Getting Started¶

This guide walks you through deploying your first GitHub Actions runner using the InfraHouse module.

Prerequisites¶

AWS Resources¶

Before deploying, you need:

VPC with private subnets — Runners should be in private subnets with NAT gateway access
Secrets Manager secret — For GitHub authentication (token or App PEM key)

GitHub Setup¶

Choose one authentication method:

GitHub App (Recommended)Personal Access Token

Create a GitHub App in your organization settings
Grant permissions:
- Repository: Actions (read)
- Organization: Self-hosted runners (read/write)
Generate a private key and store it in AWS Secrets Manager
Install the App to your organization

Generate a classic token with admin:org scope
Store it in AWS Secrets Manager

Basic Deployment¶

Step 1: Create the GitHub Secret¶

resource "aws_secretsmanager_secret" "github_token" {
  name = "github-actions-runner-token"
}

resource "aws_secretsmanager_secret_version" "github_token" {
  secret_id     = aws_secretsmanager_secret.github_token.id
  secret_string = var.github_token  # Pass via environment variable
}

Step 2: Deploy the Module¶

module "actions-runner" {
  source  = "registry.infrahouse.com/infrahouse/actions-runner/aws"
  version = "~> 3.2"

  # Required
  environment              = "production"
  github_org_name          = "your-org"
  subnet_ids               = data.aws_subnets.private.ids
  alarm_emails             = ["oncall@example.com"]
  github_token_secret_arn  = aws_secretsmanager_secret.github_token.arn

  # Sizing
  instance_type            = "t3a.large"
  root_volume_size         = 50
  asg_min_size             = 1
  asg_max_size             = 3
}

Step 3: Apply and Verify¶

terraform init
terraform plan
terraform apply

After apply completes, verify your runners are registered:

Go to your GitHub organization settings
Navigate to Actions → Runners
You should see runners with labels like self-hosted, Linux, aws_region:us-west-2

Using Your Runners¶

In your GitHub Actions workflow:

jobs:
  build:
    runs-on: [self-hosted, Linux]
    steps:
      - uses: actions/checkout@v4
      - name: Build
        run: make build

Using Custom Labels¶

If you added extra_labels = ["docker", "terraform"]:

jobs:
  deploy:
    runs-on: [self-hosted, Linux, terraform]
    steps:
      - name: Deploy infrastructure
        run: terraform apply -auto-approve

Next Steps¶

Configure warm pool for faster job startup
Set up spot instances to reduce costs
Add Puppet configuration for custom software
Review monitoring setup for compliance requirements