A self-hosted runner connects to your GitHub Enterprise Server instance to receive job assignments and to download new versions of the runner application. The self-hosted runner uses an HTTP(S) long poll that opens a connection to GitHub for 50 seconds, and if no response is received, it then times out and creates a new long poll. The application must be running on the machine to accept and run GitHub Actions jobs.
The GitHub Actions runner application is open source. You can contribute and file issues in the runner repository. When a new version is released, the runner application will automatically update within 24 hours.
Note
If you use ephemeral runners and have disabled automatic updates, before you upgrade GitHub Enterprise Server, you should first upgrade your self-hosted runners to the version of the runner application that your upgraded instance will run. Upgrading GitHub Enterprise Server before you upgrade ephemeral runners may result in your runners going offline. For more information, see Overview of the upgrade process.
A self-hosted runner is automatically removed from GitHub if it has not connected to GitHub Actions for more than 14 days. An ephemeral self-hosted runner is automatically removed from GitHub if it has not connected to GitHub Actions for more than 1 day.
The connection between self-hosted runners and GitHub is over HTTP (port 80) or HTTPS (port 443). To ensure connectivity over HTTPS, configure TLS for GitHub Enterprise Server. For more information, see Configuring TLS.
Only an outbound connection from the runner to GitHub Enterprise Server is required. There is no need for an inbound connection from GitHub Enterprise Server to the runner. For caching to work, the runner must be able to communicate with the blob storage and directly download content from it.
GitHub Enterprise Server must accept inbound connections from your runners over HTTP(S) at your GitHub Enterprise Server instance's hostname and API subdomain, and your runners must allow outbound connections over HTTP(S) to your GitHub Enterprise Server instance's hostname and API subdomain.
Self-hosted runners do not require any external internet access in order to function. As a result, you can use network routing to direct communication between the self-hosted runner and GitHub Enterprise Server. For example, you can assign a private IP address to your self-hosted runner and configure routing to send traffic to GitHub Enterprise Server, with no need for traffic to traverse a public network.
Communication between self-hosted runners and GitHub.com
Self-hosted runners do not need to connect to GitHub.com unless you have enabled automatic access to GitHub.com actions for GitHub Enterprise Server. For more information, see About using actions in your enterprise.
If you have enabled automatic access to GitHub.com actions, then the self-hosted runner will connect directly to GitHub.com to download actions. You must ensure that the machine has the appropriate network access to communicate with the GitHub URLs listed below.
github.com api.github.com codeload.github.com pkg.actions.githubusercontent.com
github.com
api.github.com
codeload.github.com
pkg.actions.githubusercontent.com
Note
Some of the domains listed are configured using CNAME records. Some firewalls might require you to add rules recursively for all CNAME records. Note that the CNAME records might change in the future, and that only the domains listed will remain constant.