ephemeral-runner-patterns
OfficialEphemeral runners for secure, disposable CI.
Authoradaptive-enforcement-lab
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Disposable runner environments solve the risk of persistent state and cross-job contamination by ensuring every GitHub Actions job runs in a fresh environment that is destroyed after completion, thereby reducing attack surfaces and credential leakage.
Core Features & Use Cases
- Container-based ephemeral runners: per-job isolation via container patterns (Podman) with optional enhanced isolation (e.g., gVisor) for rapid provisioning and cleanup.
- VM-based ephemeral runners: full hardware-like isolation per job for high-security requirements with longer provisioning times.
- ARC patterns: Kubernetes-native runner orchestration for scalable, pod-level isolation within clusters.
- Automatic teardown: guaranteed cleanup after job completion to prevent state leakage and reduce maintenance burden.
- Flexible deployment: choose container, VM, or ARC models to balance speed, cost, and security in CI pipelines.
- Use cases: ideal for CI workflows handling sensitive artifacts, secrets, or multi-tenant builds requiring strong job isolation.
Quick Start
Deploy an ephemeral runner pattern (container, VM, or ARC) and trigger a GitHub Actions workflow to observe per-job isolation and automatic teardown.
Dependency Matrix
Required Modules
podmangcloudcurlopensslsystemctltarhostname
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ephemeral-runner-patterns Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#ephemeral-runner-patterns Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.