I have a self-hosted GitHub runner that acts as a build server for compiling projects. The runner runs in a docker container on a server (Debian) that I control. The docker container is started as a systemd service.
I'd like to provide a fresh, clean build environment for every job.
My current thought is to configure the runner as ephemeral (by running config.sh with --ephemeral) so that it only does one job, and then the docker container exits after that job, and is restarted automatically by systemd, with a new ephemeral runner waiting for the next job.
But I'm having trouble figuring out how to set up the runner. Currently I configure the runner when I build the docker image, and run the runner when I run the docker image, basically something like this in my Dockerfile:
# after downloading and installing runner into /runner:
RUN cd /runner && \
./config.sh --url https://github.com/myrepo --name runner-name --token ABCDE12345 --ephemeral
# then, upon running the image:
ENTRYPOINT /runner/run.sh
The problem is that the token is only good for one use. So I think I need to run config.sh as part of the ENTRYPOINT. But, I don't know how to retrieve a new token.
How can I set this up? How can I run an ephemeral runner in a docker container repeatedly, given that I need an authentication token each time I create a new runner?