GitHub Self-Hosted Runners on AWS CodeBuild
The AWS CodeBuild integration for GitHub Actions enables you to use the power of CodeBuild for your CI/CD workflows.
Published Apr 22, 2024
Last Modified Apr 30, 2024
I've written before about establishing Self-Hosted Runners within GitHub.com on AWS however, this involves deploying API endpoints and integrating with GitHub via a WebHook. It's not hard to establish, but it's extra work to look after, update, and manage.
That has been made much easier with the following feature I stumbled across by chance in the AWS Console.
This makes things simple to set up but also gives flexibility to the GitHub Actions workflow author with some of the following benefits:-
- Ephemeral runners, you don't need to patch!
- Ephemeral runners that can spin up within your VPC, in your network!
- Set the compute architecture type directly within the workflow definition
- Access to native AWS services right from within GitHub Actions
- There are no secrets to manage if configured via OAuth
Establish an OAuth AWS CodeBuild connection to your GitHub Account. You can do this via a Personal Access Token (PAT); however, I'd recommend you don't! Using OAuth and a GitHub App is a much better way, providing fine-grained access to only what's required in GitHub.
To set this up head over to CodeBuild, Build projects, Create build project
Select GitHub as the Source.
Click on Connect using OAuth. This will open the following window which will request access to your GitHub Account. From here you can approve access to just your account or to any GitHub Organisations you have.
Finally, CodeBuid will ask for confirmation to establish the connection.
Once the connection is successfully established, you will be able to list the repositories within your GitHub Account or Organisations.
NOTE:- If you are using different credentials for your AWS & GitHub Accounts, then you may need to mess about logging in with your GitHub credentials in your browser prior to hitting the Connect to GitHub button.
With the connection established, we now create our CodeBuild Project following the steps from the AWS documentation here.
The key thing that enables our integration is the WORKFLOW_JOB_QUEUED event trigger. This will trigger the codebuild project from these events within your GitHub repo.
Now, back over in GitHub, we just need to update our
runs-on value to trigger our CodeBuild Project.What's more is, if you want to use a different architecture, you can just override it right from within your workflow! Very powerful!
Here is an example of the standard output from GitHub Actions running the Super-Linter on CodeBuild
Here is the CloudWatch output log from the CodeBuild Project
This integration from AWS gives users a simple and flexible way to establish ephemeral Self-Hosted runners in AWS for GitHub Actions without the headaches of previous solutions.
It opens up so many possibilities to further integrate GitHub Actions Workflows with AWS native services. I can't wait to play with it more!
Hope someone finds this helpful!
Cheers