configuring-private-networking-for-github-hosted-runners-in-your-organization.md

title	shortTitle	intro	versions	type	permissions	topics
Configuring private networking for GitHub-hosted runners in your organization	Configuring private networking	Learn how to use {% data variables.product.company_short %}-hosted runners with an Azure private network in your organization.	feature actions-private-networking-azure-vnet	how_to	{% data reusables.actions.azure-vnet-organization-permissions %}	Actions Action development Azure Virtual Network Administrator Developer CI CD Organizations

About Azure private networking for {% data variables.product.company_short %}-hosted runners

{% data reusables.actions.azure-vnet-configuring-overview %}

{% ifversion ghec %}

Note

{% data reusables.actions.azure-vnet-enterprise-policy %}

{% endif %}

Configuring your Azure resources

{% data reusables.actions.azure-vnet-procedures-prereqs %}

1. Obtain the databaseId for your organization

You can use the following GraphQL query to retrieve your organization databaseId. You will use the organization databaseId for the value of the DATABASE_ID environment variable in the next step. For more information on working with GraphQL, see "AUTOTITLE."

Query variable	Description
login	The login for your organization account, which you can identify by looking at the URL for your organization, https://github.com/organizations/ORGANIZATION_LOGIN.

query(
  $login: String!
){
  organization (login: $login)
  {
    login
    databaseId
  }
}
'
Variables
{
  "login": "ORGANIZATION_LOGIN"
}

Alternatively, you can use the following curl command to find your databaseId.

curl -H "Authorization: Bearer BEARER_TOKEN" -X POST \
  -d '{ "query": "query($login: String!) { organization (login: $login) { login databaseId } }" ,
        "variables": {
          "login": "ORGANIZATION_LOGIN"
        }
      }' \
https://api.github.com/graphql

{% data reusables.actions.azure-vnet-configure-azure-resources-script %}

Creating a network configuration for your organization in {% data variables.product.company_short %}

{% data reusables.actions.azure-vnet-creating-network-configuration-prereqs %}

1. Add a new network configuration for your organization

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}

1. In the left sidebar, click Hosted compute networking.
2. Click the New network configuration dropdown. Then click Azure private network.
3. Name your network configuration.
4. Click Add Azure Virtual Network.
5. In the popup window, enter the network settings resource ID you retrieved when you configured your Azure resources for private networking.
6. Click Add Azure Virtual Network.

2. Create a runner group for your organization

{% note %}

Note: For the runner group to be accessible by repositories within your organizations, those repositories must have access to that runner group at the organization level. For more information, see "AUTOTITLE."

{% endnote %}

1. Create a new runner group for your organization. For more information about how to create a runner group, see "AUTOTITLE."
2. To choose a policy for repository access, select the Repository access dropdown menu and click a policy. You can configure a runner group to be accessible to a specific list of repositories, or all repositories in the organization.
3. While configuring your runner group, under "Network configurations," use the dropdown menu to select the network configuration you created for the Azure VNET.
4. To create the group and apply the policy, click Create group.

3. Add the {% data variables.product.company_short %}-hosted runner to the organization runner group

{% note %}

Note: When adding your {% data variables.product.company_short %}-hosted runner to a runner group, select the runner group you created in the previous procedures.

{% endnote %}

1. Add the {% data variables.product.company_short %}-hosted runner to the runner group. For more information, see "AUTOTITLE."

4. Optionally, manage network configurations

{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}

1. In the left sidebar, click Hosted compute networking.
2. To edit a network configuration, to the right of the network configuration, click {% octicon "pencil" aria-label="Edit a network configuration" %}. Then click Edit configuration.
3. To disable a network configuration, to the right of the network configuration, click {% octicon "kebab-horizontal" aria-label="Menu" %}. Then click Disable.
4. To delete a network configuration, to the right of the network configuration, click {% octicon "kebab-horizontal" aria-label="Menu" %}. Then click Delete.

Deleting a subnet

{% data reusables.actions.azure-vnet-deleting-a-subnet %}