a webhook in your GitHub repository/organization to receive the events generated from your GitHub Actions jobs

  • create GitHub self-hosted runners on demand, to process your repository/organization jobs

Follow the next steps to create such integrations:

1. Create a GitHub token

  • Go to to create a new GitHub classic token.

  • Give a name to your token that clearly shows its purpose, for example:

  • Set the token as non-expiring (notice that the integration won't work after the token expires)

  • Check the following scopes:

    • For organization integrations: admin:org,admin:org_hook

    • Alternatively, for repository integrations: repo,admin:repo_hook

  • Click "generate token"

  • Copy the token value to use it in the following step

Alternatively, if you prefer creating a fine-grained token, make sure to set the following permissions for it: org: organization_hooks:write, organization_self_hosted_runners:write, repo: repository_hooks:write, administration:write and an expiration time long enough, since the integration won't work after the token expires.

2. Register the integration via CLI

Create the integration using the earthly gha add CLI command, passing the token created in the previous step.

Organization integration

earthly gha add \
  --org <earthly_organization> \
  --gh-org <github_organization> \
  --gh-token <github_token>

Single repository integration

earthly gha add \
  --org <earthly_organization> \
  --gh-org <github_organization> \
  --gh-repo <github_repo> \
  --gh-token <github_token>

3. Configure your satellites

This feature needs to be enabled during satellite creation to be able to use it.

Earthly-Cloud satellites

earthly satellite launch --feature-flag enable-gha-runner <satellite-name>

Self-hosted satellites

To enable the GH runner for a self-hosted satellite, set this environment entry when launching it:

-e RUNNER_GHA_ENABLED=true

also note that the satellite container must have access to the docker daemon in order to run the GitHub Actions jobs in containers:

-v /var/run/docker.sock:/var/run/docker.sock

Example

docker run --privileged \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v satellite-cache:/tmp/earthly:rw \
    -p 8372:8372 \
    -e EARTHLY_TOKEN=<earthly_token> \
    -e EARTHLY_ORG=<earthly_org_name> \
    -e SATELLITE_NAME=<satellite_name> \
    -e SATELLITE_HOST=<satellite_host> \
    -e RUNNER_GHA_ENABLED=true \
  earthly/satellite:v0.8.13

Required version: Use at least earthly/satellite:v0.8.13

Logs

You should see a log message like this, when the GitHub Actions runner is enabled:

{...,"msg":"starting GitHub Actions job polling loop",...}

4. Configure your GitHub Actions jobs

runs-on: [earthly-satellite#<satellite-name>]

Example

The following example runs the +build target in the satellite. Given that the GH runner is configured to use the satellite BuildKit instance, the persistent satellite cache is implicitly used here.

earthly-job:
  runs-on: [earthly-satellite#my-gha-satellite]
  env:
    FORCE_COLOR: 1
    EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}"
  steps:
    - uses: actions/checkout@v2
    - name: Earthly build
      run: earthly -ci +build

Listing registered integrations

List the integrations of your Earthly organization with the earthly gha ls CLI command:

earthly gha ls \
  --org <earthly_organization> 

Removing an integration

Remove an integration using the earthly gha remove CLI command:

Organization integration

earthly gha remove \
  --org <earthly_organization> \
  --gh-org <github_organization> 

Single repository integration

earthly gha remove \
  --org <earthly_organization> \
  --gh-org <github_organization> \
  --gh-repo <github_repo>

Launch the satellite with the enable-gha-runner enabled.

In order to make a job run into the satellite, you'll need to reference the satellite name in its label as follows:

Make sure you have an available in your store, and add it to the job environment, as shown in the previous example. Future versions will remove this requirement.

☁️
feature-flag
runs-on
EARTHLY_TOKEN
GitHub Actions secrets
GitHub's new token page
token name
token expiration
token generate