Public GitHub Repos
WarpBuild works by registering itself as a self-hosted runner in the Default runner group (id 1) for your GitHub Organization. However, GitHub disables the ability to use self-hosted runners, including managed ones such as WarpBuild, in public repositories by default.
Enable WarpBuild runners in public repositories
Here are the steps to enable access to WarpBuild runners in public repositories in your organization:
- Go to your GitHub Organization default runner settings page here: https://github.com/organizations/[YOUR_ORG]/settings/actions/runner-groups/1
- Check the box for
Allow public repositories
GitHub Enterprise
GitHub Enterprise supports creation of multiple runner groups. The WarpBuild runners are added to the Default runner group (id 1).
Security
WarpBuild runners run the same tools and versions as GitHub-hosted runners. WarpBuild runners provide the same safety as GitHub hosted runners.
The GitHub docs recommend disabling self-hosted runners on public repositories. PRs from public contributors could include malicious content which could compromise the integrity of the infrastructure (ex: aws/gcp/azure accounts) when the right security policies are not set. This can happen easily when using self-hosted runners on k8s using actions-runner-controller (ARC) for instance, which runs workflows in containers that cannot provide secure isolation guarantees.
WarpBuild runners are secure by design. Workflows using WarpBuild runners are run inside isolated VMs with strong isolation guarantees. This makes it completely safe to use WarpBuild runners for public repos.