GitHub Boosts Security and Power for Hosted Runners
GitHub, the world’s leading AI-powered developer platform, has introduced several new updates for GitHub Actions to further support enterprise customers, bringing stronger security and even more power to GitHub-hosted runners. The updates include Azure private networking for GitHub-hosted runners, GPU-hosted runners for machine learning, and additional runner SKUs.
Azure Private Networking for Github-Hosted Runners Is Generally Available
Azure private networking for GitHub-hosted runners is now generally available. This feature allows developers to run Actions workflows on GitHub-hosted runners that are connected to their Azure virtual network, without compromising on security or performance.
GitHub-hosted runners provide powerful compute in the cloud for running CI/CD and automation workflows that are fully managed, eliminating the overhead of managing and maintaining infrastructure. However, enterprises having strict networking and security requirements prevents them from using GitHub-hosted runners to their full potential, specifically:
-
Secure access to private resources within their on-prem or cloud-based locations, such as databases, artifactory, storage accounts, or APIs.
-
Enforce network security policies and outbound access rules on the runners to reduce data exfiltration risks.
-
Isolate their build traffic from the public internet and route it through their existing private network connections (ex. VPN or ExpressRoute).
-
Monitor network traffic for any malicious or unusual behaviour as workflows run.
With Azure private networking, organizations can easily create GitHub-hosted runners that are provisioned within their Azure virtual network and subnet of choice. Thereafter, Actions workflows can securely access Azure services like storage accounts, databases and on-premises data sources such as an Artifactory through existing, pre-configured connections like VPN gateways and ExpressRoutes.
Additionally, security is front and centre with this update. Any existing or new networking policies, such as Network Security Group (NSG) or firewall rules, will automatically apply to GitHub-hosted runners giving platform administrators comprehensive control over network security, all managed within a single place.
“At Deutsche Vermögensberatung (DVAG), we always focus on delivering great products to our customers. By executing our CI/CD workflows on GitHub-hosted runners, the burden of managing our own infrastructure has been lifted. This shift has provided our developers and DevOps administrators with precious time to dedicate to innovation, thus ultimately accelerating our products’ time to market. One of the standout features of GitHub Actions is the ability to securely and privately integrate with Azure networking, which empowers us to establish secure and private connections from GitHub-hosted runners to our internal resources. With minimal administrative overhead we can effectively manage many resources including Kubernetes clusters, databases, and Virtual Machines,” explained Florian Koch, Lead Developer IT Platform, Deutsche Vermögensberatung.
Introducing Additional Runners Skus
GitHub has also introduced the latest additions to the GitHub-hosted runner fleet, 2 vCPU Linux and 4 vCPU Windows runners, supporting auto-scaling and private networking features. Previously, GitHub’s supported SKUs ranged from 4 vCPU (Linux only) to 64 vCPU, prompting substantial feedback requesting smaller SKUs with the same auto-scaling and private networking capabilities. These newly introduced smaller machines are geared to specifically support scenarios where smaller machine sizes suffice yet the demand for heightened security and performance persists. Additionally, Apple silicon (M1) hosted runners, specifically macOS L (12-core Intel) and macOS XL (M1 w/GPU hardware acceleration) which were previously in public beta, are now generally available.
GPU Hosted Runners Available in Public Beta
Additionally, GitHub has announced GPU-hosted runners in public beta. This new runner empowers teams working with machine learning models such as large language models (LLMs) or those requiring GPU graphic cards for game development to run these more efficiently as part of their automation or CI/CD process, empowering teams to do complete application testing, including the ML components, with GitHub Actions.
Moreover, the GPU SKU comes equipped with auto-scaling and private networking features. GitHub is initially rolling out support for a 4-core SKU with 1 T4 GPU, and has more SKUs planned for later this year.
What’s Next?
GitHub is dedicated to continuous improvement, driven by user feedback, to ensure that the platform delivers an unparalleled user experience. Here’s a glimpse into some exciting enhancements on the horizon for GitHub-hosted Actions runners.
Reliability continues to be a top priority as GitHub introduces new functionalities. GitHub is actively engaged in significant efforts to enhance the overall scalability and reliability of the GitHub Actions platform, underlined by the profound impact any service disruption has on a user.
Tanmayee Kamath, Senior Product Manager, GitHub, highlights: “We’re focused on elevating the Azure private networking feature set, enabling the creation of network configurations encompassing multiple virtual networks. Additionally, we’re streamlining setup processes through scripting and implementing best practices for VNET peering to accommodate unsupported Azure regions. For customers not utilizing Azure, we’re developing private networking solutions tailored to address similar challenges surrounding private resource accessibility, outbound control, and network monitoring. These solutions will seamlessly integrate with other leading cloud providers such as AWS and GCP.”
Soon, users will have the ability to craft custom VM images natively in Actions, bundling all necessary software and tools to expedite build and test procedures for even the most intricate or expansive projects. Furthermore, GitHub is committed to enhancing runner SKUs to meet the evolving demands of the user base. This includes the introduction of additional GPU SKUs, ARM SKUs, and any other variants driven by customer demand.
Azure private networking for GitHub-hosted runners is generally available across Team and Enterprise Cloud plans, the newly added 2 vCPU Linux and 4 vCPU Windows SKUs are generally available across Team and Enterprise plans, and GPU runner is available in public beta across Team and Enterprise plans.
Head to GitHub’s blog post here to learn more about these updates.