GitHub Actions Runner Module (ARM64)
The gh-runner-mig-arm64 module provisions ARM64-based GitHub Actions self-hosted runners on GCP using Managed Instance Groups (MIGs).
Overview
| Feature | Value |
|---|---|
| Architecture | ARM64 (T2A / C4A Axion) |
| Base Image | Ubuntu 22.04 LTS |
| Container Runtime | Docker-in-Docker |
| Authentication | GitHub App or PAT |
| Scaling | Auto-scaling or fixed size |
| Ephemeral | Single job execution |
Key Benefits
- 18-31% faster than x86 equivalents
- 18% cheaper per vCPU-hour
- Native ARM64 support for multi-arch builds
- Enterprise-grade security (Shielded VMs, optional Confidential VMs)
Supported Regions
ARM64 instances are available in these regions:
| Region | Available |
|---|---|
| us-central1 | ✅ |
| us-east1 | ✅ |
| us-west1 | ✅ |
| europe-west1 | ✅ |
| europe-west4 | ✅ |
| asia-southeast1 | ✅ |
| northamerica-northeast1 | ❌ |
warning
The project's primary region (northamerica-northeast1) does NOT support ARM64. Runners are deployed to us-central1.
Usage
Basic Example
module "github_runners" {
source = "../modules/gh-runner-mig-arm64"
project_id = var.project_id
region = "us-central1"
network = google_compute_network.runners.self_link
subnet = google_compute_subnetwork.runners.self_link
github_app_id = "1998375"
github_app_private_key = var.github_private_key
org_name = "badal-io"
runner_group = "badal-arm64-${var.env_type}"
labels = ["arm64", "ubuntu", "docker", "gcp", var.env_type]
}
High-Performance Example
module "github_runners_perf" {
source = "../modules/gh-runner-mig-arm64"
project_id = var.project_id
region = "us-central1"
machine_type_cores = 8
enable_nvme = true
enable_autoscaling = true
min_replicas = 1
max_replicas = 10
target_cpu_utilization = 0.7
# ... other config
}
Input Variables
Required
| Variable | Type | Description |
|---|---|---|
project_id | string | GCP Project ID |
network | string | VPC network self_link |
subnet | string | Subnet self_link |
GitHub Authentication
| Variable | Type | Description |
|---|---|---|
github_app_id | string | GitHub App ID |
github_app_private_key | string | GitHub App private key (PEM) |
github_token | string | Alternative: Personal Access Token |
org_name | string | GitHub organization name |
Machine Configuration
| Variable | Type | Default | Description |
|---|---|---|---|
machine_type_cores | number | 2 | vCPUs (1, 2, 4, 8, 16, 32, 48) |
region | string | us-central1 | GCP region |
preemptible | bool | false | Use preemptible instances |
enable_nvme | bool | false | Enable NVMe disk interface |
Scaling
| Variable | Type | Default | Description |
|---|---|---|---|
target_size | number | 1 | Fixed instance count |
enable_autoscaling | bool | false | Enable CPU-based autoscaling |
min_replicas | number | 1 | Minimum instances |
max_replicas | number | 10 | Maximum instances |
target_cpu_utilization | number | 0.6 | Target CPU for scaling |
Security
| Variable | Type | Default | Description |
|---|---|---|---|
enable_shielded_vm | bool | true | Enable Shielded VM features |
enable_confidential_vm | bool | false | Enable Confidential Computing |
enable_secure_boot | bool | true | Enable Secure Boot |
enable_vtpm | bool | true | Enable vTPM |
enable_integrity_monitoring | bool | true | Enable Integrity Monitoring |
Outputs
| Output | Description |
|---|---|
instance_template | Instance template self_link |
instance_group_manager | MIG self_link |
service_account_email | Runner service account |
autoscaler | Autoscaler self_link (if enabled) |
health_check | Health check self_link |
Architecture
Zone Distribution
The module distributes instances across zones for high availability:
zones = ["us-central1-a", "us-central1-b", "us-central1-f"]
note
us-central1-c is excluded as it doesn't support ARM64 instances.
Ephemeral Mode
Runners are configured in ephemeral mode:
- Runner starts and registers with GitHub
- Picks up a single job
- Executes the job
- Unregisters and terminates
- MIG replaces with fresh instance
This ensures:
- Clean environment for each job
- No state leakage between jobs
- Automatic security patching via image updates