Runner Group Management FAQs

Question 1

How do runner groups interact with GitHub Environment protection rules?

Accepted Answer

Runner groups work alongside environment protections by ensuring that even if a workflow targets a production environment, it can only execute on runners within a specific, restricted group that requires manual approval for access.

Question 2

How do I restrict access to high-cost resources like GPUs?

Accepted Answer

You can create a workload-based runner group (e.g., gpu-runners) and configure repository access permissions so that only specific, authorized machine learning repositories can utilize those expensive resources.

Question 3

Is it safe to use self-hosted runners for public repositories?

Accepted Answer

Generally, no. Best practice dictates avoiding self-hosted runners for public repositories because external contributors can submit pull requests with malicious workflows that execute on your internal infrastructure.

Question 4

Why should I use runner groups instead of a single default group?

Accepted Answer

Using a single group allows any repository in your organization to access any runner. Runner groups create critical security boundaries, preventing a compromised low-trust repository from executing code on high-trust production runners.

Runner Group Management

About

Key Features

Use Cases

Runner Group Management

About

Key Features

Use Cases