# WarpBuild > WarpBuild provides high-performance CI infrastructure for GitHub Actions: faster Linux (x64/arm64), macOS, Windows, and GPU runners, remote Docker builders, snapshot runners, and high-throughput caching — in WarpBuild's cloud or your own cloud account (BYOC) — at a fraction of the cost of default runners. --- # WarpBuild - 2x faster, 50% cheaper Github Actions runners URL: https://www.warpbuild.com/ Description: WarpBuild is a drop in replacement for Github runners that are 2x faster and 50% cheaper. Get light speed builds and light weight bills in 30 seconds. # Build at the speed of thought. WarpBuild provides high-performance GitHub Actions runners that are 2x faster and 50% cheaper. Drop-in replacement, zero config. [Get Started Free](https://app.warpbuild.com)[Schedule Demo](https://cal.com/suryao/start) No credit card required · 2-minute setup [Remote Docker buildersBuild and push Docker images with blazing fast remote builders](/docs/ci/docker-builders)[Managed or in your cloudDeploy in our managed cloud or your own secure infrastructure](/docs/ci/byoc)[MacOS, Windows, and LinuxFull compatibility across all major operating systems](/docs/ci/cloud-runners#macos-m4-pro-on-arm64)[x86-64 and ARM64 supportSupport for both x86-64 and ARM64 architectures](/docs/ci/cloud-runners#linux-arm64)[Unlimited concurrencyScale infinitely with no limits on parallel jobs](/docs/ci/cloud-runners#concurrency)[Get Started in MinutesOne-line change to your workflow file. No complex setup or migration required.](https://app.warpbuild.com) ![Sonar](/images/customers/sonarqube.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Comcast](/images/customers/comcast.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Sky](/_next/image?url=%2Fimages%2Fcustomers%2Fsky-uk.png&w=256&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Braintrust](/images/customers/braintrust.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Adaptive](/_next/image?url=%2Fimages%2Fcustomers%2Fadaptive.png&w=256&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![OxCaml](/images/customers/oxcaml.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![DDEV](/images/customers/ddev.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Kintsugi](/images/customers/kintsugi-ai.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Rork](/images/customers/rork-ai.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![LanceDB](/_next/image?url=%2Fimages%2Fcustomers%2Flancedb.png&w=256&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //WarpBuild CI ## Blazing Fast Github Actions Runners 2x faster builds with optimized runners, caching, and incremental builds. Fully maintenance free. HighlightsOn AWS, GCP, AzureDisk SnapshotsQuickstart ### Flexible Deployment Managed cloud or your own AWS, GCP, Azure VPC. ![Flexible Deployment](/images/byoc-all-cloud.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Secure Ephemeral VMs, complete isolation, no code access. ![Secure](/images/secure.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Built for scale Unlimited job concurrency, fast local caching, and tools designed to support collaboration for 1000s of developers. ![Built for scale](/images/scale.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Incremental Builds Reduce build times and improve efficiency with full disk snapshots. ![Incremental Builds](/images/snap.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Unlimited concurrency Scale to thousands of parallel jobs per workflow. ![Unlimited concurrency](/images/concurrency.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Blazing fast caching 3-10x faster caching for artifacts and container layers. ![Blazing fast caching](/images/ci-cache.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Linux, MacOS, Windows Support for all OSes and architectures ![Linux, MacOS, Windows](/images/osses.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Static IPs (BYOC Only) Setup static IPs for security sensitive runner allowlists. Available with Bring Your Own Cloud deployments. ![Static IPs (BYOC Only)](/images/static-ip.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //Benchmarks ## World's Fastest Runners and Builders [All Benchmarks](/compare/github) CI Runners ![pocketbase](/images/pocketbase-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### [pocketbase](https://github.com/test) 2.0xFaster ![WarpBuild](/images/warp-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) 1m 40s 3m 20s Docker Builders ![posthog](/images/posthog-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### [posthog](https://github.com/test) 40.0xFaster ![WarpBuild](/images/warp-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) 6m 15s 250m 0s //Enterprise ## Enterprise ready by design, battle-tested at scale Connect only the products you need. Enterprise grade security, compliance, and support. [Schedule a Call](https://cal.com/suryao/start) ![Bring Your Own Cloud](/images/home-cloud.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Bring Your Own Cloud Data never leaves your perimeter with BYOC deployments on AWS, GCP, Azure. ![Data Residency](/images/home-data.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Data Residency Pin any data you choose to a specific region and eliminate cloud ingress and egress costs with [region-specific infrastructure](/products/region-specific-infrastructure). ![SOC2 Type 2 compliant](/images/soc2.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### SOC2 Type 2 compliant Read more about our [security practices](/docs/ci/security) and our [SOC2 report](https://trust.warpbuild.com/) ![24x7 Support](/images/home-sup.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### 24x7 Support 24x7 support and SLA guarantees for uninterrupted operations. ![No LLM Data Retention](/images/home-data.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### No LLM Data Retention Zero data retention agreement with LLM providers so your data is never used for training models. ![SSO and Access Controls](/images/home-key.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### SSO and Access Controls Connect with your IDP for easy user management and controls. ## What Our CI Customers Say Run times went down from \~25 mins to \~9 mins Even bazel cache load time was faster by 30% We've evaluated three other runner provider. WarpBuild seems the most stable and is our current favorite Wow. These macOS runners are a LOT faster than GiHub's. Previous builds would take 30 mins, now they're done in 8! Going from GitHub standard runners to your cheapest runners will save 30-40% time off the average workflow at half the price, and the workflow I care most about is staying the same price but 60% time savings. Thanks to Warp we're building our nextjs landing page with Github Actions (for Cloudflare Pages) faster than Vercel's CI/CD I get to save the company money and save us on build times. Making me look good to my management team. I gotta say, of like 4-5 providers we've tried, your support has been incredible and has really made the difference for us. Tried out pretty much every provider in the market, and this one works the best out of the box Building and packaging our #rust library for iOS and Android used to take half an hour in Cl. Switched it to @WarpBuilds MacOS runners and it's down to 8 mins. Plus it's cheaper! ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # About WarpBuild - The Team Building Faster CI/CD | WarpBuild URL: https://www.warpbuild.com/about Description: Meet the WarpBuild team - engineers passionate about developer tools and infrastructure. Backed by Y Combinator, we're building the future of fast, reliable CI/CD. ![Globe Grid Background](/images/globe-grid.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![WarpBuild Logo](/images/logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) Building the future of cloud infrastructure WarpBuild enables fast development iterations for engineering teams by providing a complete set of tools and workflows that make building, iterating, and deploying code fast, reliable, and delightful. CI workflows today are slow, interrupt the flow of developers, and opaque. WarpBuild is the solution. We are a team of engineers, building together for years. We share a passion for developer tools and infrastructure, and to make something people want. We are backed by some of the best tech investors who are amazing supporters of builders working on big, ambitious ideas. Backed by ![Y Combinator](/images/yc.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) --- # Brand Assets | WarpBuild URL: https://www.warpbuild.com/brand-assets Description: Official WarpBuild brand assets, logos, colors, and usage guidelines. # Brand Assets ## Company Name Our company name is "WarpBuild" : one word with "W" and "B" capitalized. (incorrect usage - warpbuild, Warpbuild, warp build, warpBuild) [Download WarpBuild Assets](https://drive.google.com/uc?export=download&id=1LSLafI4bEhjUdPIigUMxJ23hAxLZn823) ## Logotype The logotype consists of the WarpBuild name and the symbol in a horizontal layout. We have a couple of variations of the logotype based on the background color. ![Logotype 1](/images/logo-dark.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Logotype 2](/images/logo-light.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Logotype 3](/images/logo-white.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Logotype 4](/images/logo-black.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ## Symbol The symbol consists of 6 long streaks and 6 short streaks in an alternating fashion with one of the smaller streaks placed at 12 o'clock. ![symbol 1](/images/mark-dark.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![symbol 2](/images/mark-light.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![symbol 3](/images/mark-white.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![symbol 4](/images/mark-black.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ## Colors Our primary colors consist of green, Dark Gray and white. Green #06AA63 RGB(6, 170, 99) Dark Gray #060708 RGB(6, 7, 8) White #FFFFFF RGB(255, 255, 255) ## Usage Make sure that there is the required amount of whitespace around the logotype and the symbol as shown in the examples. ![logotype usage](/images/usage.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![symbol usage](/images/usage-1.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) [Download WarpBuild Assets](https://drive.google.com/uc?export=download&id=1LSLafI4bEhjUdPIigUMxJ23hAxLZn823) --- # Customers - WarpBuild | WarpBuild URL: https://www.warpbuild.com/customers Description: See how engineering teams at Adaptive, Braintrust, Vori, SonarSource, and Samaya AI use WarpBuild to ship faster with high-performance CI/CD runners. //Customers ## Trusted by engineering teams shipping at scale From construction tech to financial AI, teams rely on WarpBuild for fast, reliable CI/CD infrastructure. [![Adaptive](/_next/image?url=%2Fimages%2Fcustomers%2Fadaptive.png&w=3840&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)](/customers/adaptive)[![Braintrust](/images/customers/braintrust.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)](/customers/braintrust)[![Vori](/images/customers/vori.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)](/customers/vori)[![SonarQube](/images/customers/sonarqube.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)](/customers/sonarqube)[![Samaya AI](/images/customers/samaya-ai.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)](/customers/samaya-ai) [![Adaptive logo](/_next/image?url=%2Fimages%2Fcustomers%2Fadaptive.png&w=3840&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)AdaptiveAdaptive builds financial infrastructure for the construction industry, modernizing how payments and financing flow between general contractors, subcontractors, and suppliers.$26.4M raised700+ buildersUses Snapshots](/customers/adaptive)[![Braintrust logo](/images/customers/braintrust.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)BraintrustBraintrust is the enterprise AI platform for building, evaluating, and shipping production-grade LLM applications. Teams use Braintrust to test, iterate, and monitor AI products at scale.Enterprise AI platformMulti-arch CIUses ARM64 & x86 Runners](/customers/braintrust)[![Vori logo](/images/customers/vori.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)VoriVori builds operating software for independent grocery stores, helping them compete with larger chains through modern technology for ordering, inventory, and pricing.Early WarpBuild customerGrocery OSUses Cloud Runners](/customers/vori)[![SonarQube logo](/images/customers/sonarqube.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)SonarQubeSonar, the makers of SonarQube, is a global leader in AI code verification and governance, trusted by over 7 million developers globally. The company's verification offering, SonarQube, is a multilayered, zero trust platform built for the AI era, delivering comprehensive analysis from the first line of code written to the last merge.7M+ developers#1 on G2Uses BYOC on AWS](/customers/sonarqube)[![Samaya AI logo](/images/customers/samaya-ai.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv)Samaya AISamaya AI provides an AI-powered knowledge platform for financial services, helping institutions extract insights from vast document collections with enterprise-grade security.10K+ seatsTIME100 AIUses Cloud Runners & Docker Builders](/customers/samaya-ai) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Adaptive - WarpBuild Customer | WarpBuild URL: https://www.warpbuild.com/customers/adaptive Description: Adaptive builds financial infrastructure for the construction industry, modernizing how payments and financing flow between general contractors, subcontractors, and suppliers. ![Adaptive logo](/_next/image?url=%2Fimages%2Fcustomers%2Fadaptive.png&w=3840&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) Construction Tech # Adaptive AI agents ship full features autonomously Adaptive builds financial infrastructure for the construction industry, modernizing how payments and financing flow between general contractors, subcontractors, and suppliers. $26.4M raised700+ builders [Visit Adaptive ](https://www.adaptive.build) ## The Challenge Before WarpBuild, Adaptive's engineering team had to manually configure CI environments every time an AI code agent needed to build and test. Installing packages, loading test fixtures, injecting secrets - the setup overhead killed the promise of autonomous coding. Agents could write code, but couldn't validate it end-to-end without extensive human scaffolding. ## How Adaptive uses WarpBuild Adaptive is modernizing construction finance with software that streamlines payments and financing across the industry. With over $26.4M in funding, Adaptive uses WarpBuild Snapshots as the default environment for their AI code agents. Each CI environment comes pre-loaded with all tests, packages, integrations, and secrets - so agents can build end-to-end features with minimal manual intervention. This approach has fundamentally changed how their engineering team ships, letting code agents take features from start to finish autonomously. WarpBuild product used ## Snapshots Disk snapshots that save workflow state for 10x faster incremental builds. [Learn more ](/products/ci/cloud-runners) ## Key Results * ✓Snapshots as pre-configured default environments for AI code agents * ✓All tests, packages, integrations, and secrets pre-loaded in each CI environment * ✓Automated end-to-end feature building with minimal manual intervention * ✓60%+ reduction in manual engineering intervention per feature [← All Customers](/customers) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Braintrust - WarpBuild Customer | WarpBuild URL: https://www.warpbuild.com/customers/braintrust Description: Braintrust is the enterprise AI platform for building, evaluating, and shipping production-grade LLM applications. Teams use Braintrust to test, iterate, and monitor AI products at scale. ![Braintrust logo](/images/customers/braintrust.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) AI/ML # Braintrust Native multi-arch CI without self-hosted overhead Braintrust is the enterprise AI platform for building, evaluating, and shipping production-grade LLM applications. Teams use Braintrust to test, iterate, and monitor AI products at scale. Enterprise AI platformMulti-arch CI [Visit Braintrust ](https://www.braintrust.dev) ## The Challenge Braintrust's AI evaluation platform must ship across ARM64 and x86 targets - but GitHub-hosted runners only offer x86\. Running multi-arch builds meant maintaining custom self-hosted infrastructure, dealing with inconsistent performance across architectures, and slowing down the release cycle for enterprise customers. ## How Braintrust uses WarpBuild Braintrust provides the enterprise AI evaluation and deployment platform that teams depend on to build and ship reliable LLM-powered products. Their CI pipelines run across multiple architectures to guarantee compatibility for every deployment target. WarpBuild's ARM64 and x86 runners deliver the multi-architecture coverage Braintrust needs with best-in-class performance, powering fast cross-platform testing and confident releases. WarpBuild product used ## ARM64 & x86 Runners High-performance runners across ARM64 and x86 architectures for cross-platform CI. [Learn more ](/products/ci/arm64-runners) ## Key Results * ✓Cross-platform CI across ARM64 and x86 architectures * ✓Fast, reliable multi-architecture testing for AI workloads * ✓Consistent performance across all deployment targets * ✓Eliminated self-hosted runner maintenance overhead * ✓Consistent sub-minute provisioning across both architectures [← All Customers](/customers) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Samaya AI - WarpBuild Customer | WarpBuild URL: https://www.warpbuild.com/customers/samaya-ai Description: Samaya AI provides an AI-powered knowledge platform for financial services, helping institutions extract insights from vast document collections with enterprise-grade security. ![Samaya AI logo](/images/customers/samaya-ai.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) Financial AI # Samaya AI 10-25x faster Docker builds Samaya AI provides an AI-powered knowledge platform for financial services, helping institutions extract insights from vast document collections with enterprise-grade security. 10K+ seatsTIME100 AI [Visit Samaya AI ](https://www.samaya.ai) ## The Challenge Samaya AI's platform processes heavy Docker-based workflows - tens of builds per pull request across ARM64 and x64\. Standard Docker builds were a major bottleneck, with each PR triggering long build queues that slowed code review cycles and blocked deployments for their financial services clients. ## How Samaya AI uses WarpBuild Samaya AI builds AI-powered knowledge infrastructure for the financial services industry, serving 10,000+ seats across major institutions and recognized on the TIME100 AI list. Their platform runs ARM64 and x64 workloads alongside heavy Remote Docker Builder usage - tens of builds per PR. After switching to WarpBuild Docker Builders, Samaya AI achieved a 10-25x reduction in build times, transforming their development velocity. WarpBuild product used ## Cloud Runners & Docker Builders High-performance ARM64 and x64 runners paired with Remote Docker Builders for fast container builds. [Learn more ](/products/ci/docker-builders) ## Key Results * ✓Multi-architecture CI across ARM64 and x64 runners * ✓Tens of Docker builds per PR with Remote Docker Builders * ✓10-25x reduction in build times after adopting WarpBuild Docker Builders * ✓Unblocked PR review velocity with near-instant Docker builds [← All Customers](/customers) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # SonarQube - WarpBuild Customer | WarpBuild URL: https://www.warpbuild.com/customers/sonarqube Description: Sonar, the makers of SonarQube, is a global leader in AI code verification and governance, trusted by over 7 million developers globally. The company's verification offering, SonarQube, is a multilayered, zero trust platform built for the AI era, delivering comprehensive analysis from the first line of code written to the last merge. ![SonarQube logo](/images/customers/sonarqube.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) Dev Tools # SonarQube Tens of thousands of CI jobs daily, fully automated Sonar, the makers of SonarQube, is a global leader in AI code verification and governance, trusted by over 7 million developers globally. The company's verification offering, SonarQube, is a multilayered, zero trust platform built for the AI era, delivering comprehensive analysis from the first line of code written to the last merge. 7M+ developers#1 on G2 [Visit SonarQube ](https://www.sonarsource.com) ## The Challenge SonarQube's CI infrastructure runs at massive scale - tens of thousands of jobs per day across both Windows and Linux. Managing that volume with self-hosted runners meant constant maintenance, manual image updates, and limited visibility into fleet health. They needed a provider that could handle enterprise scale while giving API-level control over infrastructure. ## How SonarQube uses WarpBuild SonarQube is ranked #1 on G2 for static code analysis and a Gartner Magic Quadrant Leader. They run bring your own cloud (BYOC) instances on AWS across both Windows and Linux, processing tens of thousands of CI jobs per day. Sonar has built custom automation around the WarpBuild API for automatic image updates, runner configuration changes, and programmatic infrastructure management - all done without manual intervention. WarpBuild product used ## BYOC on AWS Bring Your Own Cloud runners deployed in Sonar's AWS account for maximum control and security. [Learn more ](/products/ci/byoc/aws) ## Key Results * ✓Multi-OS support with BYOC instances running both Windows and Linux on AWS * ✓Tens of thousands of CI jobs processed per day at scale * ✓Custom images with pre-installed dependencies for fast, reproducible builds * ✓Runner pools for instant job starts with zero cold-boot latency * ✓Multiple instance types per runner group for automatic fallback when AWS capacity is constrained * ✓Multiple AWS account targets for runners across environments * ✓Dashboards for visibility into job and queue metrics * ✓Customizable AWS infrastructure setup for maximum security within organization constraints * ✓API-driven automation for image updates, runner configuration, and infrastructure management * ✓Maintenance-free runner image updates and configuration [← All Customers](/customers) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Vori - WarpBuild Customer | WarpBuild URL: https://www.warpbuild.com/customers/vori Description: Vori builds operating software for independent grocery stores, helping them compete with larger chains through modern technology for ordering, inventory, and pricing. ![Vori logo](/images/customers/vori.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) Retail Tech # Vori Most stable runners after evaluating 3 providers Vori builds operating software for independent grocery stores, helping them compete with larger chains through modern technology for ordering, inventory, and pricing. Early WarpBuild customerGrocery OS [Visit Vori ](https://www.vori.com) ## The Challenge As an early-stage team shipping software for independent grocers, Vori needed CI that just works. GitHub-hosted runners were slow and unpredictable. After trying multiple third-party runner providers, they experienced flaky builds and inconsistent support that ate into engineering time better spent on product. ## How Vori uses WarpBuild Vori builds the operating system for independent grocery stores, giving them the same technology advantages as large chains. As one of WarpBuild's earliest customers with a 2+ year relationship, Vori moved their CI pipelines to WarpBuild Cloud Runners and saw immediate improvements in build speed and reliability. Their engineering team has consistently found WarpBuild to be the most stable runner provider they've used across multiple evaluations. WarpBuild product used ## Cloud Runners 2x faster GitHub Actions runners with zero config, drop-in replacement. [Learn more ](/products/ci/cloud-runners) ## Key Results * ✓Immediate speed improvement after migrating from GitHub-hosted runners * ✓Most stable runner provider after evaluating multiple alternatives * ✓Zero-config drop-in replacement for existing workflows * ✓2+ year continuous reliability track record with WarpBuild “We've evaluated three other runner providers. WarpBuild seems the most stable and is our current favorite.” [← All Customers](/customers) ## Ship faster with WarpBuild. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Privacy Policy | WarpBuild URL: https://www.warpbuild.com/legal/privacy Description: Our Privacy Policy governs your visit to warpbuild.com, and explains how we collect, safeguard and disclose information that results from your use of our Service. [Subscribe](/legal/rss.xml) ## Privacy Policy Last updated January 15, 2025 ## 1\. Introduction Welcome to WarpBuild. At WarpBuild, we believe in transparency and responsible data handling. This privacy policy explains what data we collect, and how we use data to provide you with both our CI/CD infrastructure and Helios AI-powered development tools while respecting your privacy and maintaining security. Argonaut HQ, Inc ("us", "we", or "our") operates (hereinafter referred to as "Service"). Our Privacy Policy governs your visit to , and explains how we collect, and safeguard information that results from your use of our Service. We use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions. Our Terms and Conditions ("Terms") govern all use of our Service and together with the Privacy Policy constitutes your agreement with us ("agreement"). ## 2\. Definitions * **SERVICE** means the website operated by Argonaut HQ, Inc * **PERSONAL DATA** means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). * **USAGE DATA** is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit). * **COOKIES** are small files stored on your device (computer or mobile device). * **DATA CONTROLLER** means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data. * **DATA PROCESSOR (OR SERVICE PROVIDER)** means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively. * **DATA SUBJECT** is any living individual who is the subject of Personal Data. * **THE USER** is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data. ## 3\. Information Collection and Use We collect several different types of information for various purposes to provide and improve our Service to you. ## 4\. Types of Data Collected ### Personal Data While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to: * Email address * First name and last name * Cookies and Usage Data * Rough location (e.g. city, state, country) We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link. ### Usage Data We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through a mobile device ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. ## 5\. Use of Data Argonaut HQ, Inc uses the collected data for various purposes: * to provide and maintain our Service; * to notify you about changes to our Service; * to allow you to participate in interactive features of our Service when you choose to do so; * to provide customer support; * to gather analysis or valuable information so that we can improve our Service; * to monitor the usage of our Service; * to detect, prevent and address technical issues; * to fulfill any other purpose for which you provide it; * to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; * to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.; * to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information; * in any other way we may describe when you provide the information; * for any other purpose with your consent. **WarpBuild CI**: No source code or build logs are stored on our servers. We only receive the event trigger from the CI/CD provider to process the build. **WarpBuild Helios**: Source code representation is stored for providing code intelligence services. However, this is not used for any AI model training. We have Zero Data Retention agreements in place with the AI model providers to ensure there is no access to any sensitive data. **WarpBuild CI Insights**: Aggregate information about build trends and metrics are stored to improve our Service. ## 6\. Retention of Data We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. ## 7\. Transfer of Data Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Please note that we transfer the data, including Personal Data, to the United States or where our servers are located and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Argonaut HQ, Inc will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. ## 8\. Disclosure of Data We may disclose personal information that we collect, or you provide: ### Disclosure for Law Enforcement Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities. ### Business Transaction If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. ### Other cases We may disclose your information also: * to our subsidiaries and affiliates; * to contractors, service providers, and other third parties we use to support our business; * to fulfil the purpose for which you provide it; * for the purpose of including your company's logo on our website; * for any other purpose disclosed by us when you provide the information; * with your consent in any other cases; * if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. ## 9\. Security of Data The security of your data is important to us. We strive to use commercially acceptable means to protect your Personal Data. We implement industry-standard security measures: * Regular security audits and penetration testing * Access controls and authentication safeguards * SOC 2 compliance ## 10\. Your Data Protection Rights Under General Data Protection Regulation (GDPR) If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at [support@warpbuild.com](mailto:support@warpbuild.com). In certain circumstances, you have the following data protection rights: * the right to access, update or to delete the information we have on you; * the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete; * the right to object. You have the right to object to our processing of your Personal Data; * the right of restriction. You have the right to request that we restrict the processing of your personal information; * the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format; * the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information; Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA). ## 11\. Your Data Protection Rights under the California Privacy Protection Act (CalOPPA) CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: According to CalOPPA we agree to the following: * users can visit our site anonymously; * our Privacy Policy link includes the word "Privacy", and can easily be found on the page specified above on the home page of our website; * users will be notified of any privacy policy changes on our Privacy Policy Page; * users are able to change their personal information by emailing us at [support@warpbuild.com](mailto:support@warpbuild.com). ## 12\. Your Data Protection Rights under the California Consumer Privacy Act (CCPA) If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us: ### What personal information we have about you If you make this request, we will return to you: * The categories of personal information we have collected about you. * The categories of sources from which we collect your personal information. * The business or commercial purpose for collecting or selling your personal information. * The categories of third parties with whom we share personal information. * The specific pieces of personal information we have collected about you. * A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact. * A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with. Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months. ### To delete your personal information If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate. ### To stop selling your personal information We do not sell your personal information for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a "sale" under California law. If you submit a request to stop selling your personal information, we will stop making such transfers. If you are a California resident, to opt-out of the sale of your personal information, click "Do Not Sell My Personal Information" at the bottom of our home page to submit your request. Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights. To exercise your California data protection rights described above, please send your request(s) by one of the following means: By email: [support@warpbuild.com](mailto:support@warpbuild.com) Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020. ## 13\. Service Providers We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We rely on third-party Service Providers to provide our Service. The list of subprocessors is available at . ## 14\. Children's Privacy Our Services are not intended for use by children under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from Children under 13\. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers. ## 15\. Changes to This Privacy Policy We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We may let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. ## 16\. Contact Us If you have any questions about this Privacy Policy, please contact us: By email: [support@warpbuild.com](mailto:support@warpbuild.com) --- # Subprocessors | WarpBuild URL: https://www.warpbuild.com/legal/subprocessors Description: WarpBuild may use the following Subprocessors to host Customer Data, provide infrastructure that helps with delivery of our Services or related functions. [Subscribe](/legal/rss.xml) ## Subprocessors Last updated April 8, 2026 ## 1\. Introduction ‍To support delivery of our services, Argonaut HQ, Inc. ("WarpBuild", "Company", "Argonaut") uses service providers that may store and process Customer Data (each, a "Subprocessor"). This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set forth in the [Terms of Service](https://www.warpbuild.com/legal/terms) or superseding written agreement between Customer and WarpBuild (the "Agreement"). ## 2\. Third-Party Subprocessors WarpBuild may use the following Subprocessors to host Customer Data, provide infrastructure that helps with delivery of our Services, or perform other functions related to the WarpBuild Service. Prior to engaging any third party Subprocessor, WarpBuild performs diligence to evaluate their privacy, security and confidentiality practices. We collect several different types of information for various purposes to provide and improve our Service to you. | Entity | Subprocessing Activity | | ------------------------- | --------------------------------------------------------------- | | Amazon Web Services, Inc. | Cloud Service Provider | | Google LLC | Cloud Service Provider, Website Analytics, Email Communications | | Microsoft Azure | Cloud Service Provider | | Cloudflare, Inc. | Web Application Firewall | | Datadog, Inc. | Infrastructure Monitoring | | MacStadium, Inc. | macOS Cloud Infrastructure | | Neon, Inc. | Serverless Database Services | | UnifyGTM | Go-to-Market / Sales Intelligence | | Attio | CRM | | Slack Technologies, Inc. | Messaging Services | | Vercel Inc. | Web Hosting Provider | | GitHub, Inc. | Version Control and Developer Services | | Posthog, Inc. | Session Analytics | | Atlas Support, Inc. | Customer Communications | | Linear Orbit | Project management and Tracking | | OpenAI, L.L.C. | AI Services | | Anthropic, PBC | AI Services | | Stripe, Inc. | Payment Processing | | Hetzner Online GmbH | Cloud Service Provider | | E2B Dev, Inc. | Cloud Sandboxes | | ClickHouse, Inc. | Data Storage and Analytics | | Incident.io Ltd. | Status Page and Incident Management | --- # Terms of Service | WarpBuild URL: https://www.warpbuild.com/legal/terms Description: These Terms of Service govern your use of our web pages located at https://warpbuild.com operated by Argonaut HQ, Inc. [Subscribe](/legal/rss.xml) ## Terms of Service Last updated February 13, 2023 ## 1\. Introduction Welcome to Argonaut HQ, Inc (“Company”, “we”, “our”, “us”)! As you have just clicked our Terms of Service, please pause, grab a cup of coffee and carefully read the following pages. It will take you approximately 20 minutes. These Terms of Service (“Terms”, “Terms of Service”) govern your use of our web pages located at operated by Argonaut HQ, Inc Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages. Please read it here . Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound by them. If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at [support@warpbuild.com](mailto:support@warpbuild.com) so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service. These terms may be superseded by custom agreements with specific customers. Thank you for being responsible. ## 2\. Communications By creating an Account on our Service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or by emailing at [support@warpbuild.com](mailto:support@warpbuild.com). ## 3\. Purchases If you wish to purchase any product or service made available through Service ("Purchase"), you may be asked to supply certain information relevant to your Purchase including, without limitation, your credit card number, the expiration date of your credit card, your billing address, and your shipping information. You represent and warrant that: * You have the legal right to use any credit card(s) or other payment method(s) in connection with any Purchase; and that * The information you supply to us is true, correct and complete. We may employ the use of third party services for the purpose of facilitating payment and the completion of Purchases. By submitting your information, you grant us the right to provide the information to these third parties subject to our Privacy Policy. We reserve the right to refuse or cancel your order at any time for reasons including but not limited to: product or service availability, errors in the description or price of the product or service, error in your order or other reasons. We reserve the right to refuse or cancel your order if fraud or an unauthorized or illegal transaction is suspected. ## 4\. Subscriptions Some parts of Service are billed on a subscription basis ("Subscription(s)"). You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription. At the end of each Billing Cycle, your Subscription will automatically renew unless you cancel it or Argonaut HQ, Inc cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting Argonaut HQ, Inc customer support team. A valid payment method, including credit card, is required to process the payment for your subscription. You shall provide Argonaut HQ, Inc with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize Argonaut HQ, Inc to charge all Subscription fees incurred through your account to any such payment instruments. Should automatic billing fail to occur for any reason, Argonaut HQ, Inc will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice. ## 5\. Free Trial Argonaut HQ, Inc may, at its sole discretion, offer a Subscription with a free trial for a limited period of time ("Free Trial"). You may be required to enter your billing information in order to sign up for Free Trial. If you do enter your billing information when signing up for Free Trial, you will not be charged by Argonaut HQ, Inc until Free Trial has expired. On the last day of Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected. At any time and without notice, Argonaut HQ, Inc reserves the right to: * Modify Terms of Service of Free Trial offer, or * Cancel such Free Trial offer. ## 6\. Fee Changes Argonaut HQ, Inc, in its sole discretion and at any time, may modify Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle. Argonaut HQ, Inc will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective. Your continued use of Service after Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount. ## 7\. Refunds We do not offer refunds for products that are billed on a usage based model. We may offer refunds for products that are billed on a subscription basis, at our sole discretion. ## 8\. Content Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material ("Content"). You are responsible for Content that you post on or through Service, including its legality, reliability, and appropriateness. By posting Content on or through Service, You represent and warrant that: * Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and * That the posting of your Content on or through Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright. You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third party posts on or through Service. Argonaut HQ, Inc has the right but not the obligation to monitor all Content provided by users. You may not distribute, modify, transmit, reuse, download, repost, copy, or use Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us. **Source Code Protection.** We do not access, read, or analyze your source code, repositories, or other proprietary code ("Source Code") that you provide to or process through the Service, except as strictly necessary to provide the Service to you (for example, to execute builds or run workflows you have configured). We do not share, sell, license, or disclose your Source Code to any third party. Your Source Code remains your sole property at all times, and we claim no rights, ownership, or interest in it. ## 9\. Prohibited Uses You may use Service only for lawful purposes and in accordance with Terms. You agree not to use Service: * In any way that violates any applicable national or international law or regulation. * For the purpose of exploiting, harming, or attempting to exploit or harm minors in any way by exposing them to inappropriate content or otherwise. * To transmit, or procure the sending of, any advertising or promotional material, including any "junk mail", "chain letter," "spam," or any other similar solicitation. * To impersonate or attempt to impersonate Company, a Company employee, another user, or any other person or entity. * In any way that infringes upon the rights of others, or in any way is illegal, threatening, fraudulent, or harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity. * To engage in any other conduct that restricts or inhibits anyone's use or enjoyment of Service, or which, as determined by us, may harm or offend Company or users of Service or expose them to liability. Additionally, you agree not to: * Use Service in any manner that could disable, overburden, damage, or impair Service or interfere with any other party's use of Service, including their ability to engage in real time activities through Service. * Use any robot, spider, or other automatic device, process, or means to access Service for any purpose, including monitoring or copying any of the material on Service. * Use any manual process to monitor or copy any of the material on Service or for any other unauthorized purpose without our prior written consent. * Use any device, software, or routine that interferes with the proper working of Service. * Introduce any viruses, trojan horses, worms, logic bombs, or other material which is malicious or technologically harmful. * Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of Service, the server on which Service is stored, or any server, computer, or database connected to Service. * Attack Service via a denial-of-service attack or a distributed denial-of-service attack. * Take any action that may damage or falsify Company rating. * Attempt to interfere with the proper working of Service without proper explicit permission. * Use the Service to compete with Argonaut HQ, Inc. * Otherwise attempt to interfere with the proper working of Service. Violation of any of these Terms will result in fines and penalties as determined by Argonaut HQ, Inc in its sole discretion. ## 10\. Analytics We may use third-party Service Providers as subprocessors to provide analytics services. The list of subprocessors is available at . ## 11\. No Use By Minors Service is intended only for access and use by individuals at least eighteen (18) years old. By accessing or using any of the Company, you warrant and represent that you are at least eighteen (18) years of age and with the full authority, right, and capacity to enter into this agreement and abide by all of the terms and conditions of Terms. If you are not at least eighteen (18) years old, you are prohibited from both the access and usage of Service. ## 12\. Accounts When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on Service. You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account. You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than you, without appropriate authorization. You may not use as a username any name that is offensive, vulgar or obscene. We reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at our sole discretion. ## 13\. Intellectual Property Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of Argonaut HQ, Inc and its licensors. Service is protected by copyright, trademark, and other laws of the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Argonaut HQ, Inc. ## 14\. Error Reporting and Feedback You may provide us either directly at [support@warpbuild.com](mailto:support@warpbuild.com) or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service ("Feedback"). You acknowledge and agree that: * You shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback; * Company may have development ideas similar to the Feedback; * Feedback does not contain confidential information or proprietary information from you or any third party; and * Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose. ## 15\. Links To Other Web Sites Our Service may contain links to third party web sites or services that are not owned or controlled by Argonaut HQ, Inc. Argonaut HQ, Inc has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites. YOU ACKNOWLEDGE AND AGREE THAT ARGONAUT HQ, INC SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD PARTY WEB SITES OR SERVICES. WE STRONGLY ADVISE YOU TO READ THE TERMS OF SERVICE AND PRIVACY POLICIES OF ANY THIRD PARTY WEB SITES OR SERVICES THAT YOU VISIT. ## 16\. Disclaimer Of Warranty THESE SERVICES ARE PROVIDED BY COMPANY ON AN "AS IS" AND "AS AVAILABLE" BASIS. COMPANY MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THEIR SERVICES, OR THE INFORMATION, CONTENT OR MATERIALS INCLUDED THEREIN. YOU EXPRESSLY AGREE THAT YOUR USE OF THESE SERVICES, THEIR CONTENT, AND ANY SERVICES OR ITEMS OBTAINED FROM US IS AT YOUR SOLE RISK. NEITHER COMPANY NOR ANY PERSON ASSOCIATED WITH COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE SERVICES. WITHOUT LIMITING THE FOREGOING, NEITHER COMPANY NOR ANYONE ASSOCIATED WITH COMPANY REPRESENTS OR WARRANTS THAT THE SERVICES, THEIR CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT THE SERVICES OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE SERVICES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS. COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE. THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW. ## 17\. Limitation Of Liability EXCEPT AS PROHIBITED BY LAW, YOU WILL HOLD US AND OUR OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS NOT LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE, HOWEVER IT ARISES IN CONNECTION WITH THIS AGREEMENT. EXCEPT AS PROHIBITED BY LAW, IF THERE IS LIABILITY FOUND ON THE PART OF COMPANY, IT WILL BE LIMITED TO THE AGGREGATED AMOUNT PAID FOR THE PRODUCTS AND/OR SERVICES IN THE PREVIOUS 12 MONTHS OF THE SPECIFIC CLAIM ARISING, LESS COSTS AND EXPENSES TO PROVIDE THE PRODUCTS AND/OR SERVICES, AND UNDER NO CIRCUMSTANCES WILL THERE BE CONSEQUENTIAL OR PUNITIVE DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE PRIOR LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. ## 18\. Termination We may terminate or suspend your account and bar access to Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of Terms. If you wish to terminate your account, you may simply discontinue using Service. All provisions of Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability. ## 19\. Governing Law These Terms shall be governed and construed in accordance with the laws of State of Delaware without regard to its conflict of law provisions. Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service. enable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service and supersede and replace any prior agreements we might have had between us regarding Service. ## 20\. Changes To Service We reserve the right to withdraw or amend our Service, and any service or material we provide via Service, in our sole discretion without notice. We will not be liable if for any reason all or any part of Service is unavailable at any time or for any period. From time to time, we may restrict access to some parts of Service, or the entire Service, to users, including registered users. ## 21\. Amendments To Terms We may amend Terms at any time by posting the amended terms on this site. It is your responsibility to review these Terms periodically. Your continued use of the Platform following the posting of revised Terms means that you accept and agree to the changes. You are expected to check this page frequently so you are aware of any changes, as they are binding on you. By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use Service. ## 22\. Waiver And Severability No waiver by Company of any term or condition set forth in Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Company to assert a right or provision under Terms shall not constitute a waiver of such right or provision. If any provision of Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of Terms will continue in full force and effect. ## 23\. Acknowledgement BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS OF SERVICE AND AGREE TO BE BOUND BY THEM. ## 24\. Contact Us Please send your feedback, comments, requests for technical support: By email: [support@warpbuild.com](mailto:support@warpbuild.com). --- # Pricing - GitHub Actions Runners | WarpBuild | WarpBuild URL: https://www.warpbuild.com/pricing Description: Transparent pricing for WarpBuild CI runners. 50% cheaper than GitHub Actions with 2x faster builds. Linux from $0.003/min, macOS M4 Pro from $0.08/min, Windows from $0.008/min. ## GitHub Actions CI Runners 2-10x faster builds, unlimited job concurrency, CI health reports - get started in 30 seconds. ### Cloud Runners #### Cloud Runners — Linux (x86-64) | Size | Price / min | | ----------------- | ----------- | | 2vCPU, 8GB RAM | $0.004 | | 4vCPU, 16GB RAM | $0.008 | | 8vCPU, 32GB RAM | $0.016 | | 16vCPU, 64GB RAM | $0.032 | | 32vCPU, 128GB RAM | $0.064 | #### Cloud Runners — Linux (arm64) | Size | Price / min | | ----------------- | ----------- | | 2vCPU, 8GB RAM | $0.003 | | 4vCPU, 16GB RAM | $0.006 | | 8vCPU, 32GB RAM | $0.012 | | 16vCPU, 64GB RAM | $0.024 | | 32vCPU, 128GB RAM | $0.048 | #### Cloud Runners — Windows (x86-64) | Size | Price / min | | ----------------- | ----------- | | 2vCPU, 7GB RAM | $0.008 | | 4vCPU, 16GB RAM | $0.016 | | 8vCPU, 32GB RAM | $0.032 | | 16vCPU, 64GB RAM | $0.064 | | 32vCPU, 128GB RAM | $0.128 | #### Cloud Runners — MacOS (M4 Pro) | Size | Price / min | | ---------------- | ----------- | | 6vCPU, 22GB RAM | $0.08 | | 12vCPU, 44GB RAM | $0.16 | ### Add-ons | Metric | Price | | ---------------------- | ------------------------ | | Networking (Tailscale) | Free | | Cache Storage | $0.20 per GB-month | | Cache Write / Restore | $0.0001 per operation | | Snapshot Restore | $0.04 per job | | Snapshot Storage | $0.025/hour per snapshot | ### Docker Builders Each builder profile is shared across jobs using that profile. There is no hard concurrency limit. | Size | Price / min | | ------------------------------ | ----------- | | 16vCPU, 32GB RAM, 100GB Disk | $0.06 | | 32vCPU, 64GB RAM, 200GB Disk | $0.12 | | 64vCPU, 128GB RAM, 200GB Disk | $0.24 | | 96vCPU, 192GB RAM, 600GB Disk | $0.36 | | 96vCPU, 192GB RAM, 2TB Disk | $0.52 | | 192vCPU, 384GB RAM, 600GB Disk | $0.72 | | 192vCPU, 384GB RAM, 2TB Disk | $0.88 | ### BYOC - AWS, GCP, or Azure This is the cheapest option, meant for scale. Caching and everything else is free. | Metric | Price | | -------------------------- | ---------- | | Linux Runners | $0.002/min | | Windows Runners (AWS only) | $0.002/min | | Add-ons | Free | Enterprise 40% infra cost saving over actions-runner-controller on kubernetes — guaranteed. ![bring your own cloud](/images/byoc-pricing.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Built for your Enterprise Secure, customizable runners, battle tested at scale. Guaranteed cost savings compared to self-hosting. 40% cheaper than ARC guaranteed savings <10s cold start with warm pools 99.9% uptime SLA contractual 24/7 support dedicated Slack [Schedule a Call](https://cal.com/suryao/start)[View Trust Center](https://trust.warpbuild.com) ### Infrastructure Control BYOC— Deploy to your AWS, GCP, or Azure VPCs Dedicated Enterprise Cloud— Zero maintenance WarpBuild cloud in any region Custom AMIs— Bring your own images with pre-installed deps Region-Specific Infrastructure— Your data stays in your chosen region, zero cloud ingress/egress costs (excl. macOS) ### Security & Compliance SOC2 Type II— Annual audits + penetration testing SAML SSO— Okta, Azure AD, Google Workspace SCIM Provisioning— Automated user lifecycle management ### Performance & Scale ∞ Concurrency— No job queue limits, instant provisioning 99.9% SLA— Backed by credits, contractual guarantee Warm Pools— Jobs start in <10s ### Developer Experience SSH Debug— ssh into failed jobs instantly Observability— Correlate system metrics and job logs GitHub Enterprise— GHES (self-hosted) + GHEC data residency support ## Frequently Asked Questions Do I need a credit card to sign up? No, you can sign up with your email and start using WarpBuild immediately. You will be need to add a payment method when you hit the free usage or credit limits. What is the billing granularity? CI runners are billed on a per-minute basis Does WarpBuild access my code if I use Github Actions runners? No, we do not access your code. We only access the GitHub events to trigger the CI jobs. Are you SOC2 compliant? WarpBuild is SOC2 Type 2 compliant. You can view the SOC2 report here - Can my CI data stay in a specific cloud region? Yes. On enterprise plans, WarpBuild offers region-specific infrastructure: any data you choose remains in the region you choose, and all ingress and egress costs from your cloud are eliminated (not applicable to macOS instances). Learn more at When do I get billed? By default, the billing happens on the last day of each month. However, each account has a threshold based on the usage and history. Once that threshold is crossed, the payment method on file may be charged mid-cycle. How do you store the payment details? We do not store payment information. The details are stored securely in Stripe. I love going Warp! How do I spread the word? The best way is to refer others to use WarpBuild too! You can share the love on X, Linkedin, Reddit or anywhere else. We also have an affiliate program: Thank you for the love! ## Super fast builds, 2-10x cheaper. Go Warp. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # ARM64 Runners - AWS Graviton 4 Powered CI/CD | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/arm64-runners Description: Ultra-fast ARM64 runners powered by AWS Graviton 4 processors. 40% better price-performance for CI/CD workloads. Native ARM64 builds. # ARM64 Runners Powered by Graviton 4 Ultra-fast ARM64 CI/CD with AWS Graviton 4 processors. 40% better price-performance for native ARM64 builds. [Start Building](https://app.warpbuild.com)[View Documentation](/docs/ci/cloud-runners#linux-arm64) //Features ## Next-generation ARM64 performance for modern CI/CD Harness the power of AWS Graviton 4 for faster, more efficient builds ### AWS Graviton 4 Powered Latest generation ARM64 processors delivering exceptional performance and energy efficiency for CI/CD workloads. ### 40% Better Price-Performance Superior cost efficiency compared to x86 runners while maintaining high performance for your builds. ### Native ARM64 Builds Build ARM64 applications natively without emulation for Apple Silicon, Linux ARM64, and mobile targets. ### Enterprise Security SOC2 Type 2 compliant with hardware-level security features and encrypted storage volumes. ### Energy Efficient Reduce your carbon footprint with energy-efficient ARM64 architecture without compromising performance. ### Full Toolchain Support Complete development toolchain including Docker, Kubernetes, Node.js, Python, Go, and more. //Use Cases ## Perfect for ARM64-first development Optimize your CI/CD for the ARM64 ecosystem 🍎 ### Apple Silicon Development Build and test applications for Apple Silicon Macs with native ARM64 performance and compatibility. \*Native performance \*No emulation overhead \*Faster builds \*Better compatibility 🐳 ### Docker Multi-Arch Builds Create multi-architecture Docker images for ARM64 and x86 platforms with native build performance. \*Multi-arch support \*Native builds \*Faster pushes \*Smaller images 📱 ### Mobile App Development Develop and build mobile applications targeting ARM64 devices with optimized performance. \*Mobile targets \*Cross-compilation \*Fast builds \*Native testing ☁️ ### Cloud-Native Applications Build cloud-native applications optimized for ARM64 Kubernetes clusters and serverless functions. \*Kubernetes ready \*Serverless optimized \*Cost effective \*Scalable //Ubuntu Support ## Ubuntu ARM64 Compatibility Important differences between Ubuntu versions on ARM64 ### Ubuntu 22.04 ARM64 Compatibility: Basic Support Default User: root Preinstalled Tools: Minimal preinstalled software GitHub Compatibility: Requires manual tool installation Use for simple builds or custom environments ### Ubuntu 24.04 ARM64 Recommended Compatibility: Full GitHub Compatibility Default User: runner Preinstalled Tools: Same preinstalled software as GitHub GitHub Compatibility: 100% compatible with GitHub ARM64 runners Recommended for all new projects ## Graviton 4 Performance Advantages 40% Better price-performance vs x86 60% Lower energy consumption 2.5x Faster than emulated builds 30% Faster container builds //Quick Setup ## Start using ARM64 runners today Simple configuration to enable Graviton 4 powered builds [View ARM64 Setup Guide](/docs/ci/cloud-runners#linux-arm64) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # BYOC - Bring Your Own Cloud CI/CD | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/byoc Description: Deploy WarpBuild runners in your own AWS, GCP, or Azure cloud. Complete data control, enhanced security, and compliance for enterprise CI/CD. # Bring Your Own Cloud Complete Control Deploy WarpBuild runners in your own cloud infrastructure. Maximum security, compliance, and control. [Get Started](https://app.warpbuild.com)[View Documentation](/docs/ci/byoc) //Features ## Enterprise-grade security meets high performance All the speed of WarpBuild with the security and compliance of your own cloud ### Complete Data Control Your code and data never leave your cloud perimeter. Full compliance with data sovereignty requirements. ### Multi-Cloud Support Deploy on AWS, Google Cloud Platform, or Microsoft Azure with identical performance and features. ### Enhanced Security Leverage your existing cloud security controls, VPCs, and access management systems. ### Same Performance Identical 2x faster performance as managed cloud runners with the security of your own infrastructure. ### Enterprise Compliance Meet the strictest compliance requirements with deployments in your controlled environment. ### Global Regions Deploy in any region where your cloud provider operates for optimal latency and compliance. //Multi-Cloud ## Deploy on Your Preferred Cloud Provider Consistent WarpBuild experience across all major cloud platforms ![Amazon Web Services logo](/images/byoc-aws.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Amazon Web Services Setup time: 15 minutes * Graviton 4 ARM64 support * EC2 instance types * VPC integration * IAM role management * EBS storage optimization * Multi-AZ deployment [View Setup Guide](/docs/ci/byoc/aws) ![Google Cloud Platform logo](/images/byoc-gcp.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Google Cloud Platform Setup time: 20 minutes * Compute Engine instances * VPC native networking * IAM integration * Persistent disk storage * Regional deployment * Custom machine types [View Setup Guide](/docs/ci/byoc/gcp) ![Microsoft Azure logo](/images/byoc-azure.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Microsoft Azure Setup time: 25 minutes * Virtual Machine Scale Sets * Virtual Network integration * Azure AD authentication * Premium SSD storage * Availability zones * Managed identities [View Setup Guide](/docs/ci/byoc/azure) //Security ## Maximum Security with Your Cloud Controls Leverage your existing security infrastructure and policies 1 ### Data Never Leaves Your Perimeter All build data, artifacts, and logs remain within your cloud environment, ensuring complete data sovereignty. 2 ### Use Your Existing Security Controls Integrate with your VPCs, security groups, IAM roles, and monitoring systems seamlessly. 3 ### Audit and Compliance Ready Complete audit trails and compliance reports using your cloud provider's native logging and monitoring. ![BYOC Security Architecture](/images/secure-byoc.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //Quick Setup ## Get started with BYOC in under 30 minutes Simple deployment process with infrastructure as code [Schedule Demo](https://cal.com/suryao/start) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # BYOC AWS Support - Deploy WarpBuild on Amazon Web Services | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/byoc/aws Description: Deploy WarpBuild runners in your own AWS account. Graviton 4 support, VPC integration, IAM roles, and complete AWS ecosystem integration. # BYOC AWS Support Native AWS Integration Deploy WarpBuild runners in your AWS account with Graviton 4 support, VPC integration, and complete AWS ecosystem integration. [Get Started](https://app.warpbuild.com)[View AWS Guide](/docs/ci/byoc/aws) //AWS Features ## Deep AWS ecosystem integration Leverage the full power of AWS services with WarpBuild's optimized runners ### AWS Graviton 4 Support Native support for latest generation AWS Graviton 4 processors for optimal price-performance. ### Complete VPC Integration Deploy in your existing VPCs with custom subnets, security groups, and network configurations. ### IAM Role Management Leverage AWS IAM roles and policies for secure, granular access control and service integration. ### Multi-AZ Deployment High availability deployments across multiple availability zones for maximum uptime. ### AWS Security Integration Native integration with AWS security services including CloudTrail, Config, and GuardDuty. ### Global Region Support Deploy in any AWS region worldwide for compliance and latency optimization. ## AWS Services Integration ☁️ ### Amazon EC2 Optimized instance selection and auto-scaling Instance optimization Auto-scaling groups Spot instances Reserved instances Custom AMIs EBS optimization 🔒 ### Amazon VPC Secure network isolation and connectivity Private subnets Security groups NACLs VPC endpoints NAT gateways Direct Connect 🔑 ### AWS IAM Identity and access management integration Role-based access Cross-account roles STS tokens Resource policies OIDC integration Permission boundaries 💾 ### Amazon EBS High-performance storage optimization gp3 volumes io2 volumes Snapshot management Encryption Volume optimization Burst credits //Setup Process ## Simple 3-Step Setup Process Get your AWS BYOC runners running in under 20 minutes 1 ### Connect Your AWS Account Setup time: 5 minutesEasy Set up IAM role with required permissions for WarpBuild to manage resources in your AWS account. Cross-account role IAM permissions Resource access Secure connection One-time setup Policy management 2 ### Setup WarpBuild Stack Setup time: 10 minutesEasy Configure region, VPC, and networking settings as context for your runners. Region selection VPC configuration Subnet setup Security groups Resource tagging Stack management 3 ### Create Custom Runners Setup time: 5 minutesEasy Configure instance types, disk types, and networking for your specific workload requirements. Instance selection EBS optimization Network configuration Auto-scaling Custom AMIs Cost optimization //Cost Optimization ## Maximize AWS Cost Efficiency Built-in cost optimization features to minimize your AWS spending ### Spot Instance Support Up to 90% Reduce costs by up to 90% using EC2 Spot instances for non-critical workloads ### Auto-scaling 30-60% Automatic scaling based on demand to minimize idle resource costs ### Reserved Instances 40-60% Long-term commitments for predictable workloads with significant savings ### Instance Right-sizing 20-40% Intelligent instance type selection based on workload requirements //Quick Setup ## Deploy on AWS in 15 minutes Simple Terraform deployment with complete AWS integration [View AWS Setup Guide](/docs/ci/byoc/aws/config) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # BYOC Azure Support - Deploy WarpBuild on Microsoft Azure | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/byoc/azure Description: Deploy WarpBuild runners in your own Azure subscription. Virtual Machine optimization, VNet integration, Azure AD integration, and complete Azure ecosystem support. # BYOC Azure Support Native Azure Integration Deploy WarpBuild runners in your Azure subscription with RBAC integration, VNet support, and complete Azure ecosystem integration. [Get Started](https://app.warpbuild.com)[View Azure Guide](/docs/ci/byoc/azure) //Azure Features ## Deep Microsoft Azure ecosystem integration Leverage the full power of Azure services with WarpBuild's optimized runners ### Optimized VM Series Native support for Dv5, Fv2, and Ev5 VM series with AMD EPYC and Intel processors for optimal price-performance. ### VNet Integration Deploy in your existing Virtual Networks with custom subnets, Network Security Groups, and private endpoints. ### Azure AD Integration Leverage Azure Active Directory, Managed Identity, and RBAC for secure, granular access control. ### Availability Zone Support High availability deployments across multiple availability zones and regions for maximum uptime. ### Azure Security Integration Native integration with Azure Security Center, Azure Sentinel, and Azure Policy for comprehensive security. ### Global Region Support Deploy in any Azure region worldwide for compliance and latency optimization. ## Microsoft Azure Services Integration ⚡ ### Virtual Machines Optimized VM selection and auto-scaling VM size optimization Scale sets Spot instances Reserved instances Custom images Premium SSD 🔒 ### Virtual Network Secure network isolation and connectivity Private subnets NSG rules VNet peering NAT gateway Private endpoints ExpressRoute 🔑 ### Azure AD Identity and access management integration Managed identity RBAC Service principals Conditional access OIDC integration PIM 💾 ### Azure Storage High-performance storage optimization Premium SSD Standard SSD Disk encryption Managed disks Storage optimization Backup //Setup Process ## Simple 3-Step Setup Process Get your Azure BYOC runners running in under 20 minutes 1 ### Connect Your Azure Account Setup time: 5 minutesEasy Set up IAM role with required permissions for WarpBuild to manage resources in your Azure subscription. Service principal creation RBAC configuration Resource group access Subscription permissions One-time setup Secure connection 2 ### Setup WarpBuild Stack Setup time: 10 minutesEasy Configure region, virtual network, and networking settings as context for your runners. Region selection VNet configuration Subnet setup Network security Resource tagging Stack management 3 ### Create Custom Runners Setup time: 5 minutesEasy Configure VM sizes, disk types, and networking for your specific workload requirements. VM size selection Storage optimization Network configuration Scale settings Custom images Cost optimization //Cost Optimization ## Maximize Azure Cost Efficiency Built-in cost optimization features to minimize your Azure spending ### Spot Instance Support Up to 90% Reduce costs by up to 90% using Azure Spot VMs for non-critical workloads ### Auto-scaling 30-60% Automatic scaling based on demand to minimize idle resource costs ### Reserved Instances 40-72% Long-term commitments for predictable workloads with significant savings ### VM Right-sizing 20-40% Intelligent VM size selection based on workload requirements //Quick Setup ## Deploy on Azure in 15 minutes Simple Terraform deployment with complete Azure integration [View Azure Setup Guide](/docs/ci/byoc/azure/config) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # BYOC GCP Support - Deploy WarpBuild on Google Cloud Platform | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/byoc/gcp Description: Deploy WarpBuild runners in your own GCP project. Compute Engine optimization, VPC integration, IAM policies, and complete Google Cloud ecosystem integration. # BYOC GCP Support Native GCP Integration Deploy WarpBuild runners in your GCP project with IAM integration, VPC-native networking, and complete Google Cloud ecosystem integration. [Get Started](https://app.warpbuild.com)[View GCP Guide](/docs/ci/byoc/gcp) //GCP Features ## Deep Google Cloud ecosystem integration Leverage the full power of Google Cloud services with WarpBuild's optimized runners ### Optimized Machine Types Native support for Tau T2D, C3, and N4 machine types for optimal price-performance on Google Cloud. ### VPC Network Integration Deploy in your existing VPC networks with custom subnets, firewall rules, and private Google access. ### IAM Policy Management Leverage Google Cloud IAM policies and service accounts for secure, granular access control. ### Multi-Zone Deployment High availability deployments across multiple zones and regions for maximum uptime. ### GCP Security Integration Native integration with Google Cloud security services including Cloud Audit Logs and Security Command Center. ### Global Region Support Deploy in any Google Cloud region worldwide for compliance and latency optimization. ## Google Cloud Services Integration ⚡ ### Compute Engine Optimized VM selection and auto-scaling Machine type optimization Instance groups Preemptible instances Committed use discounts Custom images SSD optimization 🔒 ### VPC Network Secure network isolation and connectivity Private subnets Firewall rules VPC peering Cloud NAT Private Google access Cloud VPN 🔑 ### Cloud IAM Identity and access management integration Service accounts IAM policies Workload identity Resource hierarchy OIDC integration Conditional access 💾 ### Persistent Disk High-performance storage optimization SSD persistent disks Balanced persistent disks Snapshot management Encryption Regional disks Performance optimization //Setup Process ## Simple 3-Step Setup Process Get your GCP BYOC runners running in under 20 minutes 1 ### Connect Your GCP Account Setup time: 5 minutesEasy Set up service account with required permissions for WarpBuild to manage resources in your GCP project. Service account creation IAM role binding Project permissions API enablement One-time setup Secure connection 2 ### Setup WarpBuild Stack Setup time: 10 minutesEasy Configure region, VPC, and networking settings as context for your runners. Region selection VPC configuration Subnet setup Firewall rules Resource labeling Stack management 3 ### Create Custom Runners Setup time: 5 minutesEasy Configure machine types, disk types, and networking for your specific workload requirements. Machine type selection Disk optimization Network configuration Auto-scaling Custom images Cost optimization //Cost Optimization ## Maximize Google Cloud Cost Efficiency Built-in cost optimization features to minimize your GCP spending ### Preemptible Instance Support Up to 80% Reduce costs by up to 80% using preemptible instances for non-critical workloads ### Auto-scaling 30-60% Automatic scaling based on demand to minimize idle resource costs ### Committed Use Discounts 40-57% Long-term commitments for predictable workloads with significant savings ### Machine Type Right-sizing 20-40% Intelligent machine type selection based on workload requirements //Quick Setup ## Deploy on Google Cloud in 15 minutes Simple Terraform deployment with complete GCP integration [View GCP Setup Guide](/docs/ci/byoc/gcp/config) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # High-Performance Unlimited Caching | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/cache Description: Supercharge CI/CD with unlimited high-performance caching. 4x faster cache operations, unlimited storage, and intelligent cache optimization. # High-Performance Unlimited Caching Accelerate your CI/CD with intelligent caching that's 4x faster than standard solutions. Unlimited storage, maximum performance. [Get Started](https://app.warpbuild.com)[View Documentation](/docs/ci/features/caching) //Features ## Next-generation caching for modern CI/CD Intelligent, fast, and unlimited caching that adapts to your build patterns ### 4x Faster Operations Lightning-fast cache save and restore operations compared to standard GitHub Actions cache. ### Unlimited Storage No size limits or storage quotas. Cache as much as you need for optimal build performance. ### Global Edge Network Distributed caching infrastructure for reduced latency and improved performance worldwide. ### Intelligent Optimization Smart cache algorithms that optimize for your specific build patterns and dependencies. ### Secure & Isolated Encrypted cache storage with complete isolation between projects and organizations. ### Advanced Analytics Detailed cache hit ratios, performance metrics, and optimization recommendations. ## Performance Comparison vs GitHub Actions Cache ### Cache Save Time GitHub Actions45 seconds WarpBuild12 seconds 73% faster ### Cache Restore Time GitHub Actions30 seconds WarpBuild8 seconds 73% faster ### Throughput GitHub Actions50 MB/s WarpBuild200 MB/s 4x faster ### Storage Limit GitHub Actions10 GB WarpBuildUnlimited No limits //Cache Types ## Optimize Every Part of Your Build Pipeline Intelligent caching for all types of build artifacts and dependencies 🏗️ ### Build Artifacts 60% faster Cache compiled binaries, generated assets, and build outputs for faster subsequent builds. Compiled binaries Generated assets Build outputs Bundled files 📦 ### Dependencies 80% faster Cache package manager downloads and dependencies to eliminate redundant network requests. npm packages Maven artifacts Python wheels Go modules 🐳 ### Container Layers 75% faster Accelerate Docker builds with intelligent layer caching and reuse across builds. Docker layers Base images Multi-stage builds Registry pulls 🧪 ### Test Data 70% faster Cache test fixtures, datasets, and generated test data for faster test execution. Test fixtures Mock data Generated datasets Test databases //How It Works ## Simple Integration, Maximum Performance Drop-in replacement for existing cache actions with massive performance gains ### 1\. Smart Upload Intelligent compression and deduplication during cache saves for optimal storage efficiency. ### 2\. Global Distribution Cache data is distributed across global edge locations for minimal latency access. ### 3\. Lightning Restore Parallel downloads and smart restoration for maximum speed during cache retrieval. //Quick Setup ## Enable high-performance caching in minutes Simple action replacement with immediate performance benefits [View Cache Action](https://github.com/marketplace/actions/warpcache) ![Cache integration example](/images/cache-md.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Cloud Runners - 2x Faster GitHub Actions | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/cloud-runners Description: Supercharge your CI/CD with WarpBuild's cloud runners. 2x faster builds, 50% cheaper than standard GitHub Actions runners. Get started in 30 seconds. # Cloud Runners 2x Faster Builds Supercharge your CI/CD pipeline with high-performance cloud runners. 2x faster, 50% cheaper than standard GitHub Actions. [Start Building](https://app.warpbuild.com)[View Documentation](/docs/ci/cloud-runners) //Features ## Powerful cloud infrastructure optimized for CI/CD Everything you need for fast, reliable, and cost-effective continuous integration ### 2x Faster Builds Reduce build times by 50% with optimized cloud infrastructure and intelligent caching systems. ### Managed Cloud Infrastructure Focus on code, not infrastructure. Fully managed cloud runners with automatic scaling and maintenance. ### Global Edge Locations Deploy across multiple regions for reduced latency and improved performance worldwide. ### High-Performance CPUs Latest generation processors with optimized performance for build workloads and parallel execution. ### Enterprise Security SOC2 Type 2 compliant with encrypted storage, network isolation, and comprehensive audit logs. ### Real-time Analytics Monitor performance, costs, and usage patterns with detailed analytics and insights dashboard. ## Why Choose WarpBuild Cloud Runners? 💰 ### Cost Effective Save up to 50% on runner costs compared to standard GitHub Actions runners with better performance. ⚡ ### Zero Configuration Drop-in replacement for GitHub Actions runners. Change one line in your workflow file to get started. 📈 ### Automatic Scaling Handle any workload size with automatic scaling. From single builds to thousands of parallel jobs. 🛡️ ### 99.9% Uptime Enterprise-grade reliability with built-in redundancy and failover mechanisms across multiple zones. //Quick Setup ## Get started in under 30 seconds Simple one-line change to your existing GitHub Actions workflow [View Quickstart Guide](/docs/ci/quick-start) ![One line change to enable cloud runners](/images/line-change.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Remote Docker Builders - 40x Faster Container Builds | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/docker-builders Description: 40x faster container builders with local disks and complete caching. # ⚡ Remote Docker Builders Your container builds have never been faster ![posthog](/images/posthog-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### [posthog](https://github.com/test) 40.0xFaster ![WarpBuild](/images/warp-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) 6m 15s 250m 0s ![dispatch](/images/dispatch-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### [dispatch](https://github.com/test) 3.1xFaster ![WarpBuild](/images/warp-logo.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) 1m 57s 6m 0s [Get Started](https://app.warpbuild.com)[View Docs](/docs/ci/docker-builders) //Features ## World's fastest container builders ### Local Disks Build containers with local NVMe disks with high IOPS, high throughput and low latency. ### Complete caching Everything is cached for builds that feel like local builds. ### Parallel builds Run multiple builds in parallel and prevent bottlenecks. ### Run anywhere, not just in GitHub Actions Get fast builds on any platform, even your local machine. ### Multi-arch builds (coming soon) Build containers for linux on arm64 and x86-64, natively. Eliminate the need for emulation. ### Builder API (coming soon) Create and manage builders with the Builder API, a simple and easy to use API. //Easy Setup ## Quickstart with our GitHub Action You can configure WarpBuild's remote builders anywhere, not just in GitHub Actions. [Docs](/docs/ci/docker-builders)[GitHub](https://github.com/WarpBuilds/docker-configure) ![one-line change](/images/builder-change.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //Enterprise ## Built for your Enterprise Leverage the security and flexibility of your cloud with WarpBuild's BYOC solution. ![Secure by design](/images/secure-builder.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Secure by design Runners have thier own encrypted storage volumes. ![SOC2 Type2 Compliant](/images/soc2-ci.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### SOC2 Type2 Compliant WarpBuild is SOC2 Type 2 compliant ![No code access](/images/no-code.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### No code access Ephemeral VMs, complete isolation. ![Tested at scale](/images/scale-builder.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Tested at scale Unlimited job concurrency, fast local caching. ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Docker Layer Caching - Accelerate Container Builds | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/docker-layer-caching Description: Speed up Docker builds by 5-10x with intelligent layer caching. Automatic layer detection, multi-stage optimization, and global cache distribution. # Docker Layer Caching 10x Faster Builds Accelerate your container builds with intelligent layer caching and optimization. Dramatic performance improvements for Docker workflows. [Enable Caching](https://app.warpbuild.com)[View Documentation](/docs/ci/features/caching) //Layer Caching ## Intelligent Docker layer optimization Advanced caching strategies that understand your Docker build patterns ### Intelligent Layer Detection Automatically identifies and caches individual Docker layers for maximum reuse across builds. ### 5-10x Faster Builds Dramatically reduce build times by reusing cached layers from previous builds and other branches. ### Global Cache Distribution Distributed layer cache across multiple regions for optimal performance worldwide. ### Multi-Stage Build Support Optimized caching for multi-stage Dockerfiles with intelligent intermediate layer reuse. ### Secure & Isolated Encrypted layer storage with complete isolation between projects and organizations. ### Cache Analytics Detailed cache hit ratios, layer statistics, and build performance metrics. ## Build Optimizations ### Base Image Caching Cache popular base images locally for instant access Eliminates base image download time ### Dependency Layer Reuse Reuse dependency installation layers across different builds Skip package installation when dependencies unchanged ### Cross-Branch Sharing Share cached layers between different branches and pull requests Faster builds for feature branches ### Multi-Stage Optimization Intelligent caching for each stage in multi-stage builds Maximize reuse in complex build processes //Strategies ## Multiple Caching Strategies Choose the optimal caching approach for your build workflow ### Layer-by-Layer Caching 5-10x faster Each Docker layer is cached individually based on content hash Best for: Standard Docker builds with sequential layers ### Multi-Stage Caching 8-15x faster Optimized caching for multi-stage Dockerfiles with intermediate images Best for: Complex builds with build and runtime stages ### Registry Cache Pull-Through 3-5x faster Cache external registry pulls for instant subsequent access Best for: Builds using multiple external base images //Best Practices ## Dockerfile Optimization Tips Maximize cache efficiency with these proven optimization techniques ### Optimize Layer Order Reorder Dockerfile instructions to maximize cache hits Example: Move package.json copy before source code copy ### Use .dockerignore Exclude unnecessary files to improve layer cache efficiency Example: Ignore node\_modules, .git, and temporary files ### Minimize Layer Changes Group related commands to reduce layer invalidation Example: Combine RUN commands for package installation ### Leverage Build Arguments Use build args for dynamic values without cache invalidation Example: Use ARG for version numbers and environment settings ## Dramatic Build Time Improvements 5-10x Faster Builds 90%+ Cache Hit Rate 80% Cost Reduction //Quick Setup ## Enable Docker layer caching in 2 minutes Simple integration with your existing Docker builds [View Setup Guide](/docs/ci/features/caching) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # macOS Runners - Fast Apple Silicon CI/CD for iOS & macOS | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/macos-runners Description: Build iOS, macOS apps faster with WarpBuild's high-performance macOS runners powered by M4 Pro. 3x faster than GitHub Actions. # macOS Runners Apple Silicon M4 Pro Build iOS and macOS apps faster with native Apple Silicon performance. 3x faster builds than standard runners. [Start Building](https://app.warpbuild.com)[View Documentation](/docs/ci/cloud-runners#macos-m4-pro-on-arm64) //Features ## Native Apple Silicon performance for iOS & macOS development Everything you need for professional iOS and macOS app development ### Apple Silicon M4 Pro Native performance on Apple Silicon with M4 Pro processors for lightning-fast iOS and macOS builds. ### iOS & macOS Development Complete toolchain for iOS, macOS, tvOS, and watchOS development with latest Xcode versions. ### 3x Faster Than GitHub Significantly faster build times compared to standard GitHub Actions macOS runners. ### Secure & Isolated Each runner instance is completely isolated with encrypted storage and secure networking. ### Detailed Analytics Monitor build performance, resource usage, and costs with comprehensive analytics dashboard. ### Pre-installed Tools Xcode, iOS Simulator, Fastlane, CocoaPods, and other essential iOS development tools ready to use. ## Perfect for Every iOS & macOS Development Need ### iOS App Development Build, test, and deploy iOS applications with native Apple Silicon performance and latest Xcode versions. XcodeiOS SimulatorFastlaneTestFlight ### macOS App Development Develop and distribute macOS applications with full access to macOS APIs and development frameworks. XcodeAppKitSwiftUINotarization ### Flutter & React Native Build cross-platform mobile apps with Flutter and React Native on high-performance macOS infrastructure. FlutterReact NativeAndroid StudioCocoaPods ### CI/CD Automation Automate your entire iOS/macOS development workflow from code to App Store with powerful automation tools. GitHub ActionsFastlaneBitriseJenkins //Performance ## Benchmark Results: 3x Faster Than GitHub Actions Real-world performance improvements across different iOS and macOS build scenarios 25 min GitHub Actions iOS App Build Time 8 min WarpBuild macOS iOS App Build Time 68% Time Saved Average Improvement //Quick Setup ## Start building iOS apps in minutes Simple configuration changes to use WarpBuild macOS runners in your workflow [MacOS runners for iOS](/docs/ci/cloud-runners#macos-m4-pro-on-arm64) //iOS & macOS Development ## Complete Apple ecosystem support Everything you need for iOS and macOS app development 📱 ### Xcode Integration Latest Xcode versions with iOS simulators, testing frameworks, and complete development toolchain. Xcode iOS Simulator Swift Objective-C 🏪 ### App Store Distribution Build, sign, and distribute iOS apps with App Store Connect integration and automated workflows. Fastlane App Store Connect Code Signing TestFlight ⚛️ ### React Native & Flutter Cross-platform mobile development with React Native and Flutter framework support. React Native Flutter Metro Dart 🔄 ### CI/CD Integration Seamless integration with GitHub Actions, custom workflows, and automated testing pipelines. GitHub Actions Fastlane XCTest Test Plans //Deployment ## macOS Runner Availability Understanding macOS deployment options and Apple licensing 🍎 ### WarpBuild Cloud Only macOS runners are exclusively available through WarpBuild Cloud due to Apple's licensing requirements. M4 Pro Apple Silicon processors macOS 14, and 15 support Same preinstalled software as GitHub Instant provisioning and scaling No setup or maintenance required ℹ️ #### Important Note BYOC (Bring Your Own Cloud) deployment is not available for macOS runners due to Apple's software licensing restrictions. ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # CI Runners - 10x Faster GitHub Actions Runners | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/runners Description: Ship faster with 10x faster, 2-10x cheaper GitHub actions runners. # CI Runners Blazing Fast Github Actions Runners. 2x faster, 50-90% cheaper. [Get Started](https://app.warpbuild.com)[View Docs](/docs/ci/cloud-runners) //Features ## Powerful tools optimized for developers ### Snapshots (Cloud Only) Enable incremental builds and speed up workflows by 10x. Available in WarpBuild Cloud. ### Container layer caching Build containers fast with layer caching ### Unlimited concurrency We take care of the scaling so you can focus on shipping ### Unlimited cache sizes Blazing fast, colocated caches with consistent high performance ### CI analytics Monitor CI run times, failures, and trends with intuitive dashboards ### Multiple OSes and Architectures Support for linux on arm64 and x86-64, and MacOS on apple silicon. GPU support coming soon. ### Multiple OSes and Architectures Support for linux on arm64 and x86-64, and MacOS on apple silicon. GPU support coming soon. //Bring Your Own Cloud ## Bring Your Own Cloud AWS, GCP, Azure Maximize customization and eliminate maintenance with WarpBuild managed runners. Connect your cloud in 1-click. [BYOC Runners](/docs/ci/byoc)[Schedule a call](https://cal.com/suryao/start) ![BYOC with WarpBuild](/images/multi-byoc.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) #### Static IPs (BYOC Only) Setup static IPs for security sensitive runner allowlists. Available with Bring Your Own Cloud deployment. #### Custom machine images (BYOC Only) Pre-install dependencies for even faster builds. Available with Bring Your Own Cloud deployments. #### Fully customizable Pick any instance type, disk, and network config for your workloads //Cache ## Unlimited Github Actions cache Supercharge artifact caching and container layering caching with a 35% improvement in restores and 75% improvement in save times. [View Docs](/docs/ci/features/caching)[View Action in Marketplace](https://github.com/marketplace/actions/warpcache) #### Lightning Fast Cache save and restore times are 4x faster compared to Github - in your cloud or ours. #### Container Layer Cache Reuse unchanged layers in subsequent builds, making your runs faster and efficient. #### Built for Scale Battle-tested for consistent performance, at scale with 1000s of concurrent jobs. ![fast cache](/images/cache-md.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //Enterprise ## Built for your Enterprise Leverage the security and flexibility of your cloud with WarpBuild's BYOC solution. ![Secure by design](/images/secure-byoc.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Secure by design Runners have thier own encrypted storage volumes that are created on demand and destroyed after each build. ![SOC2 Type2 Compliant](/images/soc2-ci.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### SOC2 Type2 Compliant WarpBuild is SOC2 Type 2 compliant ![No code access](/images/no-code.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### No code access Ephemeral VMs, complete isolation. ![Fully customizable](/images/custom.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Fully customizable Pick any instance type, disk, and network config for your workloads. Customizable images and high CPU, disk performance. ![Tested at scale](/images/scale.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ### Tested at scale Unlimited job concurrency, fast local caching, and tools designed to support collaboration for 1000s of developers. ![Tech background left](/images/tech-left-half.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![Tech background right](/images/tech-right-half.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //CI Analysis ## Seamless Integration with Your Workflow Effortlessly incorporate WarpBuild Cloud into your existing development process ![Green-purple gradient](/images/green-purple-gradient.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ![CI analytics and insights](/_next/image?url=%2Fimages%2Finsights-sc.png&w=3840&q=75&dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) //Easy Setup ![one line change to your workflow](/images/linesm.svg?dpl=dpl_BoXa8Baa6XEcAibKtqEGH13vooPv) ## Change one line to get started Fully compatible with Github Actions with all the tools preinstalled. Save even more time with customizable base images. [Learn More](/docs/ci/quick-start) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Windows Runners - Fast .NET & C++ CI/CD | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/windows-runners Description: Accelerate Windows app development with WarpBuild's high-performance Windows runners. .NET, C++, PowerShell support. 2x faster builds. # Windows Runners .NET & C++ Optimized Build Windows applications faster with optimized .NET and C++ development environments. 3x faster builds than standard runners. [Start Building](https://app.warpbuild.com)[View Documentation](/docs/ci/cloud-runners#windows-x86-64) //Features ## Optimized Windows environment for enterprise development Everything you need for professional Windows application development ### High-Performance CPUs Latest Intel and AMD processors optimized for Windows workloads with fast NVMe storage. ### .NET & C++ Support Complete toolchain for .NET, C++, Visual Studio, MSBuild, and PowerShell development. ### 2x Faster Builds Significantly faster build times compared to standard GitHub Actions Windows runners. ### Secure Windows Environment Isolated Windows Server instances with encrypted storage and secure networking. ### Build Analytics Monitor Windows build performance, resource usage, and optimization opportunities. ### Pre-configured Tools Visual Studio, .NET SDK, Git, PowerShell, and other essential Windows development tools. //Development Stacks ## Complete Windows development ecosystem Everything you need for Windows application development 🔷 ### .NET Applications Build and deploy .NET Framework, .NET Core, and .NET 6+ applications with full Visual Studio support. Visual Studio .NET SDK MSBuild NuGet ⚡ ### C++ Development Compile native Windows applications with Visual C++, CMake, and other C++ development tools. Visual C++ CMake MSVC Windows SDK 💙 ### PowerShell Automation Run PowerShell scripts, modules, and automation workflows in high-performance Windows environment. PowerShell Azure CLI AWS CLI Pester 🖥️ ### Desktop Applications Build WPF, WinForms, UWP, and Win UI applications with complete Windows development stack. WPF WinForms UWP Win UI //Deployment Options ## Windows Runner Deployment Availability Choose the deployment option that fits your requirements ### WarpBuild Cloud Available Now Fully managed Windows Server 2022 runners Instant setup Auto-scaling Managed updates 99.9% uptime ### BYOC: AWS Available Now Deploy Windows runners in your AWS account EC2 integration VPC deployment Cost optimization IAM roles ### BYOC: Google Cloud Coming Soon Deploy Windows runners in your GCP project Compute Engine VPC native IAM integration Regional deployment ### BYOC: Microsoft Azure Coming Soon Deploy Windows runners in your Azure subscription Azure VMs VNet integration Azure AD RBAC policies //Performance ## Windows Build Performance Comparison Real-world performance improvements for Windows development workflows 18 min GitHub Actions .NET Build Time 9 min WarpBuild Windows .NET Build Time 50% Time Saved Average Improvement //Quick Setup ## Start building Windows apps faster Simple workflow changes to use WarpBuild Windows runners [View Windows Setup Guide](/docs/ci/cloud-runners#windows-x86-64) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # High-Performance x86-64 Runners - Baremetal NVMe | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/ci/x86-runners Description: Ultimate performance with baremetal x86-64 runners featuring high-performance CPUs and directly attached NVMe storage. 3x faster CI/CD builds. # High-Performance x86-64 Runners Maximize performance for compute-intensive workloads with optimized x86-64 architecture. Up to 64 cores, ultra-fast storage. [Start Building](https://app.warpbuild.com)[View Documentation](/docs/ci/cloud-runners#linux-x86-64) //Features ## Maximum performance with baremetal infrastructure Dedicated hardware resources for compute-intensive CI/CD workloads ### Baremetal Performance Direct access to high-performance hardware without virtualization overhead for maximum throughput. ### Latest Generation CPUs Intel Xeon and AMD EPYC processors with high core counts and advanced instruction sets for build optimization. ### NVMe Storage Directly attached NVMe SSDs delivering extreme I/O performance for fast dependency downloads and builds. ### Isolated Execution Complete hardware isolation with encrypted storage and secure networking for enterprise security requirements. ### Performance Monitoring Real-time CPU, memory, disk, and network monitoring to optimize your build performance. ### Optimized Toolchains Pre-configured compilers, build tools, and runtimes optimized for x86-64 performance and compatibility. ## Enterprise-Grade Hardware Specifications 🚀 ### CPU Performance * Up to 32 cores per runner * High single-core performance * Advanced vector instructions * Turbo boost enabled ⚡ ### Storage Performance * NVMe SSD storage * Up to 100,000 IOPS * Sub-millisecond latency * Direct PCIe attachment 🏗️ ### Network and Caching * 10Gbps networking * Low-latency connectivity * Unlimited caching //Performance ## Optimized for Every CI/CD Workload Specialized optimizations for different types of build and test workloads ### Compilation Workloads 5x faster Optimized for C++, Rust, Go, and other compiled languages with parallel compilation support. Parallel builds Fast linking Incremental compilation Cache optimization ### Container Builds 3x faster Accelerated Docker builds with fast layer caching and multi-stage build optimization. Layer caching Parallel stages Build kit optimization Registry acceleration ### Test Execution 4x faster Fast test execution with parallel test runners and optimized test data loading. Parallel execution Fast I/O Memory caching Test isolation ### Package Management 6x faster Accelerated dependency resolution and package installation with intelligent caching. Dependency caching Parallel downloads Local mirrors Smart resolution //Quick Setup ## Deploy high-performance runners instantly Simple configuration to access baremetal x86-64 performance [View Performance Guide](/compare/github) ## 2x faster. ## 50-90% cheaper. ## Go Warp today. [Schedule a Call](https://cal.com/suryao/start)[Get Started](https://app.warpbuild.com) --- # Dedicated Enterprise Cloud | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/dedicated-cloud Description: Single-tenant GitHub Actions infrastructure in your preferred AWS or GCP region. Private networking, zero egress costs, simplified IAM. Fully managed by WarpBuild. Dedicated Enterprise Cloud # Your region. Our ops. Zero maintenance. Single-tenant WarpBuild infrastructure deployed in your preferred AWS or GCP region. Private networking. Zero egress. Zero maintenance. [Talk to Engineering](https://cal.com/suryao/start)[Compare Options](/products/enterprise) ### How it works We provision dedicated infrastructure in your chosen region. You configure VPC peering to your existing infrastructure. Runners access your internal services directly — no public internet, no egress fees, no hassle. ## Why Dedicated Cloud? The security of self-hosted. The simplicity of managed. The best of both. ### Zero Egress Costs Deploy in the same region as your infrastructure. Artifacts, dependencies, and data stay local. * Same-region deployment with your services * S3/GCS buckets accessible without egress * ECR/GAR pulls without cross-region fees * Typical savings: $10k-100k/month ### Zero Operation Overhead WarpBuild manages everything. Patching, scaling, monitoring. You just run jobs. * Fully managed by WarpBuild * Automatic security patching * 24/7 monitoring and alerting * Capacity planning handled ### Private Networking VPC peering and PrivateLink. Your network, your rules. * VPC peering to your infrastructure * PrivateLink for AWS services * Security group integration ### Simplified IAM No cross-account trust policies. Runners assume roles in your existing AWS/GCP accounts seamlessly. * Direct IAM role assumption * No complex trust relationships * Works with your existing policies ## Dedicated Cloud vs alternatives ### Self-hosted (ARC) * •Kubernetes expertise required * •Security patching burden * •Scaling complexity * •On-call overhead ### BYOC * •You manage cloud costs * •IAM setup complexity * •Some ops overhead * •Multi-account management ### Dedicated Cloud * Zero ops burden * Simple IAM integration * Predictable pricing * WarpBuild manages all ## Technical specifications ### Compute Instance types All x86-64 and arm64 High-performance caching Enabled Instant Job Start <10s Concurrency Unlimited ### Networking VPC peering Supported PrivateLink AWS supported Custom rules Full traffic control Egress Your region, no costs ### Storage & Cache Cache backend S3/GCS in your region Artifact storage Configurable Warm pools Included Snapshots Available ### Security Ephemeral runners No code access Zero data retention Supported SSO/SCIM Included SOC2 Type II Certified ## Available regions Deploy where your infrastructure lives. Any AWS or GCP region. ### AWS us-east-1us-west-2eu-west-1eu-central-1ap-southeast-1ap-northeast-1...any region ### GCP us-central1us-east1europe-west1europe-west4asia-east1asia-southeast1...any region ### Predictable pricing Volume-based pricing with committed use discounts. No surprise cloud bills — we handle the infrastructure costs. You pay one predictable fee. Annual contracts availableVolume discountsPrice match guarantee ## Ready for dedicated infrastructure? Let's architect it. [View Enterprise](/products/enterprise)[Talk to Engineering](https://cal.com/suryao/start) --- # Enterprise | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/enterprise Description: Enterprise-grade GitHub Actions runners with SOC2 compliance, BYOC deployment, SSO, and 99.9% SLA. 40% cheaper than self-hosting on Kubernetes. Enterprise # GitHub Actions for Enterprise SOC2 compliant. BYOC or dedicated cloud. SSO with SCIM. 40% cheaper than self-hosting on Kubernetes. [Get Started](https://app.warpbuild.com)[Talk to Engineering](https://cal.com/suryao/start) 40% cheaper than ARC guaranteed <10s cold start warm pools 99.9% uptime SLA contractual 24/7 support dedicated Slack ## Choose your deployment Both options include full enterprise features. Pick what fits your security requirements. ### Bring Your Own Cloud Deploy runners in your existing AWS, GCP, or Azure accounts. Full control over infrastructure. $0.002/minorchestration fee only * Runners in your VPCs * You pay cloud costs directly * Caching & snapshots free * Unlimited accounts [Learn more](/products/ci/byoc) ### Dedicated Enterprise Cloud WarpBuild-managed infrastructure in your preferred region. Zero ops, maximum security. Customvolume-based pricing * Single-tenant infrastructure * Any AWS/GCP region * Private networking included * Managed by WarpBuild [Learn more](/products/dedicated-cloud) ## Enterprise capabilities Everything you need to run GitHub Actions at scale, securely. ### Infrastructure Control BYOC— Deploy to your AWS, GCP, or Azure VPCs Dedicated Enterprise Cloud— Zero maintenance WarpBuild cloud in any region Custom AMIs— Bring your own images with pre-installed deps Private Networking— VPC peering, PrivateLink, no public IPs ### Security & Compliance SOC2 Type II— Annual audits + penetration testing SAML SSO— Okta, Azure AD, Google Workspace SCIM Provisioning— Automated user lifecycle management Audit Logs— Full API audit trail, exportable ### Performance & Scale ∞ Concurrency— No job queue limits, instant provisioning 99.9% SLA— Backed by credits, contractual guarantee Warm Pools— Jobs start in <10s Global Regions— Run close to your infrastructure ### Developer Experience SSH Debug— ssh into failed jobs instantly Observability— Correlate system metrics and job logs GitHub Enterprise— Full GHES + GHEC support Terraform Provider— Infrastructure as code 🔒 ### SOC2 Type II Certified Independently audited. Annual penetration testing. Full audit report available. Security controls verifiedContinuous monitoring [View Trust Center](https://trust.warpbuild.com) ## Ready to scale your CI? Let's talk. [Get Started](https://app.warpbuild.com)[Schedule a Call](https://cal.com/suryao/start) --- # Region-Specific Infrastructure | WarpBuild | WarpBuild URL: https://www.warpbuild.com/products/region-specific-infrastructure Description: Pin your CI data to a specific cloud region for data residency, and eliminate all ingress and egress costs from your cloud. Available on enterprise plans. Enterprise # Your data stays in your region. Region-specific infrastructure pins any data you choose to the region you choose - and eliminates all ingress and egress costs from your cloud. Data residency and a smaller cloud bill, in one move. [Talk to Engineering](https://cal.com/suryao/start)[View Enterprise](/products/enterprise) ### How it works WarpBuild provisions runner infrastructure in the region you select. Any data you choose - caches, artifacts, logs - is stored and processed in that region only. Because runners sit next to your registries, buckets, and services, your cloud no longer bills you for data moving in or out. ## Why region-specific infrastructure? Compliance teams get residency. Finance gets a smaller cloud bill. Engineering changes one runner label. ### Data Residency Choose a region, and any data you choose stays in that region. Source code, caches, artifacts, and logs never leave it. * Pin data to any AWS or GCP region * Caches and artifacts stored in-region * Meet GDPR and regional compliance requirements * Pairs with GitHub Enterprise data residency ### Zero Ingress / Egress Costs Runners live in the same region as your data, so cross-region and internet data transfer charges from your cloud disappear entirely. * ECR / GAR image pulls without transfer fees * S3 / GCS reads and writes stay in-region * No NAT gateway processing charges for build traffic * Not applicable to macOS instances ### Compliance Without Ops Get the residency guarantees auditors ask for without running your own runner fleet. * SOC2 Type II certified infrastructure * Single-tenant, ephemeral runners * Fully managed by WarpBuild ### Same WarpBuild Performance Region pinning doesn't slow anything down. If anything, builds get faster because data is closer. * Warm pools and <10s job starts * Unlimited concurrency * Lower latency to your in-region services ## Where the savings come from When builds run outside your cloud region, every image pull, artifact download, and dependency fetch is billed as data transfer. In-region, those line items go to zero. ECR / container registry pullsCross-region transfer fees on every image pullFree, in-region S3 / GCS artifacts and cachesEgress charges on every downloadFree, in-region Internal services and databasesInternet or cross-region egressFree, in-region Zero ingress/egress applies to Linux and Windows runners. It is not applicable to macOS instances, which run on dedicated Apple Silicon hardware outside your cloud. ### Available on enterprise plans Region-specific infrastructure is part of the WarpBuild enterprise plan, alongside [Dedicated Cloud](/products/dedicated-cloud) and [BYOC](/products/ci/byoc). Tell us your region and we'll handle the rest. Any AWS or GCP regionFully managed by WarpBuildNo workflow changes beyond the runner label ## Keep your data home. Drop the transfer bill. [View Pricing](/pricing)[Schedule a Call](https://cal.com/suryao/start) --- # WarpBuild Documentation Base URL: https://www.warpbuild.com/docs # Cloud Runners URL: https://www.warpbuild.com/docs/ci/cloud-runners Description: Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud --- title: "Cloud Runners" excerpt: "Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud" description: "Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud" icon: ServerCog createdAt: "2023-12-11" updatedAt: "2026-06-12" --- WarpBuild runners are built to be the fastest CI/CD platform in the world. We pair the fastest processors with blazing fast SSDs and high bandwidth networking to give you the best performance possible. WarpBuild runners are designed to be drop-in replacements for GitHub-hosted runners. They are fully compatible with GitHub Actions. Refer to the customizations section for more information. All WarpBuild runners are run on ephemeral VMs for maximum isolation and security. This means that they are freshly allocated when you need them and destroyed when the workflow is complete. We currently support Linux on `x86-64` and `ARM64` architectures and macOS on `ARM64`. On enterprise plans, cloud runners can be deployed on region-specific infrastructure: any data you choose remains in that specific region, and all ingress and egress costs from your cloud are eliminated (not applicable to macOS instances). See [region-specific infrastructure](/products/region-specific-infrastructure) or contact [support@warpbuild.com](mailto:support@warpbuild.com) to enable it. ## Linux x86-64 | Runner Tag | OS | CPU | Memory | Storage | Price | Aliases | | -------------------------- | ------------ | ------- | ------ | --------- | ------------- | ------------------------ | | warp-ubuntu-latest-x64-2x | Ubuntu 24.04 | 2 vCPU | 7GB | 150GB SSD | $0.004/minute | warp-ubuntu-2404-x64-2x | | warp-ubuntu-latest-x64-4x | Ubuntu 24.04 | 4 vCPU | 16GB | 150GB SSD | $0.008/minute | warp-ubuntu-2404-x64-4x | | warp-ubuntu-latest-x64-8x | Ubuntu 24.04 | 8 vCPU | 32GB | 150GB SSD | $0.016/minute | warp-ubuntu-2404-x64-8x | | warp-ubuntu-latest-x64-16x | Ubuntu 24.04 | 16 vCPU | 64GB | 150GB SSD | $0.032/minute | warp-ubuntu-2404-x64-16x | | warp-ubuntu-latest-x64-32x | Ubuntu 24.04 | 32 vCPU | 128GB | 150GB SSD | $0.064/minute | warp-ubuntu-2404-x64-32x | | warp-ubuntu-2204-x64-2x | Ubuntu 22.04 | 2 vCPU | 7GB | 150GB SSD | $0.004/minute | | | warp-ubuntu-2204-x64-4x | Ubuntu 22.04 | 4 vCPU | 16GB | 150GB SSD | $0.008/minute | | | warp-ubuntu-2204-x64-8x | Ubuntu 22.04 | 8 vCPU | 32GB | 150GB SSD | $0.016/minute | | | warp-ubuntu-2204-x64-16x | Ubuntu 22.04 | 16 vCPU | 64GB | 150GB SSD | $0.032/minute | | | warp-ubuntu-2204-x64-32x | Ubuntu 22.04 | 32 vCPU | 128GB | 150GB SSD | $0.064/minute | | The Linux x86-64 runner images have the same tooling installed as GitHub-hosted runners. Runner storage is ephemeral and will be deleted when the runner is terminated. Nested virtualization / `/dev/kvm` access (needed for Android emulator CI and similar workloads) is available on request. See [Nested virtualization](/docs/ci/features/nested-virtualization) for more details. ## Linux ARM64 `Breaking Change`: The arm64 images for ubuntu-22.04 have been deprecated on March 31, 2025. `Disparity`: The arm64 images for ubuntu-24.04 have their work dir set as `/runner/_work`, which is different from GitHub's work dir `/home/runner/work/` for the same instance. Workloads requiring nested virtualization (e.g., Android emulator CI) are currently not supported on ARM64 runners. Please use our x86-64 runners for these workloads. See [Nested virtualization](/docs/ci/features/nested-virtualization) for more details. If you need nested virtualization on ARM64, reach out to us at [support@warpbuild.com](mailto:support@warpbuild.com). | Runner Tag | OS | CPU | Memory | Storage | Price | Aliases | | ---------------------------- | ------------------------ | ------- | ------ | --------- | ------------- | -------------------------- | | warp-ubuntu-latest-arm64-2x | Ubuntu 24.042 | 2 vCPU | 7GB | 150GB SSD | $0.003/minute | warp-ubuntu-2404-arm64-2x | | warp-ubuntu-latest-arm64-4x | Ubuntu 24.042 | 4 vCPU | 16GB | 150GB SSD | $0.006/minute | warp-ubuntu-2404-arm64-4x | | warp-ubuntu-latest-arm64-8x | Ubuntu 24.042 | 8 vCPU | 32GB | 150GB SSD | $0.012/minute | warp-ubuntu-2404-arm64-8x | | warp-ubuntu-latest-arm64-16x | Ubuntu 24.042 | 16 vCPU | 64GB | 150GB SSD | $0.024/minute | warp-ubuntu-2404-arm64-16x | | warp-ubuntu-latest-arm64-32x | Ubuntu 24.042 | 32 vCPU | 128GB | 150GB SSD | $0.048/minute | warp-ubuntu-2404-arm64-32x | 2 The Linux ARM64 runners based on Ubuntu 24.04 LTS are compatible with GitHub's Ubuntu 24.04 ARM64 runners. For more details on the available tooling, refer to [this link.](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md) ## MacOS M4 Pro on ARM64 | Runner Tag | CPU | Memory | Storage | Price | Aliases | | ----------------------- | ------- | ------ | --------- | ------------ | --------------------------- | | warp-macos-26-arm64-6x | 6 vCPU | 22GB | 120GB SSD | $0.08/minute | | | warp-macos-26-arm64-12x | 12 vCPU | 44GB | 270GB SSD | $0.16/minute | | | warp-macos-15-arm64-6x | 6 vCPU | 22GB | 120GB SSD | $0.08/minute | warp-macos-latest-arm64-6x | | warp-macos-15-arm64-12x | 12 vCPU | 44GB | 270GB SSD | $0.16/minute | warp-macos-latest-arm64-12x | | warp-macos-14-arm64-6x | 6 vCPU | 22GB | 120GB SSD | $0.08/minute | | `Breaking Change`: macOS 13 runners have been removed as of June 8, 2026. Please migrate to macOS 14, macOS 15, or macOS 26 runners. The comparable GitHub-hosted runner is `macos-latest-xlarge` with 6 vCPUs (M1) and 14GB of memory. The WarpBuild runner is 60% faster than the GitHub-hosted runner and is 2x cheaper. WarpBuild provides M4 Pro based MacOS runners built on Apple Silicon with ARM64 architecture. These runners have the same tooling pre-installed as GitHub-hosted runners, functioning as drop-in replacements. Compared to the Intel-based runners, the M4 Pro based runners can be up to 8x faster. 1. `macos-latest` runners from GitHub are based on M1 processors and are significantly slower than the M4 Pro based runners. 2. MacOS runners do not support nested virtualization and cannot run docker. 3. MacOS runners latest tag has been switched to `macos-15` in sync with GitHub's `macos-latest` tag. ## Windows x86-64 | Runner Tag | OS | CPU | Memory | Storage | Price | Aliases | | --------------------------- | ------------------- | ------- | ------ | --------- | ------------- | ------------------------- | | warp-windows-latest-x64-4x | Windows Server 2022 | 4 vCPU | 16GB | 256GB SSD | $0.016/minute | warp-windows-2022-x64-4x | | warp-windows-latest-x64-8x | Windows Server 2022 | 8 vCPU | 32GB | 256GB SSD | $0.032/minute | warp-windows-2022-x64-8x | | warp-windows-latest-x64-16x | Windows Server 2022 | 16 vCPU | 64GB | 256GB SSD | $0.064/minute | warp-windows-2022-x64-16x | | warp-windows-latest-x64-32x | Windows Server 2022 | 32 vCPU | 128GB | 256GB SSD | $0.128/minute | warp-windows-2022-x64-32x | | warp-windows-2025-x64-4x | Windows Server 2025 | 4 vCPU | 16GB | 256GB SSD | $0.016/minute | | | warp-windows-2025-x64-8x | Windows Server 2025 | 8 vCPU | 32GB | 256GB SSD | $0.032/minute | | | warp-windows-2025-x64-16x | Windows Server 2025 | 16 vCPU | 64GB | 256GB SSD | $0.064/minute | | | warp-windows-2025-x64-32x | Windows Server 2025 | 32 vCPU | 128GB | 256GB SSD | $0.128/minute | | The Windows x86-64 runner images have the same tooling installed as GitHub-hosted runners. Runner storage is ephemeral and will be deleted when the runner is terminated. **Windows Server 2025 runners** are now available, providing the latest Windows Server platform with enhanced performance, security features, and improved compatibility. These runners include all the latest Windows updates and modern development tools. `Breaking Change`: Windows 2vCPU runners have been removed as of June 8, 2026. Please use 4vCPU or larger runners. ## Spot Instances `Breaking Change`: Cloud spot runners have been removed as of June 8, 2026. All `*-spot` runner labels on WarpBuild Cloud are no longer available. For spot instance support, use [BYOC runners](/docs/ci/byoc) with AWS, GCP, or Azure. ## Concurrency The features that are Generally Available (GA) support unlimited concurrency. This means that workflows can spin up any number of jobs in parallel, and any number of workflows can run in parallel. The features that are in beta support may not support unlimited concurrency. ## Caching WarpBuild provides a blazing fast, unlimited cache for GitHub Action runners. This cache can be used to store build artifacts, dependencies, and other files that are needed across builds. The cache is designed to be fast, reliable, and secure. The cache is available on all Linux based runners and is enabled by default. More details can be found in the [cache documentation](/docs/ci/features/caching). Warpbuild caches aren't supported for windows based runners. ## WarpBuild Agent The WarpBuild agent is present on the runner and is used to communicate with the WarpBuild platform for runner configuration and cleanup. The agent is open source and can be found [here](https://github.com/WarpBuilds/warpbuild-agent). The agent collects telemetry data using port 33931 for monitoring and diagnostics. For more information about telemetry collection and network requirements, see our [observability documentation](/docs/ci/features/observability). ## Image Update Policy WarpBuild regularly updates runner images to include the latest security patches, tooling updates, and compatibility improvements. Image updates are documented in our [changelog](/docs/ci/changelog). For detailed information about pre-installed software on each image, see the [preinstalled software documentation](/docs/ci/preinstalled-software). --- # June 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-june Description: List of updates in 2026-June --- title: "June 2026" slug: "2026-June" description: "List of updates in 2026-June" sidebar_position: -30 createdAt: "2026-06-03" updatedAt: "2026-06-11" --- ### June 11, 2026 - `Feature`: **Nested virtualization** - Enable KVM/nested virtualization on Linux x86-64 runners by adding `nested-virtualization.enabled=true` to your `runs-on` labels. See the [Nested Virtualization docs](/docs/ci/features/nested-virtualization) for usage and the required KVM permissions step. ### June 8, 2026 - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20260525.149) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20260525.178) has been updated. - `Enhancement`: [macOS 15 ARM64 image](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20260527.0100) has been updated. - `Deprecation`: Following up on the deprecation communications sent out on May 5th (subject: *WarpBuild - observability, snapshot key change, May 31 deprecations*): - **macOS 13 runners have been removed.** The `warp-macos-13-arm64-6x` runner is no longer available. Please migrate to macOS 15, or macOS 26 runners. - **Cloud spot runners have been removed.** All `*-spot` runner labels on WarpBuild Cloud are no longer available. For spot instance support, use [BYOC runners](/docs/ci/byoc) with AWS, GCP, or Azure. - **Windows 2x runners have been removed.** The `warp-windows-latest-x64-2x`, `warp-windows-2025-x64-2x` and `warp-windows-2022-x64-2x` runner labels are no longer available. Please use 4x or larger sizes. - **Custom cloud runners have been removed.** Custom runner configurations on WarpBuild Cloud are no longer available. Please use the standard runner sizes or [BYOC runners](/docs/ci/byoc) for custom configurations. - **Legacy dashboard-based snapshot enablement has been removed.** Runners previously configured with snapshots enabled from the dashboard will no longer use snapshots. To continue using snapshot runners, migrate to the label-based configuration by adding `snapshot.enabled=true` or `snapshot.key=` to your `runs-on` labels. See the [Snapshot Runners docs](/docs/ci/features/snapshot-runners) for migration details. ### June 3, 2026 - `Feature`: **GitHub Enterprise support** - Connect WarpBuild runners to GitHub Enterprise Server (GHES) and GitHub Enterprise Cloud with data residency by registering your own GitHub App. Available on the Enterprise plan. Read more in the [GitHub Enterprise docs](/docs/ci/ghe). - `Enhancement`: [Ubuntu 22.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20260525.156) has been updated. - `Enhancement`: [Ubuntu 24.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260525.161) has been updated. - `Enhancement`: [Ubuntu 24.04 ARM64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24-arm64%2F20260531.15) has been updated. --- # Nested Virtualization URL: https://www.warpbuild.com/docs/ci/features/nested-virtualization Description: Which WarpBuild runner classes expose /dev/kvm, and how to enable it with runs-on labels for Android emulators and other KVM-dependent workloads --- title: "Nested Virtualization" excerpt: "KVM and nested virtualization support on WarpBuild runners" description: "Which WarpBuild runner classes expose /dev/kvm, and how to enable it with runs-on labels for Android emulators and other KVM-dependent workloads" icon: Layers createdAt: "2026-04-22" updatedAt: "2026-06-11" --- Some CI workloads need **nested virtualization** in the runner guest to use hardware acceleration via `/dev/kvm`. The most common example is [`reactivecircus/android-emulator-runner`](https://github.com/ReactiveCircus/android-emulator-runner) for Android instrumentation tests, but some QEMU and libvirt workflows also need it. ## Usage Enable nested virtualization by adding `nested-virtualization.enabled=true` to the `runs-on` label in your workflow: ```yaml jobs: instrumentation-tests: runs-on: warp-ubuntu-latest-x64-4x;nested-virtualization.enabled=true ``` WarpBuild provisions the runner on hardware that supports nested virtualization and exposes the virtualization extensions to the guest, making `/dev/kvm` available. ## Support matrix | Runner class | Nested virtualization supported | | ------------------------ | ------------------------------- | | Linux x86-64 (standard) | Yes, via `runs-on` label | | Linux ARM64 | No | | Windows | No | | macOS | No | | BYOC | No | If you include the `nested-virtualization.enabled=true` label on an unsupported runner type, the label will be **silently ignored** and the job will run normally without nested virtualization. ## Android emulator workflows require a permissions step Once `/dev/kvm` is available on the runner, the default device permissions (`crw-rw---- root:kvm`) still prevent the `runner` user from opening it so the following step is required before running `reactivecircus/android-emulator-runner`: ```yaml - name: Enable KVM group perms run: | echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ | sudo tee /etc/udev/rules.d/99-kvm4all.rules sudo udevadm control --reload-rules sudo udevadm trigger --name-match=kvm ``` The step is not a WarpBuild-specific workaround and is required in all GitHub and GitHub-compatible runners. See [Android emulator action's README](https://github.com/ReactiveCircus/android-emulator-runner#running-hardware-accelerated-emulators-on-linux-runners) and GitHub's blog about [hardware-accelerated Android virtualization](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/). Without this step, the Android emulator action's `ProbeKVM` check fails and it silently launches the emulator with `-accel off`, falling back to pure software emulation, which is substantially slower than hardware-accelerated execution. Symptoms in your workflow logs: 1. `ProbeKVM: This user doesn't have permissions to use KVM (/dev/kvm).` 2. `Disabling Linux hardware acceleration.` 3. The emulator command line includes `-accel off`. After adding the step, those messages disappear and tests run with hardware acceleration. --- # API Reference URL: https://www.warpbuild.com/docs/api Description: The WarpBuild HTTP API — authenticate with an API key and integrate programmatically. --- title: API Reference description: The WarpBuild HTTP API — authenticate with an API key and integrate programmatically. --- The WarpBuild API is served at `https://api.warpbuild.com/api/v1`. ## Authentication Create an API key (a `wkey-…`) with the `ci` scope from your dashboard, then send it as a Bearer token: ```bash curl -H "Authorization: Bearer wkey-…" \ "https://api.warpbuild.com/api/v1/reports/billing/ci?start_date=2026-05-01T00:00:00Z&end_date=2026-06-01T00:00:00Z" ``` The same key works for the per-job billing CSV (`?format=csv`), daywise costs, and the other endpoints listed in the sidebar. ## Stability Every operation is annotated with an `x-stability` level and every response carries an `X-WarpBuild-API-Stability` header. All endpoints are currently **alpha** — expect breaking changes and pin only to documented behavior. --- # AWS Marketplace Billing URL: https://www.warpbuild.com/docs/ci/aws-marketplace-billing Description: Enable billing through AWS Marketplace for WarpBuild CI products --- title: "AWS Marketplace Billing" excerpt: "Enable billing through AWS Marketplace for WarpBuild CI products" description: "Enable billing through AWS Marketplace for WarpBuild CI products" createdAt: "2025-10-08" updatedAt: "2026-03-09" --- ## Setup You can subscribe to WarpBuild CI products directly through [AWS Marketplace](https://aws.amazon.com/marketplace). 1. Find our product on AWS Marketplace and click `View purchase options`. ![AWS Marketplace Product Page](./img/aws-marketplace-billing/product_page.png) 2. Review the offer and click the `Subscribe` button at the bottom of the page. 3. While the subscription is being created, click the `Set up your account` button at the top of the page. ![Setup your Account](./img/aws-marketplace-billing/setup.png) You can also do this after the subscription is created, in which case the callout will look like this: ![Setup your Account](./img/aws-marketplace-billing/setup_2.png) 4. You will be redirected to a page where you can select the organization to connect this subscription to. You must be an admin of the organization. 1. If you are not logged in, you will be prompted to log in first. 2. If the subscription is already connected to an organization, you will see a message saying *"This AWS account is already linked to a WarpBuild organization"*. 3. This step can only be done by organization admins. ![Select an organization](./img/aws-marketplace-billing/org_picker.png) 5. Once connected, the subscription will be activated shortly. If the subscription is not yet active, the billing dashboard will show the following message: ![Subscription not active](./img/aws-marketplace-billing/post_onboard_inactive.png) When the subscription is activated, the billing dashboard will show this: ![Subscription active](./img/aws-marketplace-billing/post_onboard_active.png) 6. You can now start using WarpBuild CI products. ## Limitations - AWS Marketplace billing does not support free credits. - You cannot use Helios with AWS Marketplace billing. - We bill organization usage on a daily basis. Billing occurs every day at 12:15 AM UTC for the previous day. Therefore, the costs on AWS Marketplace might not match the actual costs you see on our billing dashboard. --- # Common Issues URL: https://www.warpbuild.com/docs/ci/common-issues Description: Common issues and troubleshooting for WarpBuild runners --- title: "Common Issues" excerpt: "Common issues and troubleshooting for WarpBuild runners" description: "Common issues and troubleshooting for WarpBuild runners" icon: Bug createdAt: "2026-01-06" updatedAt: "2026-04-22" --- ## Overview Refer to this page if your runners aren't picking up jobs, after you onboarded. ## Bot permissions Check if the WarpBuild bot has access to the repo. Navigate to [WarpBuild Account](https://app.warpbuild.com/settings/account) > Click on 'Configure Runners' for the GitHub connection. And check the list of repositories. ## Runner group checks ### Default runner group 1. If you are using a public repo, please validate that you have enabled WarpBuild on your [public repos](/docs/ci/public-repos#enable-warpbuild-runners-in-public-repositories). ### Non-default runner group If you are using a non-default runner group, which can be validated by going to [WarpBuild](https://app.warpbuild.com/ci) > Runners > Default GitHub Runner Group. ![Github Runner Group](./img/common-issues/runner-group.png) 1. Check if this runner group has access to the repo. Navigate to [Github](https://github.com) > Organization Settings > Actions > Runner Groups > Click on the runner group which is selected on WarpBuild. ![Runner Group Setting](./img/common-issues/runner-group-gh.png) 2. Check if there are workflow restrictions. GitHub supports restricting workflows based on workflow path, sha, branch and tags. For example, `monalisa/octocat/.github/workflows/cd.yaml@refs/heads/main` only picks jobs of cd.yaml on main. ## Android instrumentation tests are slow or don't work If an Android CI job using [`reactivecircus/android-emulator-runner`](https://github.com/ReactiveCircus/android-emulator-runner) is taking much longer than usual, the emulator has likely fallen back to software emulation because it couldn't access `/dev/kvm`. Add this step before the emulator step: ```yaml - name: Enable KVM group perms run: | echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ | sudo tee /etc/udev/rules.d/99-kvm4all.rules sudo udevadm control --reload-rules sudo udevadm trigger --name-match=kvm ``` This is required in all GitHub compatible runners. [Learn more](/docs/ci/features/nested-virtualization#android-emulator-workflows-require-a-permissions-step). ### Running Dependabot ![Allow Dependabot](./img/cloud-runners/custom-runners/dependabot.png) This setup will run all your Dependabot workflows on WarpBuild custom runners. For security reasons, when running Dependabot on GitHub Actions self-hosted runners, Dependabot updates will not be run on public repositories. [Learn More](https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners). --- # Docker Builders URL: https://www.warpbuild.com/docs/ci/docker-builders Description: Build Docker images with WarpBuild --- title: "Docker Builders" excerpt: "Build Docker images with WarpBuild" description: "Build Docker images with WarpBuild" icon: Container createdAt: "2025-03-03" updatedAt: "2026-04-24" --- WarpBuild provides powerful Docker builders that significantly accelerate your Docker build times, delivering superior performance for your containerization workflow. ## Features - 🚀 Fast Docker builds with WarpBuild's remote builder nodes. - 🔄 Automatic Docker BuildX integration. - 🔐 Secure TLS authentication. - 🌐 Works with both WarpBuild runners and non-WarpBuild runners. - 🔌 Integrate anywhere via API, supporting local development and various CI platforms (GitHub, GitLab, Bitbucket, Buildkite, etc.). - 🏗️ Multi-architecture builds (amd64, arm64) out of the box. ## See it in Action ![Docker builder in action](./img/docker-builders/benchmarks.png) Experience up to 50% faster Docker builds compared to traditional solutions. Our optimized builder infrastructure handles the heavy lifting so your CI/CD pipeline runs more efficiently. To get started with Docker builders, go to the [Docker Builders page](https://app.warpbuild.com/ci/docker-builders) and create a builder profile. ![View docker builders](./img/docker-builders/docker-builders.png) ## Concurrency Each builder profile corresponds to one optimized, dedicated Docker builder virtual machine with caching. Multiple jobs can run on the same builder profile in parallel and these will effectively run on the same VM in parallel. While there is no limit on the number of builds that can be run concurrently on a builder profile, the recommended minimum resource requirements for builders is approximately 8 vCPU and 16GB memory per build job. ## Usage ### Using WarpBuild's Build Push Action (Recommended) WarpBuild provides a drop-in replacement for the widely used `docker/build-push-action`. Our action automatically sets up the WarpBuild's Remote Docker builders for you. > Note: We recommend that you remove the `docker/setup-buildx-action` step from your workflow if you are only using it to setup builders. ```diff - name: Setup Buildx - uses: docker/setup-buildx-action@v3 name: Docker Build Push Action - uses: docker/build-push-action@v6 + uses: Warpbuilds/build-push-action@v6 # Uses WarpBuild Docker Builders with: context: . push: true tags: user/app:latest + profile-name: "super-fast-builder" # Specify the builder profile to use ``` Here's how you can use the `Warpbuilds/build-push-action` in your workflows, whether you are using WarpBuild Runners or non-WarpBuild Runners. ```yaml jobs: build: runs-on: warp-ubuntu-latest-x64-4x steps: - uses: actions/checkout@v3 - name: Build and push uses: Warpbuilds/build-push-action@v6 with: context: . push: true tags: user/app:latest profile-name: "super-fast-builder" api-key: ${{ secrets.WARPBUILD_API_KEY }} # Not required for WarpBuild Runners timeout: 600000 # The timeout(in ms) to wait for the Docker Builders to be ready. By default, it is 10 minutes ``` ### Using WarpBuild's Bake Action WarpBuild provides a drop-in replacement for the widely used `docker/bake-action`. Our action automatically sets up the WarpBuild's Remote Docker builders for you. > Note: We recommend that you remove the `docker/setup-buildx-action` step from your workflow if you are only using it to setup builders. ```diff - name: Setup Buildx - uses: docker/setup-buildx-action@v3 name: Docker Bake Action - uses: docker/bake-action@v6 + uses: Warpbuilds/bake-action@v6 # Uses WarpBuild Docker Builders with: context: . push: true tags: user/app:latest + profile-name: "super-fast-builder" # Specify the builder profile to use ``` Here's how you can use the `Warpbuilds/bake-action` in your workflows, whether you are using WarpBuild Runners or non-WarpBuild Runners. ```yaml jobs: build: runs-on: warp-ubuntu-latest-x64-4x steps: - uses: actions/checkout@v3 - name: Bake uses: Warpbuilds/bake-action@v6 with: context: . push: true set: | *.tags=user/app:latest profile-name: "super-fast-builder" api-key: ${{ secrets.WARPBUILD_API_KEY }} # Not required for WarpBuild Runners timeout: 600000 # The timeout(in ms) to wait for the Docker Builders to be ready. By default, it is 10 minutes ``` ### Using WarpBuild's Docker Configure Action For users wanting more control over their workflows, WarpBuild provides a `docker-configure` action. This action sets up the builder for you in the VM and outputs all their details which you can then use in your workflow. Although, we recommend using the `Warpbuilds/build-push-action` as it is easier to use, this action allows you to use builders with your custom steps. #### With WarpBuild Runners ```diff jobs: build: runs-on: warp-ubuntu-latest-x64-4x steps: - uses: actions/checkout@v4 - - name: Setup Buildx - - uses: docker/setup-buildx-action@v3 + - name: Configure WarpBuild Docker Builders + uses: Warpbuilds/docker-configure@v1 + with: + api-key: ${{ secrets.WARPBUILD_API_KEY }} # Not required on WarpBuild Runners + profile-name: "super-fast-builder" + timeout: 300000 # The timeout(in ms) to wait for the Docker Builders to be ready. By default, it is 5 minutes - name: Custom Build docker image run: | ... ``` Learn more about the outputs of the `docker-configure` action in the [docker-configure action docs](https://github.com/WarpBuilds/docker-configure/tree/main?tab=readme-ov-file#outputs). ### From CLI You can use WarpBuild's Docker builders directly from your CLI. 1. **Set your API key as an environment variable**: ```bash export WARPBUILD_API_KEY="your-api-key" ``` 2. **Assign builders from your profile**: ```bash # Generate a unique idempotency key (16 characters) - Optional IDEMPOTENCY_KEY=$(uuidgen | tr -d '-' | cut -c1-16) BUILDER_NAME="builder-$IDEMPOTENCY_KEY" # Request a builder assignment # Note: external_unique_id is optional but recommended for idempotency RESPONSE=$(curl -s -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $WARPBUILD_API_KEY" \ -d '{"profile_name": "your-profile-name", "external_unique_id": "'"$IDEMPOTENCY_KEY"'"}' \ https://api.warpbuild.com/api/v1/builders/assign) # Get all builder IDs and request IDs (we'll use the first one for this example) BUILDER_ID=$(echo $RESPONSE | jq -r '.builder_instances[0].id') REQUEST_ID=$(echo $RESPONSE | jq -r '.builder_instances[0].request_id') ``` 3. **Wait for builder to be ready and get details**: ```bash # Poll for builder details until status is ready echo "Waiting for builder to be ready..." while true; do DETAILS=$(curl -s -H "Authorization: Bearer $WARPBUILD_API_KEY" \ https://api.warpbuild.com/api/v1/builders/$BUILDER_ID/details) STATUS=$(echo $DETAILS | jq -r '.status') if [ "$STATUS" = "ready" ]; then echo "Builder is ready!" break elif [ "$STATUS" = "failed" ]; then echo "Builder failed to initialize" exit 1 fi echo "Builder status: $STATUS. Waiting..." sleep 2 done # Extract connection information HOST=$(echo $DETAILS | jq -r '.metadata.host') # Create certificate directory CERT_DIR="$HOME/.docker/warpbuild/$BUILDER_NAME/$BUILDER_ID" mkdir -p $CERT_DIR # Save certificates echo "$DETAILS" | jq -r '.metadata.ca' > $CERT_DIR/ca.pem echo "$DETAILS" | jq -r '.metadata.client_cert' > $CERT_DIR/cert.pem echo "$DETAILS" | jq -r '.metadata.client_key' > $CERT_DIR/key.pem ``` 4. **Create a buildx instance with your builder**: ```bash docker buildx create --name "$BUILDER_NAME" \ --node "$BUILDER_ID" \ --driver remote \ --driver-opt "cacert=$CERT_DIR/ca.pem" \ --driver-opt "cert=$CERT_DIR/cert.pem" \ --driver-opt "key=$CERT_DIR/key.pem" \ --use \ tcp://$HOST ``` 5. **Use the builder for your Docker builds**: ```bash docker buildx build --builder $BUILDER_NAME -t myimage:latest . ``` You can now use this builder for faster Docker builds directly from your terminal! 6. **Terminate the assigned builders after usage**: ```bash # Complete the builder session # To be done for all builder instances (we'll use the first one for this example) RESPONSE=$(curl -s -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $WARPBUILD_API_KEY" \ -d '{"request_id": "'"$REQUEST_ID"'", "external_unique_id": "'"$IDEMPOTENCY_KEY"'"}' \ https://api.warpbuild.com/api/v1/builder-session-requests/complete) # Remove the buildx builder configuration docker buildx rm $BUILDER_NAME --force ``` Note : User will be billed for entire duration till the assigned builders are terminated by user. #### Resetting the cache If you need to reset the cache for a builder profile, you can do so by using the following steps. 1. Get the builder profile id using the following command. ```bash curl -s -H "Authorization: Bearer $WARPBUILD_API_KEY" \ https://api.warpbuild.com/api/v1/builder-profiles?per_page=30&page=1 ``` 2. Reset the cache for the builder profile id. ```bash curl -s -X POST \ -H "Authorization: Bearer $WARPBUILD_API_KEY" \ https://api.warpbuild.com/api/v1/builder-profiles/$BUILDER_PROFILE_ID/cache/reset ``` #### Working with multiple builders If your assignment returns multiple builders, you can set up additional nodes: ```bash # For a second builder BUILDER_ID_2=$(echo $RESPONSE | jq -r '.builder_instances[1].id') REQUEST_ID_2=$(echo $RESPONSE | jq -r '.builder_instances[1].request_id') # Poll for builder details until status is ready echo "Waiting for second builder to be ready..." while true; do DETAILS_2=$(curl -s -H "Authorization: Bearer $WARPBUILD_API_KEY" \ https://api.warpbuild.com/api/v1/builders/$BUILDER_ID_2/details) STATUS_2=$(echo $DETAILS_2 | jq -r '.status') if [ "$STATUS_2" = "ready" ]; then echo "Second builder is ready!" break elif [ "$STATUS_2" = "failed" ]; then echo "Second builder failed to initialize" exit 1 fi echo "Builder status: $STATUS_2. Waiting..." sleep 2 done # Extract connection information HOST_2=$(echo $DETAILS_2 | jq -r '.metadata.host') # Create certificate directory CERT_DIR_2="$HOME/.docker/warpbuild/$BUILDER_NAME/$BUILDER_ID_2" mkdir -p $CERT_DIR_2 # Save certificates echo "$DETAILS_2" | jq -r '.metadata.ca' > $CERT_DIR_2/ca.pem echo "$DETAILS_2" | jq -r '.metadata.client_cert' > $CERT_DIR_2/cert.pem echo "$DETAILS_2" | jq -r '.metadata.client_key' > $CERT_DIR_2/key.pem # Append second builder to existing buildx instance docker buildx create --name "$BUILDER_NAME" \ --append \ --node "$BUILDER_ID_2" \ --driver remote \ --driver-opt "cacert=$CERT_DIR_2/ca.pem" \ --driver-opt "cert=$CERT_DIR_2/cert.pem" \ --driver-opt "key=$CERT_DIR_2/key.pem" \ --use \ tcp://$HOST_2 ``` With multiple builders configured, your buildx instance can distribute build workloads more efficiently. ### Multi platform builds WarpBuild supports multi-platform builds for Docker images. You can specify the platforms you want to build for using the `platforms` option in the `docker/build-push-action`. > Note: Make sure that the builder profile being used has both architectures enabled in WarpBuild UI. ```yaml platforms: linux/amd64,linux/arm64 ``` ### Deleting a Builder Profile You can delete a builder profile from the [Docker Builders page](https://app.warpbuild.com/dashboard/runners/builder-profiles). It is necessary to wait for all the builds to finish before deleting a builder profile. ![Delete a builder profile](./img/docker-builders/builder-profiles-delete.png) ## Pricing Docker builders are billed per **session**. A session is measured from when the builder action starts until the job completes. Multiple concurrent jobs using the same builder profile share one session, billed from the first job's start to the last job's completion. | Size | Price / min | Architectures | | ------------------------------ | ----------- | -------------------- | | 16vCPU, 32GB RAM, 100GB Disk | $0.06 | amd64, arm64, multi | | 32vCPU, 64GB RAM, 200GB Disk | $0.12 | amd64, arm64, multi | | 64vCPU, 128GB RAM, 200GB Disk | $0.24 | amd64, arm64, multi | | 96vCPU, 192GB RAM, 600GB Disk | $0.36 | amd64 only | | 96vCPU, 192GB RAM, 2TB Disk | $0.52 | amd64 only | | 192vCPU, 384GB RAM, 600GB Disk | $0.72 | amd64 only | | 192vCPU, 384GB RAM, 2TB Disk | $0.88 | amd64 only | > **Note:** arm64 and multi-arch builder profiles support a maximum size of 64 vCPU. The 96 vCPU and 192 vCPU sizes are only available for amd64-only profiles. For multi-arch builds, each architecture runs on a separate builder instance, resulting in one session per architecture. However, multi-arch builders create two sessions for the same builder profile, one for each architecture. These sessions are alive until the post-action steps are complete. **Example:** Two jobs (J1 and J2) use the same x64 builder profile with overlapping execution: - J1: builder starts at t1, job completes at t2 - J2: builder starts at t3, job completes at t4 - Timeline: t1 < t3 < t2 < t4 → **Billed as one session** from t1 to t4. If both jobs use multi arch profile, you would have 2 parallel sessions for the builders one each for x64 and arm64, billed independently. ## F.A.Q. ### How does caching work for concurrent builds? For caching behavior between concurrent builds, note that the cache is shared but `eventually consistent`. This means that layer caching from one build may not be immediately available to another concurrent build, but will be available for future builds after synchronization occurs. ### Does the builder cache/data have any TTL? Yes, the builder cache/data has a TTL of 10 Days. If the builder profile is not used for more than 10 days, it will be reset automatically. ### Docker Builder is timing out Docker Builders have timeout built-in so that users don't get charged for builders that are idle. We recommend that you invoke the `WarpBuilds/docker-configure` action just before the `build-and-push` action or any other step that performs docker build. ### How to use `cache-to` and `cache-from` with Docker Builders When using Docker Builders, the `cache-to` and `cache-from` options are not required. A cached Docker Builder will automatically cache the layers and reuse them for subsequent builds. ```diff - name: Older Docker WarpCache Backend - uses: docker/build-push-action@v6 - with: - context: . - push: false - tags: "alpine/warpcache:latest" - cache-from: type=gha,url=http://127.0.0.1:49160/ - cache-to: type=gha,url=http://127.0.0.1:49160/,mode=max + name: New WarpBuild Docker Builders + uses: Warpbuilds/docker-configure@v1 + with: + profile-name: "super-fast-builder" + name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + push: false + tags: "alpine/warpcache:latest" ``` ### Is the size of the Docker machine related to the the GitHub runner? No, the size of the Docker machine is not limited by or related to the size of the GitHub runner used. It is determined by the size of the builder profile that you have selected. ### Do I get charged for both the GitHub runner and the WarpBuild Docker builder runtime? Yes. These are two separate, independent resources and you will be charged for both. ### `exec format error` while building for arm64 / multi-platform builds This is likely because the builder profile does not have the correct architectures selected for your builder profile. Ensure the builder profile has both the architectures enabled. --- # Feature Matrix URL: https://www.warpbuild.com/docs/ci/feature-matrix Description: Matrix of all features supported by WarpBuild --- title: "Feature Matrix" excerpt: "Features - WarpBuild" description: "Matrix of all features supported by WarpBuild" createdAt: "2024-10-04" updatedAt: "2026-06-08" icon: Grid3x3 --- The complete list of features supported by WarpBuild. ## Feature Matrix | Feature | WarpBuild Cloud | BYOC: AWS | BYOC: GCP | BYOC: Azure | | ---------------------------------- | ------------------------- | ------------ | ------------ | ------------ | | Linux runners: x86-64 | 22.04, 24.04 | 22.04, 24.04 | 22.04, 24.04 | 22.04, 24.04 | | Linux runners: arm64 | 24.04 | 24.04 | 24.04 | 24.04 | | MacOS runners: arm64 (M4 Pro) | macos14, macos15, macos26 | - | - | - | | Windows runners: x86-64 | ✅ | ✅ | ⏳ | ✅ | | Static IPs | ❌ | ✅ | ✅ | ✅ | | Standby disks (fast boot) | ✅ | ✅ | ✅ | ✅ | | Custom VM images | - | ✅ | ✅ | ✅ | | GPU support | ⏳ | ⏳ | ⏳ | ⏳ | | Unlimited cache | ✅ | ✅ | ✅ | ✅ | | Container layer caching | ✅ | ✅ | ✅ | ✅ | | Spot instances | ❌ | ✅ | ✅ | ✅ | | Snapshot runners | ✅ | ❌ | ❌ | ❌ | | Create BYOC stack resources | - | ✅ | ✅ | ✅ | | Import BYOC stack resources | - | ✅ | ❌ | ❌ | | Custom resource tags | - | ✅ | ⏳ | ⏳ | | Custom service account (IAM) roles | - | ✅ | ✅ | ⏳ | | Local SSD support | ✅ | ⏳ | ⏳ | ⏳ | | Network addons (Tailscale) | ✅ | ✅ | ✅ | ✅ | | Resource utilization metrics and logs | ✅ | ✅ | ✅ | ✅ | ## Feature requests Contact us at [support@warpbuild.com](mailto:support@warpbuild.com) with any feature requests or questions. We are always looking to improve WarpBuild and make it more useful for our users. --- # GitHub Enterprise App URL: https://www.warpbuild.com/docs/ci/ghe Description: Register a GitHub App on your GitHub Enterprise instance and install WarpBuild runners against your enterprise organizations. --- title: "GitHub Enterprise App" excerpt: "Connect WarpBuild runners to GitHub Enterprise" description: "Register a GitHub App on your GitHub Enterprise instance and install WarpBuild runners against your enterprise organizations." createdAt: "2026-06-02" updatedAt: "2026-06-02" --- import { Step, Steps } from 'fumadocs-ui/components/steps'; import { Callout } from 'fumadocs-ui/components/callout'; GitHub Enterprise (GHES and GHEC) support is available only on the **Enterprise** plan. [Schedule a call](https://cal.com/suryao/start) to get set up. WarpBuild supports GitHub Enterprise (GHE) in addition to `github.com`. For GHE you register your own GitHub App on your enterprise and connect it to WarpBuild. This flow is **required** if you are on: 1. GitHub Enterprise Cloud with data residency (e.g. `acme.ghe.com`). 2. GitHub Enterprise Server (self-hosted, e.g. `github.acme.com`). For GHE accounts on `github.com` this flow is **optional** in case you want to install your own GitHub App instead of our recommended [default flow](/docs/ci/quick-start). ## How apps are shared The App is registered at the **enterprise** level and shared across orgs in that enterprise: 1. The first org from your enterprise (say `acme`) goes through the flow below, creates the App, and installs it on org A. 2. Another org from `acme` later enters the same enterprise slug and host. WarpBuild detects the existing App and shows the notice below. No new App is created. That org just runs the install step against org B. ![Existing app notice in the Setup for GHE dialog](/static/img/setup-ghe/dialog-existing.png) You only do the App-creation steps once per enterprise. ## Prerequisites 1. Enterprise owner access to your GHE instance. Required to register an enterprise-level App. 2. Your enterprise slug (the path segment in `https:///enterprises/`). 3. Your enterprise host (e.g. `acme.ghe.com` or `github.acme.com`). 4. A WarpBuild account. ## Setup ### Open the GHE setup flow In the WarpBuild dashboard, open **Settings → Account**. Under **Products → Runners**, click the chevron next to **Setup Runners** and choose **Setup for GHE**. ![Setup Runners dropdown showing the Setup for GHE option](/static/img/setup-ghe/dropdown-open.png) ### Enter your enterprise details Fill in **Enterprise slug** and **Host**. The host auto-fills as `.ghe.com`. Edit it for GHES (e.g. `github.acme.com`). ![Setup for GHE dialog with empty fields](/static/img/setup-ghe/dialog-empty.png) If no App exists yet for this host, the form expands with the credential fields. If one does, the dialog shows the existing-app notice and you can skip to step 5. Do not change the permissions or events on the App. Doing so can lead to unexpected failures on job runs. ### Create the GitHub App on your enterprise Click the **here** link. GitHub opens your enterprise's App creation page with the manifest applied (name, webhook URL, callback URL, permissions). Confirm to create the App. GitHub then shows the new App's settings page. Keep it open. The next step pulls values from it. ### Copy credentials back into WarpBuild Fill these fields in the WarpBuild form: ![Setup for GHE dialog with credential fields expanded](/static/img/setup-ghe/dialog-expanded.png) | Field | Where to find it on GitHub | | ------------------ | ------------------------------------------------------------------------------- | | App ID | Top of the App settings page | | Slug | URL slug of the App page (e.g. `warpbuild-acme`) | | Client ID | App settings page | | Client secret | Generate one on the App page, paste it here | | Webhook secret | Set one on the App page, paste the same value here | | Private key (.pem) | Generate a key on the App page. GitHub downloads a `.pem` file. Upload it here. | ### Install the App on your org Click **Setup runners**. WarpBuild saves the App and redirects you to the GHE install flow. Pick the org, choose repositories, confirm. You'll land back in WarpBuild with the integration marked **Connected**. ## Using runners Once connected, point your workflow's `runs-on` at a WarpBuild Runner ID. See [Cloud Runners](/docs/ci/cloud-runners) for the available labels. ![Connected Runners row with Edit GHE app and Configure Runners buttons](/static/img/setup-ghe/products-connected.png) The **Configure Runners** button deep-links to the App's installation settings on your enterprise host for adjusting repository access or uninstalling. ## Rotating credentials To rotate the client secret, webhook secret, or private key without reinstalling the App: On the Products page, click **Edit GHE app** next to the Runners integration. ![Edit GHE app button](/static/img/setup-ghe/edit-app-button.png) Generate fresh credentials on the GitHub App settings page (use the **Edit GitHub App here** link in the dialog to jump straight to it). Paste them into the **Edit GHE app** dialog. Fields left blank keep their existing value. ![Edit GHE app dialog](/static/img/setup-ghe/edit-app-dialog.png) Click **Update app**. ## Troubleshooting 1. **"Failed to generate setup link. Check the host and enterprise slug."** The slug or host is wrong, or WarpBuild can't reach your GHE host. Verify both from your enterprise URL. 2. **App created but install fails.** Confirm the App is enterprise-level (not org-level) and that you have admin rights on the target org. 3. **Webhook deliveries not arriving.** The webhook secret on WarpBuild must match the one on the App. Re-enter it via **Edit GHE app**. For anything else, email [support@warpbuild.com](mailto:support@warpbuild.com). --- # MCP Support URL: https://www.warpbuild.com/docs/ci/mcp Description: Model Context Protocol (MCP) integration with WarpBuild CI --- title: "MCP Support" excerpt: "MCP support for WarpBuild CI" description: "Model Context Protocol (MCP) integration with WarpBuild CI" icon: Bot createdAt: "2026-01-20" updatedAt: "2026-01-20" --- ## Overview MCP can be used to interact with the WarpBuild API to create runners, images, etc. Follow this guide to connect your MCP Host (Cursor, Antigravity, etc.) to WarpBuild MCP. ## Step 1: Generate API Key 1. Navigate to the [WarpBuild Dashboard](https://app.warpbuild.com/settings/api-keys) for creating the API Key. 2. Set a name for your API Key and check CI. 3. Click Generate API Key. This should open a generated key like below. Copy the API key. ![API Key Dialog](./img/mcp/api-key.png) ## Step 2: Configure MCP Server Use the following MCP server URL and plug in your API key: **MCP Server URL:** `https://mcp.warpbuild.com/mcp` Configure your MCP client with: ```json { "mcpServers": { "warpbuild": { "url": "https://mcp.warpbuild.com/mcp", "headers": { "Authorization": "Bearer " } } } } ``` ## Example - Using in Cursor 1. Navigate to Cursor. 2. Open the command palette using `CMD + Shift + P` (or `Ctrl+Shift+P` if you are on windows/linux). Search for 'mcp settings'. Select 'View: Open MCP Settings' ![Command Palette](./img/mcp/cmd-palette.png) 3. Click on the 'New MCP Server' at the bottom of the page for the MCP settings. 4. This opens a JSON file for the MCP Configuration. Add the following content to this page. If you have some mcp configuration in this JSON, add only the `warpbuild` section from the below JSON. ```json { "mcpServers": { "warpbuild": { "url": "https://mcp.warpbuild.com/mcp", "headers": { "Authorization": "Bearer " } } } } ``` 5. Verify that MCP is working. An interaction example is in the below screenshot. ![MCP Interaction Example](./img/mcp/mcp-example-full-editor.png) --- # Preinstalled Software URL: https://www.warpbuild.com/docs/ci/preinstalled-software Description: WarpBuild runners are 100% compatible with GitHub-hosted runners and have the same tooling installed. --- title: "Preinstalled Software" excerpt: "WarpBuild runners are 100% compatible with GitHub-hosted runners and have the same tooling installed." description: "WarpBuild runners are 100% compatible with GitHub-hosted runners and have the same tooling installed." createdAt: "2024-01-19" updatedAt: "2026-06-08" --- ## Ubuntu 22.04 with x86-64 The tooling installed on the Ubuntu 22.04 runner is the same as the GitHub-hosted runner. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md). ## Ubuntu 24.04 with x86-64 The tooling installed on the Ubuntu 24.04 runner is the same as the GitHub-hosted runner. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2404-Readme.md). ## Ubuntu 22.04 with ARM64 WarpBuild provisioned ARM64 runners are based on the upstream `ubuntu:22.04` image. GitHub introduced ARM64 runners in mid-2024. There are two significant differences between GitHub's ARM64 runners and WarpBuild's ARM64 runners: 1. The default user is `root` instead of `runner`. 1. The tooling installed is minimal. You will need to install the required tooling using the `apt` package manager before using it in your workflows. ## Ubuntu 24.04 with ARM64 WarpBuild provisioned ARM64 runners are fully compatible with GitHub's ARM64 runners. You can find the list of preinstalled software [here](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md). ## MacOS 14 with ARM64 The tooling installed on the MacOS runner is the same as the GitHub-hosted M1 runner. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md). ## MacOS 15 with ARM64 The tooling installed on the MacOS runner is the same as the GitHub-hosted M1 runner. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/macos/macos-15-arm64-Readme.md). ## MacOS 26 with ARM64 The tooling installed on the MacOS runner is the same as the GitHub-hosted M1 runner. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/macos/macos-26-arm64-Readme.md). ## Windows Server 2022 x86-64 The tooling installed on the Windows Server 2022 runners is the same as the GitHub-hosted equivalents. You can find the list of preinstalled software [here](https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md). ## Additional Software In addition to the standard GitHub-hosted runner tooling, WarpBuild runners include: - **Tailscale** -- Pre-installed on all runner images (Linux, macOS, Windows). The Tailscale daemon is not started by default; it is activated on demand when [Networking](/docs/ci/features/networking) is configured for the runner. ## Customizations While the tooling installed on the runners is the same as the GitHub-hosted runners, we have made some customizations to the runner configurations to improve the performance and reliability of the runners. Notably, these customizations include caching of container images for faster access. --- # Public GitHub Repos URL: https://www.warpbuild.com/docs/ci/public-repos Description: Public GitHub Repos Configuration for WarpBuild --- title: "Public GitHub Repos" excerpt: "Public GitHub Repos Configuration for WarpBuild" description: "Public GitHub Repos Configuration for WarpBuild" createdAt: "2023-12-11" updatedAt: "2023-12-11" --- WarpBuild works by registering itself as a self-hosted runner in the `Default` runner group (id `1`) for your GitHub Organization. However, GitHub disables the ability to use self-hosted runners, including managed ones such as WarpBuild, in public repositories by default. ## Enable WarpBuild runners in public repositories Here are the steps to enable access to WarpBuild runners in public repositories in your organization: 1. Go to your GitHub Organization default runner settings page here: https://github.com/organizations/[YOUR_ORG]/settings/actions/runner-groups/1 1. Check the box for `Allow public repositories` ### GitHub Enterprise GitHub Enterprise supports creation of multiple runner groups. The WarpBuild runners are added to the `Default` runner group (id `1`). ![Enable WarpBuild on public repos](/static/img/public-repos/default-runner-group.png) ## Security WarpBuild runners run the same tools and versions as GitHub-hosted runners. WarpBuild runners provide the same safety as GitHub hosted runners. The [GitHub docs](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security) recommend disabling self-hosted runners on public repositories. PRs from public contributors could include malicious content which could compromise the integrity of the infrastructure (ex: aws/gcp/azure accounts) when the right security policies are not set. This can happen easily when using self-hosted runners on k8s using `actions-runner-controller` ([ARC](https://github.com/actions/actions-runner-controller)) for instance, which runs workflows in containers that cannot provide secure isolation guarantees. WarpBuild runners are secure by design. Workflows using WarpBuild runners are run inside isolated VMs with strong isolation guarantees. This makes it completely safe to use WarpBuild runners for public repos. --- # Quick Start URL: https://www.warpbuild.com/docs/ci/quick-start Description: Get started with your first WarpBuild workflow --- title: "Quick Start" excerpt: "Quickstart - WarpBuild" description: "Get started with your first WarpBuild workflow" icon: Album createdAt: "2023-11-07" updatedAt: "2025-05-02" --- WarpBuild provides blazing fast GitHub runners for your workflows. Here's how you can get started with WarpBuild in 60 seconds. ### Sign up for a WarpBuild account Signup for the WarpBuild account at https://app.warpbuild.com/. ![WarpBuild Account Creation](/static/img/quickstart/warpbuild-signup.png) ### Install WarpBuild Bot > **Note:** The WarpBuild GitHub bot cannot be installed directly from the GitHub marketplace. You must sign up for a WarpBuild account first and then install the bot through the WarpBuild dashboard. After signup, you will be redirected to the GitHub bot installation. Give WarpBuild access to repositories in which you want to use our runners. ![WarpBuild Bot Installation](/static/img/quickstart/github-bot.png) ### Modify the workflow to use WarpBuild runners To use WarpBuild runners in your workflows, change the `runs-on` property in the GitHub workflow file to a `Runner ID`. You can get the `Runner ID` from Warp UI. Alternately, just select the repositories in which you want to use Warp runners and click on the `Select workflows to Warp` button. ![Workflow File Syntax](/static/img/quickstart/github-workflow.png) Multiple runner configurations are available for different use cases. You can find more details about the runner configurations [here](/docs/ci/cloud-runners). ![WarpBuild Runner Page](/static/img/quickstart/warpbuild-runners.png) > To setup and use WarpBuild managed runners in your own cloud infrastructure, refer to the [BYOC Setup Guide](/docs/ci/byoc/). ### Go Warp ⚡️ Elevate your engineering efficiency to the next level - start using faster GitHub actions runners for your workflows and gain insights into your CI/CD. If you have any questions, reach out to us at [support@warpbuild.com](mailto:support@warpbuild.com). --- # Security URL: https://www.warpbuild.com/docs/ci/security Description: Ensuring secure runners - WarpBuild --- title: "Security" excerpt: "Ensuring secure runners - WarpBuild" description: "Ensuring secure runners - WarpBuild" icon: Lock createdAt: "2023-11-07" updatedAt: "2023-11-07" --- We take security very seriously at WarpBuild. Here are some of the measures we take to ensure that your builds, runners, and build environments are secure. ## Compliance ### SOC2 Type 2 WarpBuild is SOC2 Type 2 certified with 3 Trust Services Criteria: Security, Availability, and Confidentiality. The controls required for SOC2 compliance are implemented. We are happy to share our security documentation and work with you to ensure that we meet your compliance needs. Please request the documentation in our [trust center](https://compliance.warpbuild.com) or email us at support@warpbuild.com to discuss your requirements. ## Security ### Compute isolation Each runner runs in its own virtual machine. The VMs are created on demand and destroyed after each build. This ensures that your builds are isolated from other builds and that no data is left behind. The VMs are ephemeral, not reused, and isolated for maximum performance and security. ### Storage protection Each runner has its own encrypted storage volume that is created on demand and destroyed after each build. When caching is enabled to speed up your builds, the cache is encrypted and stored securely in a location that is only accessible to your runner. ### Secrets WarpBuild does not access or store any build secrets. Secrets are stored in your source code repository and are only accessible to your runner environment. --- # What is WarpBuild? URL: https://www.warpbuild.com/docs/ci/what-is-warpbuild Description: WarpBuild - Fast, secure runners for GitHub Actions --- title: "What is WarpBuild?" excerpt: "Introducing WarpBuild" description: "WarpBuild - Fast, secure runners for GitHub Actions" icon: Flame createdAt: "2023-11-07" updatedAt: "2023-12-04" --- WarpBuild provides blazing fast, secure runners for GitHub Actions. WarpBuild uses machines with super fast single core performance and attached NVMe disks for enabling fast builds. This is coupled with ephemeral VMs for security and isolation. The runners are designed to be fully compatible with GitHub Actions, and can be used as a drop-in replacement for GitHub-hosted runners. The same packages are pre-installed on the runners for a seamless experience. Your existing github actions will run without any changes. Provisioning fast runners is the first step on our mission to make build engineering better, through a rich ecosystem of tools, runners, and dashboards for visibility. ## Get started ### Supported runners 1. Ubuntu x86-64 runners - 2x, 4x, 8x, 16x, 32x variants 1. Ubuntu ARM64 runners - 2x, 4x, 8x, 16x, 32x variants 1. MacOS ARM64 runners - powered by M4 Pro processors with 6vCPU and 14GB RAM 1. Windows x86-64 runners - 4x, 8x, 16x, 32x variants ## Features 1. 30% faster than GitHub Actions, 10x cheaper 1. WarpBuild BYOC - Spin up runners in your own VPC, on your own AWS, GCP account. 1. Customize runners with your own machine images and VM types 1. Unlimited concurrency for eliminating job queueing delays 1. Unlimited, blazing fast caching 1. Secure VM-level isolation for your workloads 1. Easy debugging - SSH into running GitHub actions workflows ## Use cases 1. Plain ol' GitHub actions, but faster, cheaper, and awesomer 1. Easy debugging: SSH into a running workflow using Action-Debugger 1. Get unlimited cache size without having to self-host runners because of 10GB cache limitations from GitHub 1. Running android emulators in CI 1. Spinning up kubernetes clusters in CI 1. Run as a VM, not as a container, for workloads that don't work in `dind` or `kind` environments ## Tools 1. Action-debugger: SSH into running GitHub actions workflows for easy debugging ## Compliance WarpBuild is SOC2 Type 2 compliant. Please request the documentation in our [trust center](https://compliance.warpbuild.com) or email us at support@warpbuild.com to discuss your requirements. --- # SSO URL: https://www.warpbuild.com/docs/sso Description: SAML integration support for enterprise users --- title: "SSO" excerpt: "SAML integration support" description: "SAML integration support for enterprise users" icon: ShieldUser createdAt: "2025-06-25" updatedAt: "2025-06-25" --- SAML based logins are supported for our enterprise users. WarpBuild integrates with all major identity providers. Please reach out to [support](mailto:support@warpbuild.com) if you are interested in using SAML for your logins. ## Directory Sync For SSO enabled organizations, directory sync (SCIM) support can be enabled to manage the users from the Identity Provider itself. When directory sync is configured, the invite flows will be disabled for the organization. Users are added via your identity provider (IdP) only. ### Directory Sync Configuration Mapping To import the users from the identity provider, we need the WarpBuild roles for the incoming users. Add the users to one or more SSO Group(s) in your identity provider and then add a configuration in the WarpBuild dashboard pointing the SSO Group to the WarpBuild Role. Refer to the screenshot below for an example. This can be done via the 'Directory Sync Configuration' section in Settings > Account. **Note**: Modifications on the configuration can only be performed via an admin of the organization. ![Directory Sync Configuration](./img/directory-sync-configuration.png) Please reach out to [support](mailto:support@warpbuild.com) if you are interested in using SCIM for user management. --- # Automation URL: https://www.warpbuild.com/docs/ci/api-keys/automation Description: Automate runner and runner images creation --- title: "Automation" excerpt: "Automation" description: "Automate runner and runner images creation" hidden: false sidebar_position: 3 slug: "/api-keys/automation" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- # AWS BYOC API Documentation This page contains API call documentation to automate runner images and runner operations. This can be used to automate custom image builds, run a test suite on the new images, etc. ## Notes - It is recommended to remove unused custom runners. There can be an increase in the job pick up times, if a lot of runners are present. ## Setup #### Create a new API key Go to the [API keys page](https://app.warpbuild.com/settings/api-keys) and create a new API key. Grant the `ci`, and `cache` scopes to the API key. ## Usage ### Stacks #### Get all stacks ```bash curl -X GET 'https://api.warpbuild.com/api/v1/stacks?kind=ec2' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' ``` ### Runner Images #### Get all runner images The `alias` parameter is optional. It is recommended to use the other search parameters (type, page, per_page) to filter the results. ```bash curl -X GET 'https://api.warpbuild.com/api/v1/runner-images?alias=&type=byoc_ami&page=1&per_page=10' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' ``` #### Create a new BYOC runner image You can fetch the `stack_id` from the `GET /api/v1/stacks` endpoint. ```bash curl -X POST 'https://api.warpbuild.com/api/v1/runner-images' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' -d @create-runner-image.json ``` ```json { "alias": "test1", "os": "linux", "arch": "x64", "stack_id": "wxxxxxx", "type": "byoc_ami", "warpbuild_image": { "image_uri": "ami-xxxxxx", "cloud_init_template": "" }, "settings": { "purge_image_versions_offset": 1 }, "byoc_ami": { "ami_id": "ami-xxxxxx", "root_device_name": "/dev/sda1" } } ``` #### Update a BYOC runner image You can fetch the `id` from - the `GET /api/v1/runner-images` endpoint with the `alias` parameter. - As a response to the `POST /api/v1/runner-images` endpoint when creating a new runner image. ```bash curl -X PUT 'https://api.warpbuild.com/api/v1/runner-images/wxxxxxx' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' \ -d @update-runner-image.json ``` ```json { "byoc_ami": { "ami_id": "ami-new-xxxxxx", "root_device_name": "/dev/sda1" }, "id": "wxxxxxx", "settings": { "purge_image_versions_offset": 1 } } ``` ### Runners #### List runners Returns the list of all available runners in the organization. This API call is not paginated. **Params** - `only_custom_runners`: Boolean flag. Enable to list only custom runners. Accepted values - `true`, `false`. - `image`: Image ID as filter. You can use the image id that is generated by the runner images API above. Example: `wjwnpdjox8xeqsza`. **Call** ```bash curl -X GET 'https://api.warpbuild.com/api/v1/runners?only_custom_runners=&image=' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' ``` Output is array of objects. The object structure follows the structure defined in create runner. #### Get a runner Returns a single runner based on its id. **Params** - `runner-id`: The id for the runner. **Call** ```bash curl -X GET 'https://api.warpbuild.com/api/v1/runners/' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' ``` Output structure is same as the create endpoint. #### Create a runner **Params** - `name`: Name of the runner must be lowercase alphabets with hyphen as additional characters. - `provider_id`: Stack id of the runner. - `configuration.image`: The image id from the runner images API - `configuration.byoc_sku.role_arn`: The instance role of the runner. - `configuration.byoc_sku.instance_types`: List of instance/machine types that are to be used when launching the runner. Make sure you provide a valid list here. For a list of valid image types it is recommended to use the UI. Additional params are captured below. ```json filename="create-runner.json" { "name": "warpdev-custom-example-2", "provider_id": "wrslzvbl322yttsc", "pool_size": 2, "configuration": { "capacity_type": "ondemand", "image": "wjwnpdjox8xeqsza", "sku": "", "storage": { "disk_type": "", "tier": "custom", "performance_tier": "", "size": 150, "throughput": 400, "iops": 6000 }, "byoc_sku": { "instance_types": ["c3.large", "c1.xlarge"], "is_public": true, "arch": "x64", "role_arn": "", "network_tier": "STANDARD" } } } ``` **Call** ```bash curl -X POST 'https://api.warpbuild.com/api/v1/runners' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' \ -H 'Content-Type: application/json' \ -d @create-runner.json ``` ```json title="Output" { "id": "", "created_at": "2025-09-25T08:38:01.495654Z", "updated_at": "2025-09-25T08:38:01.495654Z", "name": "warpdev-custom-example-2", "vcs_integration_id": "", "configuration": { "sku": "", "byoc_sku": { "role_arn": "", "arch": "x64", "is_public": true, "instance_types": [ "c3.large", "c1.xlarge" ], "network_tier": "" }, "storage": { "tier": "custom", "size": 150, "iops": 5000, "throughput": 400, "disk_type": "", "performance_tier": "" }, "image": "wjwnpdjox8xeqsza", "capacity_type": "ondemand" }, "stock_runner_id": null, "organization_id": "", "labels": [ "warpdev-custom-example-2" ], "active": true, "provider_id": "wrslzvbl322yttsc", "meta": { "supports_snapshot": false } } ``` #### Update a runner Update an existing runner. **Params** ```json { "pool_size": 2, "labels": [], "configuration": { "image": "wjwnpdjox8xeqsza", "capacity_type": "ondemand", "sku": "", "storage": { "disk_type": "", "tier": "custom", "performance_tier": "", "size": 150, "throughput": 400, "iops": 6000 }, "byoc_sku": { "instance_types": ["c3.large", "c1.xlarge"], "is_public": true, "arch": "x64", "network_tier": "" } } } ``` **Call** ```bash curl -X PATCH 'https://api.warpbuild.com/api/v1/runners/' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' \ -H 'Content-Type: application/json' \ -d @update-runner.json ``` Output structure is same as the create endpoint. #### Delete a runner Delete an existing runner. This action is irreversible. **Params** - `runner-id`: The id for the runner to delete. **Call** ```bash curl -X DELETE 'https://api.warpbuild.com/api/v1/runners/' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer wkey-xxxx' ``` Output structure is same as the create endpoint. --- # API Keys URL: https://www.warpbuild.com/docs/ci/api-keys Description: Manage your API keys in WarpBuild --- title: "API Keys" excerpt: "Manage your API keys in WarpBuild" description: "Manage your API keys in WarpBuild" createdAt: "2025-03-02" updatedAt: "2025-03-02" icon: Key --- API keys can be used to interact with the WarpBuild API programmatically. ### Creating an API Key Navigate to the [API Keys page](https://app.warpbuild.com/dashboard/settings/api-keys) and click the `Generate API Key` button. #### Scopes API Keys can be scoped to combinations of WarpBuild products. Currently, the following scopes are available: - CI - Cache - Helios ![Create an API key](./img/api-keys-create.png) The API key will be displayed only once, so make sure to save it in a secure location. ![API key created](./img/api-keys-generated.png) #### Editing an API Key You can edit the name and scope of an API key from the [API Keys page](https://app.warpbuild.com/dashboard/settings/api-keys). ![Edit an API key](./img/api-keys-edit.png) ### Using an API Key You can use the generated API key to connect to WarpBuild endpoints. Just include the API key in the `Authorization` header of your request. ```bash curl -X GET "https://api.warpbuild.com/api/v1/builder-profiles?page=1&per_page=20&name=test" \ -H "Authorization: Bearer " ``` --- # Custom VM Images URL: https://www.warpbuild.com/docs/ci/byoc/custom-vm-images Description: Add your own custom VM images from your cloud providers to WarpBuild --- title: "Custom VM Images" excerpt: "Add your own custom VM images from your cloud providers to WarpBuild" description: "Add your own custom VM images from your cloud providers to WarpBuild" hidden: false sidebar_position: 4 slug: "/byoc/custom-vm-images" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- WarpBuild allows you to use your own custom VM images in your custom runner configurations while running them on your own cloud. This is useful if you are using a custom VM image that you have built due to a specific need. > 💡 **Note:** The _"images"_ referred to in this section are VM images. This is distinct from the custom container images support. ## VM Image requirements ### AMIs 1. Linux and Windows based AMIs are currently supported. #### Linux 1. The Linux distro the image is based on should be using [`systemd`](https://en.wikipedia.org/wiki/Systemd). WarpBuild relies on it to run its [agent](https://github.com/WarpBuilds/warpbuild-agent/). For example, Ubuntu and Amazon Linux 2023 based AMIs are supported. 2. The following packages must be present in the image: - `curl` - `wget` - `bash` - `jq` - `libicu` — required by the GitHub Actions runner (.NET runtime dependency) 3. The following are provided by default on all supported distros and should not be removed: - `tar` - `gzip` - `coreutils` (provides `id`, `chpasswd`, `chown`, `tr`, `sed`) - `shadow-utils` (provides `useradd`, `usermod`) - `systemd` Here's an example packer file for a Linux AMI that is supported: ```yaml variable "aws_region" { type = string default = "us-east-1" } locals { version = "1.0.0" } source "amazon-ebs" "my-custom-ci" { region = var.aws_region instance_type = "t3.micro" ami_name = "my-custom-ci-v${local.version}" tags = { Name = "my-custom-ci-v${local.version}" team = "platform" repo = "platform" build_date = "{{timestamp}}" version = local.version provider = "packer" pii = "none" product = "github-actions" } source_ami_filter { filters = { name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.*-amd64-server-*" root-device-type = "ebs" virtualization-type = "hvm" } owners = ["099720109477"] # Amazon Canonical most_recent = true } ssh_username = "ubuntu" launch_block_device_mappings { device_name = "/dev/sda1" volume_type = "gp3" volume_size = 8 delete_on_termination = true } } build { sources = ["source.amazon-ebs.my-custom-ci"] provisioner "shell" { inline = [ # Create runner user and group "sudo groupadd runner || echo 'Group runner already exists'", "sudo useradd -m -g runner -s /bin/bash runner || echo 'User runner already exists'", # Configure passwordless sudo for runner user "echo 'runner ALL=(ALL) NOPASSWD:ALL' | sudo tee /etc/sudoers.d/runner", "sudo chmod 440 /etc/sudoers.d/runner", # Update system packages "sudo apt-get update", "sudo apt-get upgrade -y", # Install essential tools "sudo apt-get install -y curl wget unzip git jq", # Verify installations "curl --version", "wget --version", "git --version", "jq --version", # Setup GitHub Actions tool cache directories with proper permissions "sudo mkdir -p /opt/hostedtoolcache", "sudo mkdir -p /opt/hostedtoolcache/Python", "sudo mkdir -p /opt/hostedtoolcache/Node", "sudo mkdir -p /opt/hostedtoolcache/go", "sudo chown -R runner:runner /opt/hostedtoolcache", "sudo chmod -R 755 /opt/hostedtoolcache", # Setup additional GitHub Actions directories with runner permissions "sudo mkdir -p /home/runner/_work", "sudo mkdir -p /home/runner/_tool", "sudo mkdir -p /home/runner/_temp", "sudo chown -R runner:runner /home/runner/_work /home/runner/_tool /home/runner/_temp", "sudo chmod -R 755 /home/runner/_work /home/runner/_tool /home/runner/_temp", # Create a startup script to verify tools on instance launch "echo '#!/bin/bash\necho \"=== Checking installed tools at startup ===\"\nwhich git\ngit --version\nwhich curl\ncurl --version\nwhich wget\nwget --version\nwhich unzip\nunzip -h | head -n 1\nwhich jq\njq --version' | sudo tee /var/lib/cloud/scripts/per-boot/verify-tools.sh", "sudo chmod +x /var/lib/cloud/scripts/per-boot/verify-tools.sh", ] } } ## Thanks to Joe Hutchinson for the sample packer file. ``` Here's a sample workflow to build the AMI: ```yaml name: Build My Custom CI AMI ## Thanks to Joe Hutchinson for the sample workflow. on: workflow_dispatch: push: branches: - main paths: - "packer/github-actions-ami/**" permissions: contents: read jobs: build-ami: runs-on: warp-ubuntu-2404-x64-4x steps: - name: Checkout repository uses: actions/checkout@v4 - name: Check execution user run: | echo "Workflow is running as user: $(whoami)" echo "User groups: $(groups)" echo "Home directory: $HOME" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::ACCOUNT_ID:role/YOUR_ROLE_NAME role-session-name: GitHubAction-BuildCIAMI aws-region: us-east-1 - name: Set up Packer uses: hashicorp/setup-packer@v3 with: version: 1 - name: Install Packer plugins run: packer plugins install github.com/hashicorp/amazon - name: Validate Packer template run: packer validate packer/github-actions-ami/my-custom-ci.pkr.hcl - name: Build AMI with Packer run: packer build packer/github-actions-ami/my-custom-ci.pkr.hcl env: AWS_REGION: us-east-1 ``` #### Windows 1. `aria2` is used for downloading the necessary artifacts since the default windows method is slow. The image needs to have `aria2` present and it should be accessible through the system `PATH`. Below is sample script which can be used to install aria2. ```powershell New-Item -ItemType Directory -Path 'C:\Tools\aria2' -Force # Use: https://github.com/aria2/aria2/releases/latest to fetch the latest release and replace it Invoke-WebRequest -Uri 'https://github.com/aria2/aria2/releases/download/release-1.37.0/aria2-1.37.0-win-64bit-build1.zip' -OutFile 'C:\Tools\aria2\aria2.zip' Expand-Archive -Path 'C:\Tools\aria2\aria2.zip' -DestinationPath 'C:\Tools\aria2' -Force Remove-Item 'C:\Tools\aria2\aria2.zip' -Force Move-Item -Path 'C:\Tools\aria2\aria2-1.37.0-win-64bit-build1\*' -Destination 'C:\Tools\aria2' -Force Remove-Item -Path 'C:\Tools\aria2\aria2-1.37.0-win-64bit-build1' -Recurse -Force [Environment]::SetEnvironmentVariable('Path', $Env:Path + ';C:\Tools\aria2', 'Machine') ``` 2. If working with AWS instances, the EC2 instance must be [sysprepped](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-create-win-sysprep.html#sysprep-gui-procedure-ec2launchv2) before making a windows image out of it. Please look at the 'Additional Notes' > 'Windows' > 'Sysprep' section for details on sysprepping. ## Additional Notes ### Windows on AWS The runners are run under the runneradmin user, the same user as github's windows runners. If this user is not present, it will be added. If you have user scoped environment variables, you might need to change them to system level or add them to the runneradmin user's environment instead. #### Sysprep (GUI) For generalizing using the GUI, 1. RDP into the instance and open 'Amazon EC2Launch settings'. Press 'Shutdown with sysprep' > Press 'Yes' on the dialog box. 2. The above step will disconnect you in some time. This is expected. Go to the instance in the ec2 dashboard and wait for the instance to reach 'Stopped' state (might take a min). 3. Rest of the steps are mostly same. Use the console to create the image. Fill in the details. Unselect the 'reboot' option since we already have the machine in a shutdown state. Wait for the AMI to be ready. The image should be a generalized one now. #### Sysprep (Automation) Refer to the following [packer docs](https://developer.hashicorp.com/packer/integrations/hashicorp/amazon/latest/components/builder/ebs#windows-2022-sysprep-commands-for-amazon-windows-amis-only) for sysprep automation. These commands can be invoked without the use of packer as well from a powershell instance. ### Common issues 1. Unable to RDP into the instance We don't expose RDP port (3389) by default when you create a stack. You must add a security policy enabling the inbound TCP connections to 3389 from a.b.c.d/e (replace this with your CIDR block) 2. Password incorrect when trying to login via Administrator Administrator account for windows has a rotating password for each ec2 instance. AWS automatically creates and assigns this password. It is recommended that you create your own user and give it admin permissions. You can use the below commands to create the user and assign it admin. ```bash Write-Host 'Creating custom user' $MACHINE_USER = "customuser" $MACHINE_PASSWORD = "CustomU$er!2025" $Password = ConvertTo-SecureString $MACHINE_PASSWORD -AsPlainText -Force New-LocalUser -Name $MACHINE_USER -Password $Password -FullName "Custom User" -Description "Custom User for CI/CD" Add-LocalGroupMember -Group "Administrators" -Member $MACHINE_USER Add-LocalGroupMember -Group "Users" -Member $MACHINE_USER # Set customuser user to not require password change at next logon Set-LocalUser -Name $MACHINE_USER -PasswordNeverExpires $true ``` ### Running scripts before or after a job GitHub self-hosted runners support [`ACTIONS_RUNNER_HOOK_JOB_STARTED` and `ACTIONS_RUNNER_HOOK_JOB_COMPLETED`](https://docs.github.com/en/actions/how-tos/manage-runners/self-hosted-runners/run-scripts) for running scripts before and after each job. WarpBuild already uses both of these internally to orchestrate runners for your jobs, so use the `WARPBUILD_`-prefixed alternatives instead: - `WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_STARTED`: runs before each job - `WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_COMPLETED`: runs after each job Set them system-wide on the runner instance so the runner agent picks them up at start. - In **Linux** images, add to `/etc/environment`: ```bash WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_STARTED=/absolute/path/to/your-pre-hook-script.sh WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_COMPLETED=/absolute/path/to/your-post-hook-script.sh ``` - In **Windows** images, set them as machine-level environment variables. From PowerShell: ```powershell [Environment]::SetEnvironmentVariable( 'WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_STARTED', 'C:\absolute\path\to\your-pre-hook-script.ps1', 'Machine' ) [Environment]::SetEnvironmentVariable( 'WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_COMPLETED', 'C:\absolute\path\to\your-post-hook-script.ps1', 'Machine' ) ``` or from `cmd`: ```cmd setx WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_STARTED "C:\absolute\path\to\your-pre-hook-script.ps1" /M setx WARPBUILD_ACTIONS_RUNNER_HOOK_JOB_COMPLETED "C:\absolute\path\to\your-post-hook-script.ps1" /M ``` The behaviour of these scripts is the same as GitHub's native hooks: 1. The script must end in **`.sh`** or **`.ps1`**. - `.sh` is run with `bash --noprofile --norc -e -o pipefail` (falls back to `sh -e` if bash is unavailable) - `.ps1` is dot-sourced with `pwsh -command` (falls back to `powershell -command`) 2. The path must be **absolute**. 3. The pre-hook runs **after WarpBuild's pre-hook and before the job**. The post-hook runs **after the job completes**, regardless of whether the job succeeded or failed. 4. If a script is missing, has an unsupported extension, or exits non-zero, the job is marked as failed (and for the pre-hook, the job never starts). 5. If you face permission issues, try making the script executable. E.g., `chmod +x /absolute/path/to/your-script.sh`. ## Add the image 1. Setup a [WarpBuild Stack](/docs/ci/byoc#2-setup-a-warpbuild-stack) 2. Add a VM image using the `Add Image` button on the [custom images](https://app.warpbuild.com/dashboard/custom-images) page. All the images in the region the stack is in will be listed. Select the image you want to use. ![Add VM Image](./img/custom-images/add.png) ![Add VM Image](./img/custom-images/add-1.png) 3. Create a [custom runner](https://docs.warpbuild.com/cloud-runners/custom-runners) using the image. 4. Use the custom runner label in your workflows to run the jobs on this container image. ## Pricing There is no additional cost for using custom VM images. --- # BYOC URL: https://www.warpbuild.com/docs/ci/byoc Description: Run Github Actions runners in your own cloud infrastructure. --- title: "BYOC" excerpt: "Run Github Actions runners in your own cloud infrastructure." description: "Run Github Actions runners in your own cloud infrastructure." icon: Cloud createdAt: "2024-07-23" updatedAt: "2024-07-23" --- ## Overview There are three steps to run Github actions workflows in your own cloud infrastructure using WarpBuild: 1. **Connect your cloud account**: Sets up the IAM role with the required permissions. 2. **Setup a WarpBuild Stack**: Configure a region, VPC, and network settings as context for the runners. 3. **Create a custom runner**: Configure the instance types, disk, and IP configuration for the runners. AWS · GCP · Azure] -->|IAM role / service account| B[WarpBuild Stack
region · VPC · object storage] B --> C[Custom Runner
instance types · disks · IPs] C --> D[(GitHub Actions
workflows)] `} /> Cloud provider specific setup guides for each of the steps are: [Install the WarpBuild Github bot](/docs/ci/quick-start#install-warpbuild-bot) and provide access to the repositories you want to run workflows on, before proceeding with these steps. ## Features 1. All the features available on the Cloud version, and cheaper 1. One click setup 1. Use any region 1. Static IPs 1. [Standby disks](/docs/ci/byoc/standby-disks) 1. Custom VM base images, service roles (IAM, service accounts), and runner configurations Refer to the [pricing page](https://www.warpbuild.com/pricing) for pricing info. ## Setup ### Connect your cloud account A connection to your cloud account creates an IAM role or service account with the permissions required to setup and manage Github actions runners in your cloud account. This IAM role is used to import configurations and create a WarpBuild Stack in a region and VPC. Go to [BYOC](https://app.warpbuild.com/dashboard/byoc/) in WarpBuild dashboard and click on the `Connect Cloud Account` button. ![Overview](./img/setup/start.png) ### Setup a WarpBuild Stack A WarpBuild Stack is a group of infrastructure components in a specific region of your cloud account, required by WarpBuild to run your CI workflows. These components include VPC, subnets, and object storage buckets. Naming the stack with the product and region info may be helpful for keeping track of resources. Examples: `twitch-use1` and `alexa-use2`. ![Setup Stack](./img/setup/create-stack.png) The object storage bucket in the selected region is used as cache storage, container images layer cache, logs, and storing other workflow artifacts. The stack name, object storage location, and region cannot be changed after creation. #### Easy Create Flow: Create all resources in a new VPC The `easy create` flow creates the required resources and configures them according to best practices. Refer to the cloud provider specific guide for more details on resources created here: [aws](/docs/ci/byoc/aws/config), [gcp](/docs/ci/byoc/gcp/config). #### Import Flow: Create runners in an existing VPC Importing resources are supported only for AWS. In the `import` flow, all the resources must already exist and be supplied as inputs. Select your cloud account, region, VPC, and network configuration in which you want to create a Stack. The name of the stack is used for reference throughout the dashboard and cannot be changed after stack creation. Refer to the cloud provider specific setup guide for more details on the inputs and best practices [here](/docs/ci/byoc/aws/config). ### Create a custom runner You can now create [custom runners](https://app.warpbuild.com/dashboard/runners/custom-runners) that are used in the Github actions workflows. Click on the `Add Custom Runner` button and choose the Stack you just created from the stacks dropdown. ![Create Custom Runner](./img/setup/create-custom-runner.png) Reference the runner in your workflow using its **Runner ID**. This can be found in the `Runner ID` column on the custom runners page. It is the full name prefixed with `warp-custom-`. ```yaml title=".github/workflows/ci.yml" {5} name: CI on: [push] jobs: build: # Use the full Runner ID (the "warp-custom-" prefix is required) runs-on: warp-custom-ci-stack-runner steps: - uses: actions/checkout@v3 - run: npm run build ``` #### Fallback instances You can provide multiple instance types within the same runner configuration. This is useful when the capacity for a specific instance type is unavailable in a region, in which case the runner can fallback to a different instance type. For this reason, it is recommended to choose instances with roughly similar performance to ensure consistency (for example, `m7a.xlarge` and `m7i.xlarge` on aws). This is especially useful for spot instances. The instance type is chosen based on availability and price. For #### Static IPs Enabling static IPs creates the runners in private subnets behind a NAT gateway. This can incur data transfer costs in multiple ways: 1. Outbound data transfer from the runner instance to the internet at data egress rates ~$0.45/GB. 2. NAT gateway data processing fees at ~$0.45/GB for inbound and outbound data transfer. 3. Inter region data transfer costs between the private subnets and the NAT gateway. This can become very expensive and runners with static IPs should be used minimally. When static IPs are disabled, the runner instances are created in public subnets and are not behind a NAT gateway. This ensures that no data transfer costs are incurred for ingress and there is usually minimal egress for CI workloads. Refer to the best practices guide for more information on network setup. ## Updates and deletes WarpBuild may require changes to cloud connections or Stacks to support new features. These will show up as updates and need to be applied. **Deleting a Cloud Connection**: A confirmation will be shown along with the list of Stacks that depend on this cloud connection. The cloud connection cannot be deleted until the stacks depending on it are deleted. **Deleting a Stack**: A confirmation will be shown along with the list of custom runner configurations that depend on this stack. The stack cannot be deleted until the custom runner configurations depending on it are deleted. --- # Standby Disks URL: https://www.warpbuild.com/docs/ci/byoc/standby-disks Description: Create a pool of standby disks to boot up runners in less than 20 seconds --- title: "Standby Disks" excerpt: "Create a pool of standby disks to boot up runners in less than 20 seconds" description: "Create a pool of standby disks to boot up runners in less than 20 seconds" sidebar_position: 5 slug: "/byoc/standby-disks" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- WarpBuild allows you to create a pool of standby disks for each runner type on BYOC. This enables runners to be booted up in ~15seconds. ## What are standby disks? Standby disks are VMs of the same type as the runner, that are immediately shut down after boot up. This initializes the VM, sets up networking, and other configurations. This pre-initialization of the VM allows the runner to be booted up and the job to start in ~15 seconds. The instance type of a standby disk is the same as the runner type. If there are fallback instance types selected, the standby disk will be one of the multiple instance types. ## Configuration The number of standby disks is configurable per custom runner for BYOC runners. 💡 **Note:** Choose the number of standby disks based on the number of jobs you expect to run concurrently for that runner type. ![Standby Disks](./img/standby-disks/standby-disks.png) ## How it works When GitHub requests a runner, WarpBuild checks if a standby disk is available. If one is available, it is booted up and used for the job. If one is not available, a new VM is created for allocation to the job. The WarpBuild control plane ensures that the pool of standby disks is maintained, within reconciliation time limits (~1min). This maneuver puts the instance into a `shutdown` state but not terminate it. 💡 **Note:** Spot instances are not supported for standby disks. They may be terminated at any time and it cannot be guaranteed that a standby instance will be available. ### Cost implication The VM for initializing a standby disk is billable for ~90 seconds, after which it will be shut down. Once the VM is shut down, the network disk is still billable but the VM is not. Overall, the cost implication is minimal for using this feature. ## Pricing WarpBuild does not charge for standby disks. --- # April 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-april Description: List of updates in 2024-April --- title: "April 2024" slug: "2024-april" description: "List of updates in 2024-April" sidebar_position: -3 createdAt: "2024-04-12" updatedAt: "2024-04-12" --- ### April 15, 2024 - **Enhancement**: Introducing WarpCache - fast, unlimited cache that is 35% faster for cache retrieval and 75% faster for cache writes. It is a drop-in replacement for `actions/cache@v4`. Just replace that with `WarpBuilds/cache@v1` to get started. ### April 13, 2024 - **Enhancement**: WarpBuild now supports `spot` instances for runners. Spot instances are 25% cheaper than on-demand instances. The spot instances are available in all Linux based runners. Spot instances may be terminated at any time during the execution of the workflow. - **Enhancement**: Updated the Ubuntu x86-64 runners to be in sync with GitHub Actions runners release [20240407](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240407.1). The key changes are: - Docker Compose v1 are removed from images ### April 12, 2024 - **Enhancement**: Increased the `arm` runners to have 150GB of SSD storage (up from 64GB). The price remains the same. - **Enhancement**: The p50 for runner start time has been reduced to under 10s while keeping p99 consistent. --- # August 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-august Description: List of updates in 2024-August --- title: "August 2024" slug: "2024-August" description: "List of updates in 2024-August" sidebar_position: -7 createdAt: "2024-08-02" updatedAt: "2024-08-02" --- ### August 28, 2024 - `Enhancement`: One click setup for BYOC runners. ### August 25, 2024 - `Fix`: Fix for the docker layer caching restore failures - incorrect digest computation. ### August 24, 2024 - `Fix`: Bug fix where runners did not have the full disk size available to use. ### August 23, 2024 - `Enhancement`: Github actions runner boot times are now 35% faster, with most runners starting in under 36s. ### August 22, 2024 - `Enhancement`: Docker Layer Caching is now supported by WarpBuild Cache. Checkout how to enable it in your workflows here: [Docker Layer Caching](/docs/ci/features/caching). - `Change`: The runner image has been updated to [Ubuntu 24.04 (20240818)](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240818.1) and [Ubuntu 22.04 (20240818)](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240818.1). This includes the deprecation of the Docker Compose v1. Workflows using `docker-compose` will now have to use `docker compose` instead. Here's the full [migration guide](https://docs.docker.com/compose/migrate/). ### August 02, 2024 - `Change`: Bring Your Own Cloud (BYOC) pricing is simplified. Per stack pricing is updated to $500/mo including unlimited caching. More details on the [pricing page](https://www.warpbuild.com/pricing). --- # December 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-december Description: List of updates in 2024-December --- title: "December 2024" slug: "2024-December" description: "List of updates in 2024-December" sidebar_position: -11 createdAt: "2024-12-04" updatedAt: "2024-12-04" --- ### December 06, 2024 - `Enhancement`: MacOS [13](https://github.com/actions/runner-images/releases/tag/macos-13-arm64/20241202.469), [14](https://github.com/actions/runner-images/releases/tag/macos-14-arm64/20241202.580) and [15](https://github.com/actions/runner-images/releases/tag/macos-15-arm64/20241202.430) images have been updated. ### December 04, 2024 - `Enhancement`: The images for `ubuntu-2204` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu22/20241201.1) have been updated across all the cloud providers including aws, gcp and azure. --- # February 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-february Description: List of updates in 2024-February --- title: "February 2024" slug: "2024-february" description: "List of updates in 2024-February" sidebar_position: -1 createdAt: "2024-03-04" updatedAt: "2024-03-04" --- ### Added - Warp Insights is now available for all users. Insights provides a detailed view of your build and deployment activity, including build times, build success rates, and deployment success rates. The first report showing [CI Health](https://app.warpbuild.com/dashboard/insights/ci/all) is live. A lot of exciting features are coming soon, so stay tuned! ![CI Health Dashboard](./img/changelog/ci-health.png) - Added a portal to view previous billing statements and update the billing email. This can be accessed from the [billing page](https://app.warpbuild.com/dashboard/settings/billing). ![Manage Billing](./img/changelog/manage-billing.png) - Added a [new status page](https://warpbuild.instatus.com/) to provide real-time updates on the status of the Warp platform. ![Status Page](./img/changelog/status-page.png) - Infrastructure updates to improve the stability and performance of the platform. This also improves the utilization of the underlying compute. - We shipped support for `macos-14` runners, powered by Apple M2 Pro chips. - Improved disk and network performance for all runners. ### Changed - Improvements to the table layouts so it easier to navigate. - Updated GitHub actions runner version to `v2.313.0`. ### Fixed - Fixed an issue with the billing page where the billing and usage info is missing. - Mitigated some scenarios where builds in progress were getting terminated. - Enable retries for endpoints for seamless recovery. --- # July 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-july Description: List of updates in 2024-July --- title: "July 2024" slug: "2024-july" description: "List of updates in 2024-July" sidebar_position: -6 createdAt: "2024-07-09" updatedAt: "2024-07-28" --- ### July 28, 2024 - `Enhancement`: Bring Your Own Cloud (BYOC) is now generally available on AWS. WarpBuild now supports running GitHub Actions runners on your own AWS account. Read more here: [BYOC on AWS](/docs/ci/byoc/aws). - `Enhancement`: Static IPs are now available for GitHub Actions runners for BYOC. Read more here: [Static IPs](/docs/ci/byoc#static-ips). - `Enhancement`: You can now import container images for Github actions runners into WarpBuild. This is especially useful for folks using `actions-runner-controller` on Kubernetes and want to have a more efficient way of running workloads. - `Enhancement`: The `runner` binary is updated to v2.318.0. - `Enhancement`: The [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240721.1) has been updated. - `Enhancement`: The [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240721.1) has been updated. ### July 16, 2024 - `Enhancement`: The [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240714.1) has been updated. - `Enhancement`: The [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240714.1) has been updated. ### July 11, 2024 - `Enhancement`: MacOS [13](https://github.com/actions/runner-images/releases/tag/macos-13%2F20240707.2) and [14](https://github.com/actions/runner-images/releases/tag/macos-14%2F20240708.1) images have been updated. ### July 09, 2024 - `Enhancement`: The [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240708.1) has been updated. - `Enhancement`: The [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240707.1) has been updated. --- # June 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-june Description: List of updates in 2024-June --- title: "June 2024" slug: "2024-june" description: "List of updates in 2024-June" sidebar_position: -5 createdAt: "2024-06-03" updatedAt: "2024-06-30" --- ### June 20, 2024 - `Feature`: WarpBuild now supports custom runner configurations. They can be customized for cost and performance for both `arm64` and `x86_64` architectures. Read more in the [custom runner docs](../cloud-runners) ### June 20, 2024 - `Enhancement`: The [WarpCache](https://github.com/marketplace/actions/warpcache) action now supports cache restores from default branches and base branches (for pull requests). [More info](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#use-cache-across-feature-branches). ### June 18, 2024 - `Enhancement`: Security enhancements for cache isolation. - `Enhancement`: The [macOS 14 image](https://github.com/actions/runner-images/releases/tag/macos-14/20240612.5) has been updated. ### June 12, 2024 - `Feature`: [Ubuntu 24.04](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20240604.1) x64 runners are now available. You can start using them by using the relevant labels like `warp-ubuntu-2404-x64-`. You can see all the runner labels on the [Runners](/docs/ci/cloud-runners) page. > **Note**: `warp-ubuntu-latest-x64-` will continue to point to Ubuntu 22.04 until GitHub changes the default runner version for `ubuntu-latest`. ### June 11, 2024 - `Enhancement`: The [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240603.1) has been updated. - `Enhancement`: Spot runners have been made more reliable. Fallback instance types have been added in case of insufficient capacity from our infrastructure provider. ### June 07, 2024 - `Enhancement`: Added support for various `setup-*` actions to utilize WarpBuild cache as their caching service. See the [Caching](/docs/ci/features/caching#usage-with-setup--actions) page for more information. - `Enhancement`: MacOS [13](https://github.com/actions/runner-images/releases/tag/macos-13-arm64%2F20240603.1) and [14](https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20240603.1) images have been updated. ### June 05, 2024 - `Enhancement`: Runners page is updated with day wise usage statistics. The workflows section has been removed and the runners table from the billing page has been moved here and updated. ![Runners Page UI Update](./img/changelog/2024-june-runners-ui.png) - `Change`: The functionality to automatically raise PRs to switch workflows to use WarpBuild runners has been removed, until it can be made to work robustly for all scenarios including reusable workflows and runner groups. ### June 04, 2024 `Enhancements`: - x86-64 runners use new processors that are ~20% faster. They are AMD processors using the Genoa (Zen4) architecture. - Disk performance tiering: It is recommended that workloads that are sensitive to high disk performance use larger runner sizes. - 32x runners are now on 32 vCPU instances, up from 30 vCPUs earlier. The billing for these runners has been updated to reflect the 2 extra vCPUs. - Spot instances do not get interrupted in less than 1 minute of runtime. - Caching UI: A page has been added to view and manage cache entries from all jobs. The billing page will be added soon, when the billing actually starts. ![Caching UI](./img/changelog/2024-june-cache-ui.png) - Billing UI: This has been refreshed to make updating the billing email address more obvious. The page has been cleared of some unnecessary clutter. ![Billing UI Update](./img/changelog/2024-june-billing-ui.png) - Caching updates: Based on user feedback, cache TTL is set to 7 days. This change will go live along with the billing enablement for caching in the next 2 days. There will be a one-time purge of all previous caches when billing is enabled to ensure there are no surprises. `Fixes:` - There was a small fraction of runners that was facing intermittent network connectivity issues. That is now resolved. ### June 03, 2024 - `Fix`: Fixed a corner case where the user list is not synced correctly with organizations. ### June 01, 2024 - `Enhancement`: The `arm64` runners have been upgraded to use Graviton3 instances that are 25% faster. --- # March 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-march Description: List of updates in 2024-March --- title: "March 2024" slug: "2024-march" description: "List of updates in 2024-March" sidebar_position: -2 createdAt: "2024-03-05" updatedAt: "2024-03-05" --- ### March 5, 2024 - **Enhancement**: All runners now have 150GB of disk space. This is a 50% increase from the previous 100GB. - **Enhancement**: Updated the Ubuntu x86-64 runners to be in sync with GitHub Actions runners release [20240225.1.1](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240225.1). The key changes are: - [All OSes] Ruby versions \<= 2.7.x will be removed on February, 26 - [All OSes] Go 1.19.x will be removed and 1.21.x set as default on February, 26 - **Fix**: Introduced and fixed a bug where the local dockerhub mirror was erroring out in a few cases. ### March 9, 2024 - **Fix**: A race condition caused a small fraction of runners to terminate before the job was complete. This is not fixed. - **Change**: Billing for jobs is now done on a per-minute basis. ### March 16, 2024 - **Enhancement**: The product architecture has been updated to flatten and simplify the serving stack. This results in a huge improvement to the runner start time. ### March 19, 2024 - **Enhancement**: New runner types are available. - `warp-ubuntu-latest-x64-8x` - 8 vCPUs, 32GB RAM, 150GB disk space - `warp-ubuntu-latest-x64-32x` - 30 vCPUs, 120GB RAM, 150GB disk space - `warp-ubuntu-latest-arm64-8x` - 8 vCPUs, 32GB RAM, 150GB disk space - `warp-ubuntu-latest-arm64-32x` - 32 vCPUs, 128GB RAM, 150GB disk space - **Fix**: The p99 for runner start time has been reduced by 50%. --- # May 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-may Description: List of updates in 2024-May --- title: "May 2024" slug: "2024-may" description: "List of updates in 2024-May" sidebar_position: -4 createdAt: "2024-05-02" updatedAt: "2024-05-31" --- ### May 31, 2024 - `Enhancement`: Updated the fraud detection logic for organizations. ### May 20, 2024 - `Enhancement`: The ubuntu-2204 images for both arm64 and x86-64 architectures have been updated. ### May 07, 2024 - `Enhancement`: Enabled fraud detection logic for preventing malicious accounts. ### May 02, 2024 - `Enhancement`: Introduced runner group configurations. Now you can choose the runner group to which WarpBuild runners are attached [here](https://app.warpbuild.com/dashboard/runners/groups). --- # November 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-november Description: List of updates in 2024-November --- title: "November 2024" slug: "2024-November" description: "List of updates in 2024-November" sidebar_position: -10 createdAt: "2024-11-04" updatedAt: "2024-11-14" --- import BreakingChangeTag from "./BreakingChangeTag"; ### November 14, 2024 - `Feature`: Introducing standby disks for BYOC runners across cloud providers. Standby disks maintains a warm pool of boot disks for BYOC runners. This allows for ~10-15s runner startup times. Read more about standby disks [here](/docs/ci/byoc/standby-disks). > Note: AWS connection version `>=1.2` is required for standby disks to work on AWS BYOC. Please upgrade using WarpBuild UI - https://app.warpbuild.com/dashboard/byoc . - `Feature`: Adds Windows Server 2022 (x86-64) runners support. The technical details of the runners are [here](/docs/ci/cloud-runners#windows-x86-64). For the complete list of tools available on the runner, see [here](https://github.com/actions/runner-images/releases/tag/win22%2F20241021.1). ### November 8, 2024 -

Removal of Xcode 14 and 16 from macOS 14

Xcode 14 and 16 have been removed from GitHub macOS 14 runners on November 4th. Only Xcode 15 will be made available. More details on the [GitHub announcement here](https://github.com/actions/runner-images/issues/10703). WarpBuild macOS 14 runners have been updated to reflect this change. The newly launched [macOS 15 runners](#november-6-2024) can be used when Xcode 16 is a strict requirement. ### November 7, 2024 - `Feature`: Azure BYOC is now generally available. Read more here: [BYOC on Azure](/docs/ci/byoc/azure). ### November 6, 2024 - `Feature`: macOS 15 (arm64) is now available on WarpBuild with the label `warp-macos-15-arm64-6x`. More details [here](/docs/ci/cloud-runners#macos-m2-pro-on-arm64) > **Note**: The image is based on GitHub's [macOs 15 arm64 image](https://github.com/actions/runner-images/blob/main/images/macos/macos-15-arm64-Readme.md) which is currently in [beta](https://github.com/actions/runner-images/issues/10686). Frequent changes are to be expected. ### November 5, 2024 - `Enhancement`: BYOC runners across cloud providers will now block external incoming connections by default. ### November 4, 2024 - `Feature`: Custom VM images are now supported for Azure BYOC runners. --- # October 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-october Description: List of updates in 2024-October --- title: "October 2024" slug: "2024-October" description: "List of updates in 2024-October" sidebar_position: -9 createdAt: "2024-10-04" updatedAt: "2024-10-29" --- import BreakingChangeTag from './BreakingChangeTag'; ### ⚠️ Future Breaking Changes ⚠️ #### MacOS 14 Xcode versions Xcode 14 and 16 will be removed from macOS 14 on October 28, 2024. This change will go live on November 8, 2024 on WarpBuild. More details on the [GitHub announcement here](https://github.com/actions/runner-images/issues/10703). --- ### October 30, 2024

GitHub Actions Runner Labels Update

GitHub is rolling out updates to the runner labels. The labels are now updated on WarpBuild to reflect the new ones. The following table shows the changes. | Runner Label | Old Alias | New Alias | | ---------------------------- | -------------------------- | -------------------------- | | `warp-ubuntu-latest-x64-*` | `warp-ubuntu-2204-x64-*` | `warp-ubuntu-2404-x64-*` | | `warp-ubuntu-latest-arm64-*` | `warp-ubuntu-2204-arm64-*` | `warp-ubuntu-2404-arm64-*` | | `warp-macos-latest-arm64-6x` | `warp-macos-13-arm64-6x` | `warp-macos-14-arm64-6x` | These changes may break workflows for some users. Please pin the label version or migrate to using the new OS versions. The [GitHub announcement is here](https://github.blog/changelog/2024-09-25-actions-new-images-and-ubuntu-latest-changes/). ### October 29, 2024 - `Feature`: Custom VM images are now supported for GCP BYOC runners. ### October 21, 2024 - `Feature`: Ubuntu 24.04 arm64 runners are now supported natively as cloud runners as well as with AWS and GCP custom runners. These runners are compatible with GitHub's Ubuntu 24.04 arm64. Refer to [cloud runner labels](/docs/ci/cloud-runners#linux-arm64) for the full list of available labels. Refer to [this link](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md) for the details on the packaged tools. ### October 17, 2024 - `Enhancement`: The image for `macos-14` (https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20241007.259) has been updated. This fixes the issue with iOS 18 SDK and simulator not being available. ### October 15, 2024 - `Feature`: Docker Layer Caching is now available for GCP BYOC runners. - `Enhancement`: The images for `ubuntu-2204` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20241006.1) for `arm64` architecture have been updated. - `Enhancement`: [ubuntu-2404 for x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20241006.1) image has been updated. ### October 14, 2024 - `Enhancement`: BYOC features do not require a payment method to be added, by default. Credits can be used for BYOC runners. ### October 11, 2024 - `Pricing`: Cost for cache operations has been **reduced** from $0.001 to $0.0001 per operation. ### October 09, 2024 - `Feature`: GCP BYOC is now generally available. Read more here: [BYOC on GCP](/docs/ci/byoc/gcp). ### October 08, 2024 - `Enhancement`: The runner start times are now much faster, with a 90%ile of the start times being under 20 seconds. This is a a significant improvement over the previous 90%ile of 45 seconds. --- # September 2024 URL: https://www.warpbuild.com/docs/ci/changelog/2024-september Description: List of updates in 2024-September --- title: "September 2024" slug: "2024-September" description: "List of updates in 2024-September" sidebar_position: -8 createdAt: "2024-09-19" updatedAt: "2024-09-30" --- ### September 30, 2024 - `Enhancement`: MacOS [13](https://github.com/actions/runner-images/releases/tag/macos-13%2F20240923.120) and [14](https://github.com/actions/runner-images/releases/tag/macos-14%2F20240923.101) images have been updated. ### September 19, 2024 - `Enhancement`: Custom VM Images for BYOC runners. --- # April 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-april Description: List of updates in 2025-April --- title: "April 2025" slug: "2025-April" id: "2025-April" description: "List of updates in 2025-April" sidebar_position: -16 createdAt: "2025-04-01" updatedAt: "2025-04-02" --- ### April 17, 2025 - `Feature`: Windows Server 2022 Custom AMI are now supported on AWS. Read more about [custom images](/docs/ci/byoc/custom-vm-images#windows). ### April 14, 2025 - `Enhancement`: [Ubuntu 24.04](https://github.com/actions/runner-images/releases/tag/ubuntu24/20250406.1) was updated for WarpBuild Cloud. - `Enhancement`: [Ubuntu 22.04](https://github.com/actions/runner-images/releases/tag/ubuntu22/20250406.1) was updated for WarpBuild Cloud. ### April 10, 2025 - `Feature`: Spending Limits and alerts are available for all users. ### April 8, 2025 - `Enhancement`: [Ubuntu 22.04](https://github.com/actions/runner-images/releases/tag/ubuntu22/20250316.1) was updated for Azure, AWS and GCP. - `Enhancement`: [Ubuntu 24.04](https://github.com/actions/runner-images/releases/tag/ubuntu24/20250316.1) was updated for AWS, Azure and GCP. - `Enhancement`: [Windows Server 2022](https://github.com/actions/runner-images/releases/tag/win22/20250330.1) was updated for Azure. - `Enhancement`: Ubuntu 24.04 ARM was updated for Azure, AWS and GCP. ### April 7, 2025 - `Feature`: Windows Server 2022 x86-64 runners are now supported on AWS. Read more [here](/docs/ci/byoc/aws#windows-support) ### April 2, 2025 - `Fix`: An issue was identified where various `WarpBuilds/setup-*` actions were hanging post their completion causing significantly longer build times. This is now fixed. Please upgrade to the latest version of the action in your workflows if you have been affected. --- # August 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-august Description: List of updates in 2025-August --- title: "August 2025" slug: "2025-August" description: "List of updates in 2025-August" sidebar_position: -20 createdAt: "2025-08-06" updatedAt: "2025-08-06" --- ### August 08, 2025 - `Enhancement`: [macOS 14 image and packages](https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20250805.1714) have been updated. ### August 6, 2025 - `Enhancement`: [Windows 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20250727.1) has been updated. - `Enhancement`: [macOS 15 image and packages](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20250722.2025) have been updated. --- # December 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-december Description: List of updates in 2025-December --- title: "December 2025" slug: "2025-December" description: "List of updates in 2025-December" sidebar_position: -24 createdAt: "2025-12-07" updatedAt: "2025-12-22" --- ### December 22, 2025 - `Enhancement`: The remote docker builder cache/data now has a TTL of 10 Days. If the builder profile is not used for more than 10 days, the cache will be reset automatically. The profile itself can continue to be used. ### December 15, 2025 - `Enhancement`: [MacOS 15 image](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20251203.0057) has been updated. ### December 10, 2025 - `Feature`: macOS 26 (arm64) runners are now available on WarpBuild with 6x and 12x configurations. The new runners are available with the labels `warp-macos-26-arm64-6x` and `warp-macos-26-arm64-12x`. The latest aliases (`warp-macos-latest-arm64-6x` and `warp-macos-latest-arm64-12x`) continue to point to macOS 15 runners for stability. ### December 7, 2025 - `Pricing`: Snapshot pricing has been updated. Snapshot restore costs are now **$0.04 per restore**, and snapshot **storage costs are now $0.025/hour per snapshot**. --- # February 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-february Description: List of updates in 2025-February --- title: "February 2025" slug: "2025-February" id: "2025-February" description: "List of updates in 2025-February" sidebar_position: -14 createdAt: "2025-02-17" updatedAt: "2025-02-17" --- ### February 27, 2025 - `Enhancement`: The macOS VMs have been upgraded from M2 Pro to M4 Pro processors for all users. The runners are now 60% faster and 2x cheaper than GitHub-hosted runners. The memory has been increased from 14GB to 22GB. ### February 22, 2025 - `Enhancement`: The WarpBuild Cloud and Azure BYOC images have been updated for `windows-2022` [x86-64](https://github.com/actions/runner-images/releases/tag/win22/20250209.1). ### February 17, 2025 - `Enhancement`: Added a new option which allows you to assign and run Dependabot workflows on WarpBuild custom runners. Know more [here](/docs/ci/common-issues#running-dependabot). --- # January 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-january Description: List of updates in 2025-January --- title: "January 2025" slug: "2025-January" description: "List of updates in 2025-January" sidebar_position: -12 createdAt: "2025-01-10" updatedAt: "2025-01-16" --- import BreakingChangeTag from "./BreakingChangeTag"; ### ⚠️ Future Breaking Changes ⚠️ - `Breaking Change`: The arm64 images for ubuntu-22.04 will be deprecated on March 31, 2025. ### January 28, 2025 - `Enhancement`: The following images have been updated across all the cloud providers - aws, gcp and azure - `ubuntu-2204` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250120.2) - `ubuntu-2404` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250120.5) and for [arm64](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md) ### January 20, 2025 - `Enhancement`: The `BYOC` page now shows error messages from the cloud provider. This is very useful for tracking quota issues and other issues from the cloud provider. - `Enhancement`: The UI pages now have better search and filter capabilities. ### January 15, 2025 - `Fix`: Overflowing content in the BYOC UI page container. ### January 12, 2025 - `Fix`: Reloading a page does not redirect to the parent product page. - `Fix`: Add the ability to change the organization name from the [organization settings page](https://app.warpbuild.com/dashboard/settings/general). ### January 11, 2025 - `Enhancement`: The top bar breadcrumbs are more informative. - `Deprecation`: The `custom container images` feature is deprecated. ### January 10, 2025 - `Enhancement`: The following images have been updated across all the cloud providers - aws, gcp and azure - `ubuntu-2204` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250105.1) - `ubuntu-2404` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250105.1) and for [arm64](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md) - `Enhancement`: The WarpBuild cloud and azure byoc images have been updated for `windows-2022` for [x86-64](https://github.com/actions/runner-images/releases/tag/win22%2F20250105.1) have been updated --- # July 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-july Description: List of updates in 2025-July --- title: "July 2025" slug: "2025-July" description: "List of updates in 2025-July" sidebar_position: -19 createdAt: "2025-07-07" updatedAt: "2025-07-28" --- ### July 28, 2025 - `Enhancement`: [Ubuntu 22.04](https://github.com/actions/runner-images/releases/tag/ubuntu22/20250720.1) has been updated. - `Enhancement`: [Ubuntu 24.04](https://github.com/actions/runner-images/releases/tag/ubuntu24/20250720.1) has been updated. - `Enhancement`: Ubuntu 24.04 ARM has been updated. ### July 5, 2025 - `Feature`: Added support for [directory sync](/docs/sso#directory-sync). --- # June 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-june Description: List of updates in 2025-June --- title: "June 2025" slug: "2025-June" description: "List of updates in 2025-June" sidebar_position: -18 createdAt: "2025-06-25" updatedAt: "2025-06-25" --- ### June 25, 2025 - `Enhancement`: [MacOS 15 image and packages](https://github.com/actions/runner-images/releases/tag/macos-15-arm64/20250623.1849) have been updated. ### June 19, 2025 - `Feature`: Added a metadata field to stack errors page. This field contains useful context about the stack operations for better debuggability. ### June 10, 2025 - `Feature`: Added support for a readonly role. This role is called viewer and can be assigned to other users from the workspace settings page. ### June 6, 2025 - `Enhancement`: [Ubuntu 22.04 image and packages](https://github.com/actions/runner-images/releases/tag/ubuntu22/20250602.1) have been updated. - `Enhancement`: [Ubuntu 24.04 image and packages](https://github.com/actions/runner-images/releases/tag/ubuntu24/20250602.3) have been updated. - `Enhancement`: [Ubuntu 24.04 ARM image and packages](https://github.com/actions/runner-images/releases/tag/ubuntu24-arm64/20250602.3) have been updated. ### June 2, 2025 - `Feature`: Added support for IdP-initiated logins for SSO users. --- # March 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-march Description: List of updates in 2025-March --- title: "March 2025" slug: "2025-March" id: "2025-March" description: "List of updates in 2025-March" sidebar_position: -15 createdAt: "2025-03-06" updatedAt: "2025-03-21" --- ### March 31, 2025 - `Fix`: The default Xcode version for macOS 14 was incorrect. It now points to 15.4 which is consistent with GitHub runners. - `Enhancement`: MacOS [14](https://github.com/actions/runner-images/releases/tag/macos-14-arm64/20250324.1158) has been updated. ### March 25, 2025 - `Enhancement`: Ubuntu [22.04](https://github.com/actions/runner-images/releases/tag/ubuntu22/20250323.1) has been updated. - `Enhancement`: Ubuntu [24.04](https://github.com/actions/runner-images/releases/tag/ubuntu24/20250323.1) has been updated. - `Enhancement`: Ubuntu 22.04 ARM has been updated. - `Enhancement`: Ubuntu 24.04 ARM has been updated. ### March 21, 2025 - `NEW`: A drop-in replacement for the `docker/build-push-action` action is now available. This new action uses faster and more efficient WarpBuild Remote Docker Builders out of the box. Know more [here](/docs/ci/docker-builders). - `Enhancement`: MacOS [13](https://github.com/actions/runner-images/releases/tag/macos-13-arm64%2F20250317.910) ,[14](https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20250304.1018) and [15](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20250312.1001) images have been updated. ### March 20, 2025 - `NEW`: `arm64` remote docker builders are now available. ### March 6, 2025 - `NEW`: Remote docker builders are now available These are the fastest docker builders possible, paired with local NVMe storage for caching. This results in extremely fast builds, with 60x speed ups on real world projects. Know more [here](/docs/ci/docker-builders). --- # May 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-may Description: List of updates in 2025-May --- title: "May 2025" slug: "2025-May" id: "2025-May" description: "List of updates in 2025-May" sidebar_position: -17 createdAt: "2025-05-01" updatedAt: "2025-06-25" --- ### May 27, 2025 - `Feature`: Auto onboard SSO users to linked SSO organizations. ### May 16, 2025 - `Security Enhancement`: Email verification for SSO based users. ### May 13, 2025 - `Enhancement`: [Windows 2022 image](https://github.com/actions/runner-images/releases/tag/win22/20250504.1) has been updated. ### May 8, 2025 - `Feature`: Added SSO support for enterprise users. SSO refers to SAML only, OAuth logins are not part of SSO. ### May 1, 2025 - `Feature`: GCE instances now support custom service account for API and identity management. Read more [here](/docs/ci/byoc/gcp/service-account) --- # November 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-november Description: List of updates in 2025-November --- title: "November 2025" slug: "2025-November" description: "List of updates in 2025-November" sidebar_position: -23 createdAt: "2025-11-03" updatedAt: "2025-11-26" --- ### November 26, 2025 - `Enhancement`: [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20251112.124) has been updated. - `Enhancement`: [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20251112.150) has been updated. - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20251102.77) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20251102.87) has been updated. ### November 24, 2025 - `New`: macOS 15 ARM64 12x runners are now available! These runners offer 12 vCPUs and 44GB of memory. Use the `warp-macos-15-arm64-12x` label (alias: `warp-macos-latest-arm64-12x`) to access these runners. Pricing is $0.16/minute. ### November 18, 2025 - `Enhancement`: Improvements to tables and other UI elements for adapting to different screen sizes. ### November 15, 2025 - `Enhancement`: The billing page has been updated to make it easier to understand the billing details. ### November 3, 2025 - `Fix`: Ubuntu 24.04 ARM64 snapshot instances weren't starting up because of an issue with the init script. This has been fixed. ### November 2, 2025 - `Enhancement`: [macOS 14 image](https://github.com/actions/runner-images/releases/tag/macos-14-arm64/20251020.0056) has been updated. --- # October 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-october Description: List of updates in 2025-October --- title: "October 2025" slug: "2025-October" description: "List of updates in 2025-October" sidebar_position: -22 createdAt: "2025-10-07" updatedAt: "2025-10-17" --- There are multiple deprecations coming soon in the upstream GitHub Actions runner images. Please refer to the following issue for more details: [GitHub Actions Runner Images Deprecations on 2025-Nov-03](https://github.com/actions/runner-images/issues/12898) ### October 23, 2025 - `Enhancement`: The WarpBuild agent has been updated to capture more detailed resource utilization metrics. - `Enhancement`: Updated the WarpBuild UI to show GitHub Actions logs in the Observability page. - `Enhancement`: Improved the WarpBuild UI to show billing related banners for important events like hitting spend limits. - `Enhancement`: [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250929.60) has been updated. - `Enhancement`: [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20251014.106) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20251014.68) has been updated. - `Enhancement`: Ubuntu 24.04 ARM image has been updated. ### October 17, 2025 - `Feature`: GitHub Actions logs are now collected and displayed in the Observability page, allowing you to correlate workflow execution with system metrics and logs. This collection can be paused along with other observability data and is enabled by default. More details [here](/docs/ci/features/observability). - `Enhancement`: [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250929.60) has been updated. - `Enhancement`: [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250929.88) has been updated. ### October 7, 2025 - `Enhancement`: [MacOS 15 image](https://github.com/actions/runner-images/releases/tag/macos-15%2F20250928.1958) has been updated. --- # September 2025 URL: https://www.warpbuild.com/docs/ci/changelog/2025-september Description: List of updates in 2025-September --- title: "September 2025" slug: "2025-September" description: "List of updates in 2025-September" sidebar_position: -21 createdAt: "2025-09-02" updatedAt: "2025-09-05" --- ### September 16, 2025 - `Enhancement`: [MacOS 15 image](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20250911.2324) has been updated. ### September 12, 2025 - `Enhancement`: [MacOS 14 image](https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20250901.1774) has been updated. ### September 11, 2025 - `Enhancement`: [MacOS 15 image](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20250830.2281) has been updated. ### September 8, 2025 - `Fix`: Telemetry info is now available for WarpBuild Cloud and Azure runners. The data for these should show up for the new jobs in the instance metrics pages. ### September 5, 2025 - `Feature`: Windows Server 2025 runners are now available! These new runners provide the latest Windows Server platform with enhanced performance and security features. Available in 4x, 8x, 16x, and 32x vCPU configurations. ### September 3, 2025 - `Feature`: Runner resource utilization metrics and logs can now be seen in the WarpBuild UI. - `Enhancement`: The WarpBuild dashboard now shows telemetry data for each job, including CPU, memory, network, and disk usage. Syslog data is also available for each job. More details [here](/docs/ci/features/observability). ### September 2, 2025 - `Enhancement`: `macos-latest` runner label now points to macOS 15 instead of macOS 14. - `Enhancement`: [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20250825.1) has been updated. - `Enhancement`: [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250824.1) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20250825.1) has been updated. - `Enhancement`: Ubuntu 24.04 arm64 image has been updated. - `Enhancement`: WarpBuild telemetry now uses port 33931 for data collection. See our [observability documentation](/docs/ci/features/observability) for more details. --- # April 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-april Description: List of updates in 2026-April --- title: "April 2026" slug: "2026-April" description: "List of updates in 2026-April" sidebar_position: -28 createdAt: "2026-04-10" updatedAt: "2026-04-23" --- ### April 23, 2026 - `Enhancement`: [macOS 15 ARM64 image](https://github.com/actions/runner-images/releases/tag/macos-15-arm64%2F20260414.0270) has been updated. This fixes an issue with the macOS 15 ARM64 nodes where the lock screen did not consistently dismiss and remote screen capture did not work on first connect. - `Enhancement`: [Ubuntu 22.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20260413.88) has been updated. - `Enhancement`: [Ubuntu 24.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260413.86) has been updated. - `Enhancement`: [Ubuntu 24.04 ARM64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260413.86) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20260413.111) has been updated. - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20260413.84) has been updated. ### April 20, 2026 - `Feature`: New Reports section in the dashboard with three tabs — **Billing**, **Jobs**, and **Queue Timings**. The Billing tab provides detailed cost breakdowns for CI runners, Docker Builders, and cache usage with daily charts, filterable tables, and CSV export. The Jobs tab shows aggregated per-job metrics including run count, success rate, and p75/p90 percentiles for duration, queue time, CPU, and memory. The Queue Timings tab shows queue wait time analysis per runner label and stack. Read more about it [here](/docs/ci/features/reports). ### April 12, 2026 - `Feature`: New high-storage Docker Builder SKUs are now available — 96vCPU (2TB Disk) and 192vCPU (2TB Disk) variants for amd64-only profiles, in addition to the existing 600GB Disk options. ### April 10, 2026 - `Enhancement`: [macOS 26 image](https://github.com/actions/runner-images/releases/tag/macos-26-arm64%2F20260408.0337) has been updated. ### April 1, 2026 - `Enhancement`: BYOC GCP integration migrated from Deployment Manager to Infrastructure Manager for stack management, as [Deployment Manager was deprecated by GCP on March 31, 2026](https://cloud.google.com/deployment-manager/docs/deprecations). --- # February 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-february Description: List of updates in 2026-February --- title: "February 2026" slug: "2026-February" description: "List of updates in 2026-February" sidebar_position: -26 createdAt: "2026-02-05" updatedAt: "2026-02-11" --- ### February 11, 2026 - `Enhancement`: macOS 12x runners (`warp-macos-15-arm64-12x`, `warp-macos-26-arm64-12x`) now come with 270GB SSD storage, increased from 120GB. [Read more](/docs/ci/cloud-runners#macos-m4-pro-on-arm64). ### February 6, 2026 - `Bug Fix`: AWS BYOC: Fixed ECR authentication issues for runners in public subnets. CloudFormation stack template v1.4 now includes VPC endpoint security group rules allowing traffic from both public and private subnet CIDRs. Existing BYOC AWS users with public subnet runners should [upgrade to v1.4 template](/docs/ci/byoc/aws/config#-ecr-elastic-container-registry). ### February 5, 2026 - `Enhancement`: [macOS 26 image](https://github.com/actions/runner-images/releases/tag/macos-26-arm64%2F20260127.0184) has been updated. --- # January 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-january Description: List of updates in 2026-January --- title: "January 2026" slug: "2026-January" description: "List of updates in 2026-January" sidebar_position: -25 createdAt: "2026-01-06" updatedAt: "2026-01-31" --- ### January 31, 2026 - `Feature`: Enhanced Observability with Runner Instance Right Sizing Recommendations. The Observability section now includes a dedicated "Recommendations" view that displays hierarchical performance metrics (Repository > Workflow > Job > Instance Type) with detailed summaries including CPU, memory, filesystem, disk I/O, and network utilization. Easily identify instances that violate resource thresholds to optimize runner configurations. Read more about it [here](/docs/ci/observability). ### January 20, 2026 - `Feature`: MCP support for WarpBuild CI. Read more about it [here](/docs/ci/mcp). ### January 16, 2026 - `Enhancement`: [Ubuntu 22.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20260112.2) has been updated. - `Enhancement`: [Ubuntu 24.04 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260111.209) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20260112.2) has been updated. - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20260111.179) has been updated. ### January 6, 2026 - `Feature`: AWS BYOC runners now support disabling IMDS v1, allowing instances to require IMDS v2 only. Read more about it [here](/docs/ci/byoc/aws/config#set-instance-metadata-service-version-2-imds-v2-to-required). --- # March 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-march Description: List of updates in 2026-March --- title: "March 2026" slug: "2026-March" description: "List of updates in 2026-March" sidebar_position: -27 createdAt: "2026-03-10" updatedAt: "2026-03-24" --- ### March 24, 2026 - `Feature`: GCP BYOC runners now support provisioned IOPS and throughput for [Hyperdisk](https://cloud.google.com/compute/docs/disks/hyperdisks) disk types (`hyperdisk-balanced`, `hyperdisk-extreme`). Configure storage performance directly from the runner creation UI. ### March 13, 2026 - `Enhancement`: [Ubuntu 22.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20260302.50) has been updated. - `Enhancement`: [Ubuntu 24.04 x64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260302.42) has been updated. - `Enhancement`: [Ubuntu 24.04 ARM64 image](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20260302.42) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20260301.50) has been updated. - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20260302.43) has been updated. ### March 10, 2026 - `Enhancement`: [macOS 26 image](https://github.com/actions/runner-images/releases/tag/macos-26-arm64%2F20260303.0251) has been updated. --- # May 2026 URL: https://www.warpbuild.com/docs/ci/changelog/2026-may Description: List of updates in 2026-May --- title: "May 2026" slug: "2026-May" description: "List of updates in 2026-May" sidebar_position: -29 createdAt: "2026-05-01" updatedAt: "2026-05-30" --- ### May 30, 2026 - `Enhancement`: [macOS 26 image](https://github.com/actions/runner-images/releases/tag/macos-26-arm64%2F20260525.0107) has been updated. ### May 29, 2026 - `Enhancement`: [Windows Server 2025 image](https://github.com/actions/runner-images/releases/tag/win25%2F20260518.141) has been updated. - `Enhancement`: [Windows Server 2022 image](https://github.com/actions/runner-images/releases/tag/win22%2F20260518.170) has been updated. ### May 5, 2026 - `Feature`: **Networking Addon (Tailscale)** — Automatically connect WarpBuild runners to your Tailscale tailnet using OIDC authentication. Add `network.name=` to your `runs-on` label to securely access private services, databases, and internal APIs from CI jobs. Runners join as ephemeral nodes and are automatically removed when the job completes. Works on all platforms (Linux, macOS, Windows) and all runner types (Cloud, BYOC). Read more in the [Networking docs](/docs/ci/features/networking). - `Deprecation`: **Snapshot Runners — Label-based configuration recommended.** Use `snapshot.enabled=true` or `snapshot.key=` in your `runs-on` labels for snapshot runners. Existing configurations with snapshots enabled from the dashboard will continue to work as of now. See the [Snapshot Runners docs](/docs/ci/features/snapshot-runners) for details. --- # Changelog URL: https://www.warpbuild.com/docs/ci/changelog Description: WarpBuild Changelog --- title: "Changelog" excerpt: "WarpBuild Changelog" description: "WarpBuild Changelog" icon: FileClock createdAt: "2024-03-04" updatedAt: "2024-03-04" --- The WarpBuild changelog is a list of updates, improvements, and bug fixes for the WarpBuild platform. This page is updated regularly to keep you informed about the latest changes. Subscribe to our [RSS feed](https://www.warpbuild.com/docs/rss.xml) to stay updated on the latest changes. Run `/feed subscribe https://www.warpbuild.com/docs/rss.xml` in any Slack channel to receive changelog updates there. Requires the built-in Slack RSS app (enabled by default in most workspaces). --- # Caching URL: https://www.warpbuild.com/docs/ci/features/caching Description: Blazing fast, unlimited Cache for GitHub Action Runners by WarpBuild --- title: "Caching" excerpt: "Blazing fast, unlimited Cache for GitHub Action Runners by WarpBuild" description: "Blazing fast, unlimited Cache for GitHub Action Runners by WarpBuild" icon: DatabaseZap --- WarpBuild provides a fast, unlimited cache for GitHub Action runners. This cache can be used to store build artifacts, dependencies, and other files that are needed across builds. The cache is designed to be fast, reliable, and secure. ## ⚠️ Read First GitHub has made updates to caching for improved performance and unlimited size. You can change the size limits and the expiration policy here: [https://github.com/organizations/$YOURORG/settings/actions](https://github.com/organizations/$YOURORG/settings/actions). This is already available for most users and is expected to GA by the end of 2025: [Increased Cache Size in Actions GA](https://github.com/github/roadmap/issues/1029) and [recent commitment from the team](https://github.com/orgs/community/discussions/42506#discussioncomment-14936753). This provides the most seamless experience for users and is the recommended approach. However, for some advanced use case and BYOC, you may still want to use WarpBuild cache. Read on. ## Usage WarpBuild cache can be used by replacing the `actions/cache@v4` action with the `warpbuilds/cache` action. The `warpbuilds/cache` action is fully compatible with the `actions/cache@v4` action and can be used as a drop-in replacement. Refer to the [WarpBuild Actions cache documentation](https://github.com/WarpBuilds/cache) for more information on how to use the cache. ```yaml title="Drop-in replacement" uses: WarpBuilds/cache@v1 ``` The cache is designed to be fast, reliable, and secure. It is available on all WarpBuild runners and is enabled by default. ### Examples #### Restoring and saving cache using a single action ```yaml title=".github/workflows/cache-primes.yml" {14,15} name: Caching Primes on: push jobs: build: runs-on: warp-ubuntu-latest-x64-4x steps: - uses: actions/checkout@v3 - name: Cache Primes id: cache-primes uses: WarpBuilds/cache@v1 with: path: prime-numbers key: ${{ runner.os }}-primes - name: Generate Prime Numbers if: steps.cache-primes.outputs.cache-hit != 'true' run: /generate-primes.sh -d prime-numbers - name: Use Prime Numbers run: /primes.sh -d prime-numbers ``` The `cache` action provides a `cache-hit` output which is set to `true` when the cache is restored using the primary `key` and `false` when the cache is restored using `restore-keys` or no cache is restored. #### Using a combination of restore and save actions ```yaml title=".github/workflows/cache-primes-split.yml" {14,23} name: Caching Primes on: push jobs: build: runs-on: warp-ubuntu-latest-x64-4x steps: - uses: actions/checkout@v3 - name: Restore Cache Primes id: cache-primes-restore uses: WarpBuilds/cache/restore@v1 with: path: | path/to/dependencies some/other/dependencies key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }} - name: Install Dependencies if: steps.cache-primes-restore.outputs.cache-hit != 'true' run: /install.sh - name: Save Cache Primes id: cache-primes-save uses: WarpBuilds/cache/save@v1 with: path: | path/to/dependencies some/other/dependencies key: ${{ steps.cache-primes-restore.outputs.cache-primary-key }} ``` ### Inputs - `key` - An explicit key for restoring and saving the cache. - `path` - A list of files, directories, and wildcard patterns to cache and restore. - `restore-keys` - An ordered list of keys to use for restoring stale cache if no cache hit occurred for key. - `enableCrossOsArchive` - An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms. Default: `false` - `fail-on-cache-miss` - Fail the workflow if cache entry is not found. Default: `false` - `lookup-only` - If true, only checks if cache entry exists and skips download. Does not change save cache behavior. Default: `false` - `delete-cache` - If true, deletes the cache entry. Skips restore and save. Default: `false` ### Outputs - `cache-hit` - A boolean value to indicate an exact match was found for the key. > **Note** `cache-hit` will only be set to `true` when a cache hit occurs for the exact `key` match. For a partial key match via `restore-keys` or a cache miss, it will be set to `false`. See [Skipping steps based on cache-hit](#skipping-steps-based-on-cache-hit) for info on using this output ### Creating a cache key A cache key can include any of the contexts, functions, literals, and operators supported by GitHub Actions. For example, using the [`hashFiles`](https://docs.github.com/en/actions/learn-github-actions/expressions#hashfiles) function allows you to create a new cache when dependencies change. ```yaml - uses: WarpBuilds/cache@v1 with: path: | path/to/dependencies some/other/dependencies key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }} ``` Additionally, you can use arbitrary command output in a cache key, such as a date or software version: ```yaml # http://man7.org/linux/man-pages/man1/date.1.html - name: Get Date id: get-date run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT shell: bash - uses: WarpBuilds/cache@v1 with: path: path/to/dependencies key: ${{ runner.os }}-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/lockfiles') }} ``` See [Using contexts to create cache keys](https://help.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows#using-contexts-to-create-cache-keys) ### Cache scopes The cache is scoped to the key, [version](#cache-version), and branch. See [Matching a cache key](https://help.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows#matching-a-cache-key) for more info. ## Language setup actions WarpBuild maintains drop-in replacements for the official language setup actions. These are fully compatible with their upstream counterparts but transparently use [WarpBuild Cache](https://github.com/WarpBuilds/cache) under the hood to cache language toolchains and package-manager dependencies, giving you faster, unlimited dependency caching without changing your workflow logic. To use them, replace the upstream action with the matching `WarpBuilds/setup-*` action. The `cache` input and all other inputs behave exactly as documented for the upstream action. Select a language below to see the change: Replaces [`actions/setup-node`](https://github.com/actions/setup-node) - see [`WarpBuilds/setup-node`](https://github.com/WarpBuilds/setup-node). ```diff - uses: actions/setup-node@v4 + uses: WarpBuilds/setup-node@v6 with: node-version: 20 cache: npm ``` Replaces [`actions/setup-python`](https://github.com/actions/setup-python) - see [`WarpBuilds/setup-python`](https://github.com/WarpBuilds/setup-python). ```diff - uses: actions/setup-python@v5 + uses: WarpBuilds/setup-python@v6 with: python-version: '3.12' cache: pip ``` Replaces [`actions/setup-go`](https://github.com/actions/setup-go) - see [`WarpBuilds/setup-go`](https://github.com/WarpBuilds/setup-go). ```diff - uses: actions/setup-go@v5 + uses: WarpBuilds/setup-go@v6 with: go-version: '1.22' cache: true ``` Replaces [`actions/setup-java`](https://github.com/actions/setup-java) - see [`WarpBuilds/setup-java`](https://github.com/WarpBuilds/setup-java). ```diff - uses: actions/setup-java@v4 + uses: WarpBuilds/setup-java@v5 with: distribution: temurin java-version: '21' cache: maven ``` Replaces [`actions/setup-dotnet`](https://github.com/actions/setup-dotnet) - see [`WarpBuilds/setup-dotnet`](https://github.com/WarpBuilds/setup-dotnet). ```diff - uses: actions/setup-dotnet@v4 + uses: WarpBuilds/setup-dotnet@v4 with: dotnet-version: '8.0' cache: true cache-dependency-path: '**/packages.lock.json' ``` Replaces [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby) - see [`WarpBuilds/setup-ruby`](https://github.com/WarpBuilds/setup-ruby). ```diff - uses: ruby/setup-ruby@v1 + uses: WarpBuilds/setup-ruby@v1.295.0 with: ruby-version: '3.3' bundler-cache: true ``` Replaces [`goto-bus-stop/setup-zig`](https://github.com/goto-bus-stop/setup-zig) - see [`WarpBuilds/setup-zig`](https://github.com/WarpBuilds/setup-zig). ```diff - uses: goto-bus-stop/setup-zig@v2 + uses: WarpBuilds/setup-zig@v2 with: version: 0.13.0 ``` These actions automatically use WarpBuild Cache when run on WarpBuild runners. No extra configuration is required - caching that would normally go to GitHub Actions Cache is served by WarpBuild Cache instead. ## Docker Layer Caching > It is recommended to use the new [Docker Builders](/docs/ci/docker-builders) for a faster and better build experience. Since WarpBuild Cache seamlessly integrates as a drop-in replacement for GitHub Actions Cache, you can easily use it for Docker Layer Caching. ### Set up Docker Buildx Ensure that the Docker Buildx Action is included in your workflow file if it isn't already. This step is essential to enable the GHA backend for Docker Layer Caching. Don't forget to include the `driver-opts` key as shown below. ```yaml title=".github/workflows/docker.yml" {4,5} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: | network=host ``` ### Configure the Build Push Action Update the `cache-from` and `cache-to` fields by setting the `url` to `http://127.0.0.1:49160/`, as shown below. Ensure that the `type` is set to `gha` and `version` is set to `1`. WarpBuild Cache will automatically proxy the storage backend for docker layer caching. `mode=max` ensures all layers including intermediate steps are cached. `version=1` is mandatory for the cache to work. ```yaml title=".github/workflows/docker.yml" {7,8} - name: Docker WarpCache Backend uses: docker/build-push-action@v6 with: context: . push: false tags: "alpine/warpcache:latest" cache-from: type=gha,url=http://127.0.0.1:49160/,version=1 cache-to: type=gha,url=http://127.0.0.1:49160/,mode=max,version=1 ``` That's all there is to it! With these adjustments, WarpBuild Cache is now set up as your Docker Layer Caching backend. ## Advanced Configuration ### Running inside a container A few conditions must be met to use the cache action inside a custom container. - `wget`: the cache action uses `wget` to download the cache. See [our workflow file](https://github.com/WarpBuilds/cache/blob/main/.github/workflows/workflow.yml#L109) for an example. - `zstd`: the downloaded cache is uncompressed using `zstd`. - `WARPBUILD_RUNNER_VERIFICATION_TOKEN`: This environment variable is always present in WarpBuild runners and is used to authenticate the action with the WarpBuild service. To use WarpCache inside a container, pass the `WARPBUILD_RUNNER_VERIFICATION_TOKEN` environment variable to the container as shown below. ```yaml test-proxy-save: runs-on: warp-ubuntu-latest-x64-16x container: image: ubuntu:latest env: WARPBUILD_RUNNER_VERIFICATION_TOKEN: ${{ env.WARPBUILD_RUNNER_VERIFICATION_TOKEN }} ``` ### Known practices and workarounds There are a number of community practices/workarounds to fulfill specific requirements. You may choose to use them if they suit your use case. Note these are not necessarily the only solution or even a recommended solution. - [Cache segment restore timeout](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#cache-segment-restore-timeout) - [Update a cache](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#update-a-cache) - [Use cache across feature branches](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#use-cache-across-feature-branches) - [Cross OS cache](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#cross-os-cache) - [Cross Arch cache](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#cross-arch-cache) - [Deletion of Caches](https://github.com/WarpBuilds/cache/blob/main/tips-and-workarounds.md#deletion-of-caches) ### Cache Version Cache version is a hash [generated](https://github.com/actions/toolkit/blob/500d0b42fee2552ae9eeb5933091fe2fbf14e72d/packages/cache/src/internal/cacheHttpClient.ts#L73-L90) for a combination of compression tool used (Gzip, Zstd, etc. based on the runner OS) and the `path` of directories being cached. If two caches have different versions, they are identified as unique caches while matching. This, for example, means that a cache created on a `warp-macos-14-arm64-6x` runner can't be restored on `warp-ubuntu-latest-x64-4x` as cache `versions` are different. ### Caching Strategies With the introduction of the `restore` and `save` actions, a lot of caching use cases can now be achieved. Please see the [caching strategies](https://github.com/WarpBuilds/cache/blob/main/caching-strategies.md) document for understanding how you can use the actions strategically to achieve the desired goal. ### Skipping steps based on cache-hit Using the `cache-hit` output, subsequent steps (such as install or build) can be skipped when a cache hit occurs on the key. It is recommended to install missing/updated dependencies in case of a partial key match when the key is dependent on the `hash` of the package file. Example: ```yaml steps: - uses: actions/checkout@v3 - uses: WarpBuilds/cache@v1 id: cache with: path: path/to/dependencies key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }} - name: Install Dependencies if: steps.cache.outputs.cache-hit != 'true' run: /install.sh ``` > **Note** The `id` defined in `WarpBuilds/cache` must match the `id` in the `if` statement (i.e. `steps.[ID].outputs.cache-hit`) ## Troubleshooting ### Errors in Cache restore To troubleshoot cache restore issues, rerun your workflow with [debug logging enabled](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging). Check for any warnings or errors in the restore step that match those described below. > Note: Using versions older than v1.4.5 might cause issues with cache saves and restores for some customers. ### `zstd version: null` followed by a 404 warning Each cache entry has a unique version associated with it ([See: Cache Version](#cache-version)), which is matched during the restore process. The `zstd version: null` warning indicates that the default compression tool, `zstd`, is not available in the current environment. Consequently, the action falls back to using gzip compression. (This warning can be ignored if the cache was originally saved using gzip.) Since all warpbuild runners have `zstd` available, this warning typically occurs when running the action inside a container that lacks `zstd`. To resolve this issue, ensure that the compression tools available in the current environment match those used when the cache was saved. If the cache was saved in a container with `zstd` and you attempt to restore it in a container without `zstd`, the restore will fail. ### Failed to commit cache (Docker) This error occurs usually when the docker layers are large and the runner size is small. For example, if you are using the `2x` runner and some of the docker layers are larger than 5GB, you will likely encounter this error. To resolve this issue, please upgrade to a larger runner size. ## Limitations - WarpBuild Caching is not supported for windows based runners WarpBuild runners. 1. WarpBuild cache is compatible with the `actions/cache@v4` action. 2. Using versions older than v1.4.5 might cause issues with cache saves and restores for some customers. GitHub has made updates to caching for improved performance and unlimited size. You can change the size limits and the expiration policy here: [https://github.com/organizations/$YOURORG/settings/actions](https://github.com/organizations/$YOURORG/settings/actions). This is the recommended approach and is the most seamless experience for users. However, for some advanced use case and BYOC, you may still want to use WarpBuild cache. ## Expiry Cache is set to expire after 7 days of last use. It can be manually deleted at any time from the action or using the console. ## Pricing | Metric | Hosted | BYOC | | ------------------------ | --------------------- | ---- | | Storage | $0.20 per GB-month | Free | | Cache write/restore/list | $0.0001 per operation | Free | --- # Features URL: https://www.warpbuild.com/docs/ci/features Description: In-depth guides for WarpBuild caching, networking, observability, reports, and nested virtualization. --- title: "Features" excerpt: "Deep-dive guides for WarpBuild features" description: "In-depth guides for WarpBuild caching, networking, observability, reports, and nested virtualization." icon: Sparkles createdAt: "2026-04-24" updatedAt: "2026-04-24" --- Deep-dive guides for the core WarpBuild features. Click into any area below for configuration, examples, and troubleshooting. Looking for a high-level compatibility snapshot across Cloud and BYOC? See the [Feature Matrix](/docs/ci/feature-matrix). --- # Networking (Tailscale) URL: https://www.warpbuild.com/docs/ci/features/networking Description: Automatically join WarpBuild runners to your Tailscale tailnet using OIDC authentication. Access private services, databases, and APIs from your CI jobs. --- title: "Networking (Tailscale)" excerpt: "Connect WarpBuild runners to your private Tailscale network" description: "Automatically join WarpBuild runners to your Tailscale tailnet using OIDC authentication. Access private services, databases, and APIs from your CI jobs." icon: Network createdAt: "2026-04-23" updatedAt: "2026-04-30" --- import { Step, Steps } from 'fumadocs-ui/components/steps'; The Networking addon lets you automatically connect WarpBuild runners to your [Tailscale](https://tailscale.com) tailnet when a CI job starts. This enables your workflows to securely access private services, databases, and internal APIs without exposing them to the public internet. ## How It Works You create a **Network Addon Configuration** in WarpBuild with your Tailscale OIDC Client ID. In your GitHub Actions workflow, you add `network.name=` to the `runs-on` label. When the CI job starts, WarpBuild authenticates the runner to your tailnet using [Tailscale OIDC](https://tailscale.com/kb/1240/sso-custom-oidc) and ephemeral node keys. The runner joins your tailnet and can reach any device or service on it. When the job finishes, the ephemeral node is automatically removed from your tailnet. ## Prerequisites - A [Tailscale](https://tailscale.com) account with admin access to your tailnet. ## Setup ### Create a Trust Credential in Tailscale Open the [Trust credentials](https://login.tailscale.com/admin/settings/trust-credentials) page in the Tailscale admin console and click **Add credentials**. On the **Settings** step, configure: - **Credential type**: OIDC - **Issuer**: Custom issuer — `https://api.warpbuild.com` - **Subject**: `warp-*` — WarpBuild issues tokens with `sub` set to the runner instance ID (which is prefixed with `warp-`), so the wildcard matches all runners. On the **Scopes** step, select **Custom scopes** and enable the minimum permissions: | Section | Scope | Access | Why | | --- | --- | --- | --- | | Keys > Auth Keys | `auth_keys` | Read + Write | Allows ephemeral auth key creation for node registration. | Under **Tags**, add the tags your runners will use (e.g., `tag:ci`). Tags passed via `--advertise-tags` in WarpBuild must be a subset of the tags configured here. > [!NOTE] > All other scopes (Posture Attributes, Routes, Device Invites, etc.) can be left unchecked. Copy the **Client ID** that Tailscale generates for this credential. ### Create a Network Addon Configuration In the WarpBuild dashboard, go to **Addons > Networking** in the sidebar. Click **Create Addon** and fill in: - **Name**: A descriptive name (e.g., `production-tailnet`). This is the name you'll use in your workflow labels. - **Provider**: Select **Tailscale**. - **OIDC Client ID**: The Client ID from Step 1. - **Additional Arguments** (optional): Extra flags to pass to the `tailscale up` command (e.g., `--advertise-tags=tag:ci --accept-routes`). See the [Tailscale CLI reference](https://tailscale.com/kb/1080/cli/#up) for available flags. > [!NOTE] > The `--hostname`, `--auth-key`, `--client-id`, `--id-token`, and `--state` flags are managed by WarpBuild and cannot be overridden in the additional arguments. ### Use in Your Workflow Add `network.name=` to the `runs-on` label in your workflow file, where `` matches the name of the addon configuration you created: ```yaml jobs: deploy: runs-on: warp-ubuntu-latest-x64-4x;network.name=production-tailnet steps: - uses: actions/checkout@v4 - name: Access internal API run: | curl https://internal-api.myorg.tailnet.ts.net/health - name: Run database migrations run: | psql "postgres://db.myorg.tailnet.ts.net:5432/mydb" -f migrations.sql ``` ### Combining with Snapshots You can combine the networking addon with [snapshot runners](/docs/ci/features/snapshot-runners) in a single label: ```yaml jobs: build: # Network addon + snapshot restore runs-on: warp-ubuntu-latest-x64-4x;network.name=production-tailnet;snapshot.key=my-key test: # Network addon + snapshot create runs-on: warp-ubuntu-latest-x64-4x;network.name=production-tailnet;snapshot.enabled=true ``` ## Supported Platforms | Platform | Status | | --- | --- | | Linux (Ubuntu x64) | ✅ | | Linux (Ubuntu arm64) | ✅ | | macOS (arm64) | ✅ | | Windows (x64) | ✅ | Tailscale is pre-installed on all WarpBuild runner images. The addon setup script starts the Tailscale daemon and authenticates on demand — it does not run when the networking addon is not requested. For BYOC runners using custom images, ensure `jq` is installed. The addon setup script will automatically install Tailscale if not present. See [Custom VM Images](/docs/ci/byoc/custom-vm-images) for prerequisites. ## Additional Arguments The **Additional Arguments** field accepts any flags supported by [`tailscale up`](https://tailscale.com/kb/1080/cli/#up). Common examples: | Flag | Description | | --- | --- | | `--advertise-tags=tag:ci` | Apply ACL tags to the runner node | | `--accept-routes` | Accept subnet routes advertised by other nodes | | `--accept-dns=false` | Disable Tailscale DNS overrides | | `--advertise-routes=10.0.0.0/24` | Advertise routes from the runner | Multiple flags can be combined in a single string: ``` --advertise-tags=tag:ci --accept-routes --accept-dns=false ``` > [!WARN] > `--hostname`, `--auth-key`, `--client-id`, `--id-token`, and `--state` are reserved flags that are automatically set by WarpBuild and will be rejected if included in additional arguments. ## ACL Tags If you specify tags via additional arguments (e.g., `--advertise-tags=tag:ci`), make sure they are defined in your [Tailscale ACL policy](https://tailscale.com/kb/1018/acls). Tags control what the runner node can access on your tailnet. For example: ```json { "tagOwners": { "tag:ci": ["autogroup:admin"] }, "acls": [ { "action": "accept", "src": ["tag:ci"], "dst": ["tag:internal-api:443"] } ] } ``` ## Security - Runner nodes join as **ephemeral nodes** and are automatically removed from your tailnet when the CI job completes. - Authentication uses short-lived OIDC tokens signed by WarpBuild — no long-lived auth keys are stored. - You control access through Tailscale ACL tags and policies. ## FAQ ### Can I use different tailnets for different jobs? Yes. Create multiple Network Addon Configurations, each pointing to a different tailnet, and use the appropriate `network.name=` label in each workflow job. ### What happens if the Tailscale setup fails? The CI job will fail. This ensures your workflow doesn't silently run without the expected network access. ### Does this work with BYOC runners? Yes, the networking addon works with all runner types — WarpBuild Cloud, BYOC (AWS, GCP, Azure), and custom runners. The addon setup script will automatically install Tailscale if it's not already present on the image. ### Is the OIDC Client ID sensitive? No. The Client ID is a public identifier used to initiate the OIDC flow. The authentication security comes from the signed OIDC token issued by WarpBuild. --- # Observability URL: https://www.warpbuild.com/docs/ci/features/observability Description: GitHub Actions runner observability and monitoring information --- title: "Observability" excerpt: "GitHub Actions runner observability and monitoring" description: "GitHub Actions runner observability and monitoring information" icon: Activity createdAt: "2025-09-02" updatedAt: "2026-01-31" --- WarpBuild collects telemetry data to display metrics and logs for your runners. This page provides information about the observability collection process and port usage. The [Observability page](https://app.warpbuild.com/ci/observability) in WarpBuild is organized into two sections: - **Recommendations**: View runner instance right-sizing recommendations based on resource utilization patterns. - **Usage**: View detailed metrics and logs for individual runner instances. ## Recommendations The Recommendations view helps you optimize your runner configurations by displaying hierarchical performance metrics and identifying resource bottlenecks. ### Hierarchical Metrics Performance metrics are aggregated and displayed in a hierarchical structure: 1. **Repository**: Top-level grouping of all workflows in a repository 2. **Workflow**: Individual workflow files within a repository 3. **Job**: Specific jobs defined in each workflow 4. **Instance Type**: Instance type used for each job WF1[Workflow: ci.yml] Repo --> WF2[Workflow: release.yml] WF1 --> J1[Job: build] WF1 --> J2[Job: test] WF2 --> J3[Job: publish] J1 --> I1[Instance: warp-ubuntu-4x] J2 --> I2[Instance: warp-ubuntu-8x] J3 --> I3[Instance: warp-ubuntu-2x] `} /> This hierarchy allows you to drill down from high-level repository metrics to specific job and instance type performance data. ### Performance Summaries For each runner instance, the following performance metrics are displayed: - **CPU Utilization**: Maximum rolling average CPU usage percentage over last 30s - **Memory Utilization**: Maximum memory usage percentage - **Filesystem Utilization**: Maximum storage usage percentage - **Disk I/O**: Maximum rolling average of read+write disk throughput over last 30s - **Network Utilization**: Maximum rolling average of read+write network throughput over last 30s ### Resource Threshold Alerts The Recommendations view can filter and highlight instances that violate predefined resource thresholds. This helps you quickly identify runners that are under-provisioned (that have consistently high resource utilization) or over-provisioned (that have low resource utilization). Thresholds for the under-provisioned recommendation: | Metric | Threshold | Alert Label | |--------|-----------|-------------| | Max Sustained CPU | >= 80% | High CPU Usage | | Max Memory Utilization | >= 80% | High Memory Usage | | Max Filesystem Utilization | >= 80% | High Filesystem Usage | | Max Disk I/O | >= 80% of supported throughput | High Disk IO | Use these insights to right-size your runner instance configurations for optimal cost and performance. ## Usage The Usage view provides detailed observability data for individual runner instances, including metrics and logs. ## Observability Collection WarpBuild agents running on your runners collect the following observability data: 1. CPU, memory, filesystem, and network utilization metrics. This helps with understanding resource bottlenecks on the runner. 2. System logs for capturing WarpBuild and other service behaviors, useful for debugging runner issues. 3. GitHub Actions logs to help correlate workflow execution with system metrics and logs in the UI. The collected logs and metrics can be viewed in the WarpBuild UI's [Observability page](https://app.warpbuild.com/ci/observability). ![Observability Page](../img/observability.page.png) ### Pausing Observability Observability data collection can be paused. When paused, no telemetry data is collected from your runners, including system logs, and GitHub Actions logs. For pooled instances, you may see observability data appear in the UI before a job is allocated to the instance. This is expected behavior when data collection is paused - the telemetry agent initializes but no actual data is collected until job allocation. ![Observability Metrics](../img/observability.metrics.png) The chart displays info about the resource utilization on your runner instance. ![Observability Logs](../img/observability.logs.png) The logs view shows both system logs (syslogs) from your runner and GitHub Actions logs, making it easier to correlate workflow execution with system behavior. Observability only collects metrics and logs for jobs that are longer than ~1 minute. ## Port Usage WarpBuild observability uses port `33931` for data collection and communication with the WarpBuild platform and uses OpenTelemetry for data collection. ## Data Privacy WarpBuild observability collection follows our privacy and security policies: - **No sensitive data** is collected through telemetry. We only collect syslogs and utilization metrics of the runner like CPU, memory, filesystem and network. - All observability data is **encrypted in transit**. - **No data is used for training** or any other purpose beyond providing observability insights for your runners. If you have any queries regarding the observability, please reach out at support@warpbuild.com. --- # Reports URL: https://www.warpbuild.com/docs/ci/features/reports Description: Usage reports, billing breakdowns, and job performance analytics --- title: "Reports" excerpt: "Usage reports, billing breakdowns, and job performance analytics" description: "Usage reports, billing breakdowns, and job performance analytics" icon: ChartColumn createdAt: "2026-04-20" updatedAt: "2026-04-20" --- The [Reports page](https://app.warpbuild.com/ci/reports/billing) provides detailed analytics and cost breakdowns for your Warpbuild usage. It is organized into three sections: - **Billing**: Cost breakdowns for CI runners, Docker Builders, and cache usage. - **Jobs**: Aggregated per-job performance metrics including duration, queue time, CPU, and memory. - **Queue Timings**: Queue wait time analysis per runner label and stack. All reports support date range selection, sorting, filtering, search, and CSV export. ## Billing The Billing section has three tabs — **CI**, **Docker Builder**, and **Cache** — each showing costs for the respective service. ### CI Billing Shows per-job cost data for CI runner usage. - **Daily chart**: Stacked bar chart of daily costs, grouped by repository or runner label. - **Summary cards**: Total cost, runner cost, snapshot cost, and total jobs for the selected period. - **Table**: Each row is a single job execution showing repository, job name, runner label, stack, snapshot usage, execution time, billed time, and cost breakdown (runner + snapshot). **Filters**: Repository, runner label, stack, job name, snapshot usage. ### Docker Builder Billing Shows per-session cost data for Docker Builder usage. - **Daily chart**: Stacked bar chart of daily costs, grouped by profile or architecture. - **Summary cards**: Total cost and total sessions. - **Table**: Each row is a single Docker Builder session showing profile, architecture, duration, and cost. **Filters**: Profile, architecture. ### Cache Billing Shows cost data for cache operations (storage and access). - **Daily chart**: Stacked bar chart of daily costs by cache type. - **Summary cards**: Total cost, storage cost, operations cost, and total entries. - **Table**: Each row is a cache billing entry showing type and cost. **Filters**: Cache type (storage, operation-hit, operation-commit). ## Jobs The Jobs section provides aggregated performance metrics per unique (repository, workflow, job name) combination. ### Metrics Table Each row represents a unique job across all its runs in the selected period: | Metric | Description | |--------|-------------| | Run Count | Total number of executions | | Success Rate | Percentage of successful runs | | Duration P75 / P90 | 75th and 90th percentile execution time | | Queue Time P75 / P90 | 75th and 90th percentile time spent waiting in the queue | | CPU P75 / P90 | 75th and 90th percentile peak CPU utilization | | Memory P75 / P90 | 75th and 90th percentile peak memory utilization | CPU and memory metrics require [Observability](/docs/ci/features/observability) to be enabled. Jobs without telemetry data will show a dash (—) for these columns. ### Time-Series Chart The chart shows a selected metric (duration, queue time, CPU, or memory) at a selected percentile (P75 or P90) over time. Each line represents one job from the current table page, making it easy to spot performance regressions or improvements. **Filters**: Repository, workflow, job name, runner label, stack. ## Queue Timings The Queue Timings section shows how long jobs wait in the queue before they start running, broken down per runner label and stack. ### Daily Chart The daily bar chart shows average queue time over the selected period, along with the total job count per day. ### Metrics Table Each row represents a unique (runner label, stack) combination: | Metric | Description | |--------|-------------| | Run Count | Total number of jobs | | Queue Time P75 | 75th percentile total queue time | | Queue Time P90 | 90th percentile total queue time | **Filters**: Runner label, stack. ## CSV Export All report tabs support CSV export via the download button. The CSV includes all rows matching the current filters and sort order (not just the current page). This is useful for further analysis in spreadsheet tools or for sharing with your team. --- # Snapshot Runners URL: https://www.warpbuild.com/docs/ci/features/snapshot-runners Description: Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud --- title: "Snapshot Runners" excerpt: "Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud" description: "Blazing fast GitHub Action Runners, hosted on WarpBuild's cloud" icon: HardDrive createdAt: "2024-09-30" updatedAt: "2024-09-30" --- WarpBuild allows you to take snapshots of your runner VMs at any point during your workflow, enabling faster consecutive runs by reusing these snapshots. Snapshots are temporary and will be deleted after 15 days. ## Prerequisites - **Supported Platforms:** Snapshot Runners are supported only on WarpBuild Cloud Ubuntu runners. - **Unsupported Platforms:** BYOC runners, Windows runners, and macOS runners are not supported. If you include snapshot labels (`snapshot.enabled=true` or `snapshot.key=`) on an unsupported runner type, the labels will be **silently ignored** and the job will run normally without snapshot functionality. ## Limitations - **/tmp** directory will not persist state since this directory is cleaned on reboots. ## Usage Enable snapshots for your runner by adding `snapshot.enabled=true` or `snapshot.key=` to the `runs-on` label in your workflow. - `snapshot.enabled=true` -- Enables the snapshot feature on the runner. The runner always boots from the base image. Use `snapshot-save` action to capture a snapshot at the desired point in your workflow. - `snapshot.key=` -- Enables the snapshot feature and boots from an existing snapshot if one is available for the given alias. If no snapshot exists yet, the runner boots from the base image. If the runner machine is made from a snapshot, it will have an environment variable `WARPBUILD_SNAPSHOT_KEY` set to the alias of the snapshot. ### Inputs - **alias** (Required): A unique alias for the snapshot, helping you easily identify and manage your snapshots. - **fail-on-error** (Optional): If set to `true`, the action will fail if an error occurs during snapshot creation. Default is `true`. - **wait-timeout-minutes** (Optional): The maximum time (in minutes) to wait for the snapshot to be created. Default is `30` minutes. ### Example 1: Clean snapshot creation on main On `main`, the runner uses `snapshot.enabled=true` to boot from the base image and creates a fresh snapshot via the `snapshot-save` action. On feature branches, it uses `snapshot.key` to boot from the existing snapshot for faster runs. ```yaml jobs: build: runs-on: >- ${{ github.ref == 'refs/heads/main' && 'warp-ubuntu-latest-x64-2x;snapshot.enabled=true' || 'warp-ubuntu-latest-x64-2x;snapshot.key=my-project-snapshot' }} steps: - name: Checkout code uses: actions/checkout@v5 # Your build and test steps here - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Test run: npm test # Cleanup and snapshot creation only on main - name: Cleanup credentials if: github.ref == 'refs/heads/main' run: | rm -rf $HOME/.ssh $HOME/.aws git clean -ffdx - name: Save snapshot if: github.ref == 'refs/heads/main' uses: WarpBuilds/snapshot-save@v1 with: alias: "my-project-snapshot" fail-on-error: true wait-timeout-minutes: 60 ``` ### Example 2: Incremental snapshots on feature branches This workflow creates and updates snapshots on every push, so each run builds on the previous one. Useful when you want each feature branch run to incrementally cache build artifacts and dependencies. ```yaml jobs: build: runs-on: warp-ubuntu-latest-x64-2x;snapshot.key=my-project-snapshot steps: - name: Checkout code uses: actions/checkout@v5 # Your build and test steps here - name: Install dependencies run: npm ci - name: Build run: npm run build - name: Test run: npm test # Cleanup credentials before snapshotting - name: Cleanup credentials run: | rm -rf $HOME/.ssh $HOME/.aws git clean -ffdx - name: Save snapshot uses: WarpBuilds/snapshot-save@v1 with: alias: "my-project-snapshot" fail-on-error: true wait-timeout-minutes: 60 ``` On the first run, no snapshot exists for the alias yet, so the runner boots from the base image. The `snapshot-save` action creates a snapshot at the end. Subsequent runs boot from the latest snapshot, incrementally building on the previous state. ### Cleanup It is highly recommended to include a cleanup step to remove credentials and sensitive information before creating a snapshot. **Common cleanup commands:** ```bash rm -rf $HOME/.ssh $HOME/.aws git clean -ffdx ``` **Remove untracked files and directories:** It might be useful to remove some secret files that were added during the job, before making a snapshot. - _git clean_: removes untracked files from the local git repo. - _-f (force)_: forces the removal of files and directories. - _-f (force again)_: if `git config clean.requireForce true` is present, some files may not be removed without this flag. - _-d (directories)_: removes directories not just files. - _-x (ignore .gitignore)_: removes files and directories that are ignored by git. ## Security ### Public Repositories When using public repositories, ensure that no sensitive information (such as cloud credentials) is stored in the snapshot. This is crucial as others may access the snapshot using the alias in a PR workflow run. ### Private Repositories WarpBuild provisions runners at the organization level, and GitHub may allocate a runner intended for snapshot jobs to different jobs within the organization. This could expose sensitive information to other users in the organization. It is recommended to use the cleanup script to remove sensitive data before creating a snapshot. ## Additional Notes - Snapshot runners are only supported on WarpBuild Cloud Ubuntu runners. Snapshot labels on any other runner type are silently ignored. - Boot times for snapshot runners can be slower than the default runners and take 45-60s. --- # Action-Debugger URL: https://www.warpbuild.com/docs/ci/tools/action-debugger Description: Use Action-Debugger by WarpBuild to SSH into your GitHub Actions for rapid debugging --- title: "Action-Debugger" slug: "action-debugger" description: "Use Action-Debugger by WarpBuild to SSH into your GitHub Actions for rapid debugging" sidebar_position: 1 updatedAt: "2024-07-23" --- A common pain point that we have come across while using GitHub Actions extensively is the missing ability to debug any action. If the action fails, we have to rely on the logs generated by steps and keep re-running the actions to see if something changes. This leads to the frustrating trial and error way of debugging. To handle this, we built Action-Debugger. Action-Debugger lets you SSH into a running GitHub Action to debug it. It is as simple as adding a single line to your workflow. Action-Debugger is a free to use, open-source GitHub action which can be plugged in to any GitHub workflow to make it easy to debug. ![Example WarpBuild Syntax](./img/action-debugger/code.gif) Any workflow's execution will get paused as soon as the Action-Debugger step is invoked. While it is paused, an SSH session will be started on the runner machine and the SSH URL will be outputted inside the action logs and as a check in the corresponding GitHub run. Action-Debugger will keep the action paused on the step until a user connects and exits that session. ![Getting URL from GitHub Checks](./img/action-debugger/url.gif) Below are some additional features of the action that might come in handy while debugging. ### Security By default, if the GitHub user that triggers the action has added SSH keys to their account, then only they would be allowed to connect to the session. **_Otherwise, anyone on the internet would be able to connect to that session, if they have/guess the generated SSH URL._** However, this can be forced as well by setting the option `limit-access-to-actor` to `true`. ```yaml name: CI on: [push] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup interactive ssh session uses: Warpbuilds/action-debugger@v1.3 with: limit-access-to-actor: true ``` ### Only pause on failure This will make Action-Debugger pause the workflow execution only when any of the previous steps fail. ```yaml name: CI on: [push] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup interactive ssh session if: ${{ failure() }} uses: Warpbuilds/action-debugger@v1.3 ``` ### Run in detached mode The default behavior of Action-Debugger is to pause the workflow as it is invoked. The workflow resumes after the SSH session is ended by the user. When setting `detached` as `true`, all the steps of the workflow will execute as normal and then the action will be paused at the end of the job. ```yaml name: CI on: [push] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup interactive ssh session uses: Warpbuilds/action-debugger@v1.3 with: detached: true ``` ### Timeouts A custom timeout can be specified to close the SSH session automatically after the specified time. By default, GitHub Actions kills workflows after 6 hours. We recommend setting a default timeout as the runner minutes are billed when the debug session is running. Accidentally leaving an action running might incur unexpected costs. ```yaml name: CI on: [push] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup interactive ssh session uses: Warpbuilds/action-debugger@v1.3 timeout-minutes: 15 ``` ### Deterministic SSH URLs (Named sessions) (This feature requires an API key from WarpBuild. Please contact WarpBuild Support.) SSH URLs produced by the Action-Debugger are long random strings which are uniquely generated every time an action is run. This is to keep anyone from guessing the string and connecting to the runner machine. However, there can be cases where you want to keep the URL same across action runs. This can be achieved using named sessions. Just input `named-session-name` and `named-session-api-key`, and the action will always generate the SSH URL in the form of `/@gha.warp.build`. Make sure that `limit-access-to-actor` is set to `true` for named sessions. ```yaml name: CI on: [push] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup interactive ssh session uses: Warpbuilds/action-debugger@v1.3 with: limit-access-to-actor: true named-session-name: random-string-2345ab named-session-api-key: ``` ### Troubleshooting ### SSH URL is not appearing in checks of my action run To create a check in the repo, Action-Debugger requires write permission to the checks scope. Please make sure that `read and write permissions` are enabled in `Workflow permissions`. This may need to be set at the organization level instead of the repository level. ![GitHub workflow permissions](./img/action-debugger/github-workflow-settings.png) More info about these permissions can be found here: [GitHub token permissions](https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization) ### I'm seeing a blank screen when I connect to the SSH session This is likely because of `tmux`. `ctrl+c` will drop you into a shell. However, this may disable the multiplexing feature of `tmux`. ### Acknowledgement This project owes much to the great work done by [tmate.io](https://tmate.io). --- # Tools URL: https://www.warpbuild.com/docs/ci/tools Description: Tools to improve build engineering efficiency by WarpBuild --- title: "Tools" excerpt: "Tools by WarpBuild" description: "Tools to improve build engineering efficiency by WarpBuild" icon: Wrench createdAt: "2023-11-07" updatedAt: "2024-07-23" --- In our mission to make build engineering more efficient, we have developed a number of tools to help us and our customers. We are making these tools available to the community to help improve build engineering efficiency. ## Action-Debugger [Action-Debugger](/docs/ci/tools/action-debugger) is a tool that allows you to debug your GitHub Actions. --- # Architecture URL: https://www.warpbuild.com/docs/ci/byoc/aws/architecture Description: Architecture and security --- title: "Architecture" excerpt: "Architecture and security" description: "Architecture and security" hidden: false sidebar_position: 3 slug: "/byoc/aws/architecture" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- ## Architecture Here are the high level details of the architecture: ![Architecture Diagram](./img/architecture/architecture.png)
Mermaid diagram ```yaml graph TD Internet((Internet)) IGW[Internet Gateway] VPC[VPC] PublicSubnet[Public Subnet] PrivateSubnet[Private Subnet] EC2[EC2 Instances] S3[S3 Bucket] S3GW[S3 Gateway Endpoint] SG[Security Group] NATGW[NAT Gateway
Static IP] PublicRT[Public Route Table] PrivateRT[Private Route Table] Internet --> IGW IGW --> VPC VPC --> PublicSubnet VPC --> PrivateSubnet PublicSubnet --> EC2 PrivateSubnet --> EC2 VPC --> S3GW S3GW --> S3 SG -.-> EC2 NATGW --> Internet PrivateSubnet --> NATGW PublicRT -.-> PublicSubnet PrivateRT -.-> PrivateSubnet ```
Ensure the recommendations from the [Configuration and best practices](/docs/ci/byoc/aws/config) are followed for secure and robust infrastructure. For detailed security hardening guidance - including network isolation, least-privilege instance profiles, and inter-instance communication controls - see the [Security Hardening](/docs/ci/byoc/aws/security) guide. --- # Config URL: https://www.warpbuild.com/docs/ci/byoc/aws/config Description: Configuration and best practices for setting up AWS with WarpBuild --- title: "Config" excerpt: "Configuration and best practices for setting up AWS with WarpBuild" description: "Configuration and best practices for setting up AWS with WarpBuild" hidden: false sidebar_position: 1 slug: "/byoc/aws/config" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- ## Prerequisites Here's a checklist of things to have setup on AWS when getting started: ### ✅ Cloudformation permissions User must be able to run a cloudformation stack. WarpBuild provisions an IAM role and requires these [permissions](#permissions). ### ✅ VPC and subnets The VPC must have at least one public and private subnet. The subnets must have internet connectivity. The private subnets must have a NAT gateway. Runners with static IPs will have the IPs of the NAT gateway as the external IP addresses. Recommendations: 1. Have three public and private subnets in different availability zones. This maximizes the availability of instance types and robustness. 1. Each subnet must have enough IPs to accommodate the maximum number of runners you want to run concurrently. The minimum recommended number of IPs per subnet is 250. ### ✅ Security groups Security groups act as a virtual firewall for your EC2 instances. For WarpBuild: 1. Create a security group that blocks all inbound traffic. This is to ensure that no unauthorized access to the runners is possible. 1. Ensure outbound traffic is allowed to all destinations. This can be finetuned per your organization's security policy, but needs to allow runners to connect to the WarpBuild servers, Github API, and other locations (like package managers). The security group is attached to all runner instances launched within the stack. In **create mode**, it is provisioned by the CloudFormation template. In **import mode**, you select an existing security group when creating the stack. For advanced security group hardening (blocking inter-instance traffic, restricting egress), see [Security Hardening](/docs/ci/byoc/aws/security). ### ✅ Network Routes For optimal network routing in your WarpBuild setup: 1. Configure your VPC route tables to direct internet-bound traffic through the Internet Gateway. 1. Ensure proper routes are in place for outbound internet access for NAT Gateways in private subnets. 1. Optionally, block all access between instances in the same subnet. Runner instances can be isolated and do not need to communicate with each other. 1. Optionally, consider implementing VPC peering or AWS Transit Gateway. This is a simple and secure way to access services in other VPCs, accounts or private subnets. ### ✅ `s3` bucket 1. Setup an `s3` gateway endpoint for the VPC to allow the runners to connect to the `s3` bucket without incurring data transfer charges. 1. Ensure the `s3` bucket is in the same region as the CI stack created. 1. The `s3` bucket is used for: - Cache: `//artifact_cache/////` - Telemetry: `/runner/logs/all/.` Setup the `s3` lifecycle policy for managing the cache and telemetry data according to your organization's policy. 7 days retention is recommended. ### ✅ ECR (Elastic Container Registry) WarpBuild automatically configures VPC endpoints for ECR operations from both public and private subnet runners. **Important Notes:** - Stacks created with CloudFormation template versions prior to v1.4 may experience ECR authentication failures (ecr login timing out issues) for runners in public subnets. - If you encounter ECR login issues with public subnet runners, upgrade your stack to template v1.4 via the WarpBuild dashboard. For more details on ECR VPC endpoints, refer to the [AWS ECR VPC Endpoints documentation](https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html). ### ✅ Quotas Ensure that there are enough IPs, EBS volume capacity, and vCPUs available in the region for the selected instance types. ## Cloud Connection Creating a cloud connection sets up an IAM role with the permissions required by WarpBuild Stacks and runners. ### Permissions
Expand to see the IAM role permissions ```yaml Policies: - PolicyName: "FineGrainedEC2Permissions" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "ec2:DescribeInstanceTypes" - "ec2:DescribeInstanceTypeOfferings" - "ec2:DescribeInstances" - "ec2:RunInstances" - "ec2:CreateFleet" - "ec2:RequestSpotInstances" - "ec2:CancelSpotInstanceRequests" - "ec2:DescribeSpotInstanceRequests" - "ec2:DescribeSpotPriceHistory" - "ec2:CreateLaunchTemplate" - "ec2:DeleteLaunchTemplate" - "ec2:ModifyLaunchTemplate" - "ec2:TerminateInstances" - "ec2:CreateImage" - "ec2:DeregisterImage" - "ec2:DescribeImages" - "ec2:CreateTags" - "ec2:DeleteTags" Resource: "*" - PolicyName: "SpotServiceLinkedRolePermissions" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "iam:CreateServiceLinkedRole" - "iam:DeleteServiceLinkedRole" - "iam:GetServiceLinkedRoleDeletionStatus" - "iam:AttachRolePolicy" - "iam:PutRolePolicy" - "iam:PassRole" Resource: "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" - PolicyName: "NetworkPermissions" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "ec2:DescribeRegions" - "ec2:DescribeVpcs" - "ec2:DescribeSubnets" - "ec2:DescribeRouteTables" - "ec2:DescribeSecurityGroups" - "ec2:DescribeInternetGateways" - "ec2:CreateVpcEndpoint" - "ec2:DeleteVpcEndpoints" Resource: "*" - PolicyName: "StoragePermissions" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "ec2:CreateSnapshot" - "ec2:DeleteSnapshot" - "ec2:DescribeSnapshots" - "s3:ListBucket" - "s3:GetBucketLocation" - "s3:PutLifecycleConfiguration" - "s3:GetLifecycleConfiguration" - "s3:DeleteObject" - "s3:PutObject" - "s3:GetObject" - "s3:CreateBucket" - "s3:DeleteBucket" - "s3:ListBucketVersions" - "s3:ListBucketMultipartUploads" - "s3:AbortMultipartUpload" - "s3:PutObjectAcl" - "s3:GetObjectAcl" - "s3:PutBucketAcl" - "s3:GetBucketAcl" - "s3:PutBucketPolicy" - "s3:GetBucketPolicy" - "s3:DeleteBucketPolicy" Resource: "*" ```
Updates may be required to the IAM role if new permissions are required to the WarpBuild Stacks and runners for new features. ### Permission Customization If you need to customize the permissions for your specific requirements, there are two approaches available: 1. **Modify CloudFormation Template**: Modify the CloudFormation template on the AWS redirect page before applying the connection role creation stack. 2. **Modify Role After Creation**: Modify the permissions for the created role after it's provisioned. The role follows the format: `warpbuild-`. You can use the `managed-by: warpbuild` tag to control access to WarpBuild-managed resources using [AWS IAM tag-based access control](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). ### Default Policy Contexts The IAM permissions are organized into the following policy contexts: - **FineGrainedEC2Permissions, SpotServiceLinkedRolePermissions**: Used to launch JIT (Just-In-Time) runners, spot permissions, instance types and offerings available to account/region/AZ for launching runners, create custom runner configurations, launch templates, describe instances using `Name` tag, and attach roles to runners. - **NetworkPermissions**: Permissions used to support stack creation (import mode). List region is also used in create mode. - **StoragePermissions**: Used for runner flow with WarpBuild cache action and pushing runner system logs. Also used to support stack creation (import mode). - **CloudFormationPermissions**: To initiate CloudFormation stack changeset requests to connection and stacks (create mode) upgrades. ## Resource Naming Conventions WarpBuild follows consistent naming patterns for AWS resources: | Resource Type | Naming Pattern | | ---------------- | ------------------ | | S3 Buckets | `warpbuild-*` | | EC2 Instances | `warp-*` | | EBS Volumes | `warp-*` | | Launch Templates | `tmpl-warp-*` | ## Stack ![Create Stack](./img/config/create-stack.png) Creating a stack imports the infra configuration provided and uses the `s3` bucket for cache and telemetry. The stack name, `s3` bucket, and region cannot be changed after creation. ### Tags Users can specify custom tags. Tags provided here are added to all resources created by the stack. These can be used for cost attribution and resource management. WarpBuild automatically adds the `managed-by: warpbuild` tag to all provisioned resources. For WarpBuild stack resources, this tagging is available starting from version 1.3 in create mode, while runners are tagged in all cases. By default, the following tags are added to all resources created by the stack: | key | value | | ----------------------- | --------------------------------------- | | warpbuild-managed-by | warpbuild | | Name | `{runner-id}` | | warpbuild-github-org | `{github-org}` | | warpbuild-runner-labels | `{runner-label1}, {runner-label2}, ...` | | warpbuild-runner-id | `{runner-id}` | | warpbuild-stack-id | `{stack-id}` | | warpbuild-stack-name | `{stack-name}` | ## Attach IAM roles You can specify IAM roles to attach to the runner instances. This is useful if you want to use a custom IAM role with specific permissions. The instance profile is configured at the **runner level** (Custom Runner configuration > Instance Profile ARN). Each runner can have its own instance profile, allowing you to scope permissions per workload type. This is very useful when runners need to have fine-grained permissions to access specific AWS resources. More details on how to attach IAM roles to the runners can be found [here](./instance-profile.mdx). ## Custom Runners ![Custom Runners](./img/config/create-custom-runner.png) 1. Spot instances are useful for short jobs that can be interrupted and can lead to significant (~70%) cost savings. 1. One or more instance types in priority order can be chosen. The Github workflow uses a single runner label but picks the instance type based on availability. 1. The minimum disk configurations are: - Size: `100GB` - Throughput: `125MBps` - IOPS: `3000` ### Set Instance Metadata Service Version 2 (IMDS v2) to required Both IMDS v1 and v2 are supported for interacting with the metadata service by default. You can switch your runners to only use IMDS v2. To do so, go to the Update Runner page > 'Runner Specs' Section > Set 'Require IMDSv2' to selected. This configuration is also available when creating the runner. More details on IMDS can be found [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html). ![IMDSv2 Required](./img/config/imdsv2.png) ### Best practices: 1. Use multiple instance types, especially when using spot instances to ensure availability and jobs aren't stuck in queue. 1. When using multiple instance types, choose instance types that are similar in price and performance. 1. Choose a minimum disk configuration of: - Size: `150GB` - Throughput: `400MBps` - IOPS: `4000` ### Windows Runners Minimum Infrastructure Requirements For Windows Server 2022 x86-64 runners on AWS, the following minimum infrastructure requirements are recommended: - **Instance Type**: At least 8x vCPU (m7a series recommended) - **Disk Configuration**: - IOPS: `6000` - Throughput: `500 MBps` These requirements ensure optimal performance for Windows-based CI/CD workloads and provide sufficient resources for typical Windows build and test scenarios. ## Security Hardening For detailed guidance on hardening your BYOC AWS stack - including network isolation, least-privilege instance profiles, and inter-instance communication controls - see the [Security Hardening](/docs/ci/byoc/aws/security) guide. ### Coming Soon - Instances with LocalSSD --- # AWS URL: https://www.warpbuild.com/docs/ci/byoc/aws Description: Github actions runners on your AWS account, managed by WarpBuild --- title: "AWS" excerpt: "Github actions runners on your AWS account, managed by WarpBuild" description: "Github actions runners on your AWS account, managed by WarpBuild" hidden: false sidebar_position: 1 slug: "/byoc/aws" createdAt: "2024-07-23" updatedAt: "2024-07-23" --- Connect your AWS account to WarpBuild to run Github Actions runners. Enable Github Actions workflows to run on your own infrastructure and save 90% on your build costs. ## Quotas The runner resources are created in the BYOC AWS account. To function correctly, here are some guidelines on the `additional` quotas required, per stack. We assume that the number of concurrently running jobs is `$CON`, say 1000. | Resource | Quota | Notes | URL | | ------------- | ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | | EC2 Instances | `$CON` \* `vCPU per Job` | Adjust for instance type, spot, and on-demand instances | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/ec2/quotas) | | EBS Volumes | `$CON` \* `DISK_TB` | Adjust provisioned IOPS if needed. | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/ebs/quotas/L-7A658B76) | | Elastic IPs | 3 + `$CON` | 3 static Elastic IP are required for NAT gateways in 3 AZs.
One EIP is attached to each concurrently running job. | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-0263D0A3) | | S3 Buckets | 1 | The same bucket is used for artifact cache, container layer caches, and telemetry data. | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/s3/quotas) | | NAT Gateways | 3 | One per availability zone | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/vpc/quotas/L-FE5A380F) | | VPCs | 1 | One VPC is needed | [Adjust Quota](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/vpc/quotas/L-F678F1CE) | The quotas need to be applied to the region where the stack is created. Change the region in the AWS console while editing the quotas. This is not an exhaustive list. Please reach out to [support@warpbuild.com](mailto:support@warpbuild.com) for any questions or reach out on chat. ## Windows Support Windows Server 2022 x86-64 runners are supported on AWS. These don't support Hyper-V features like the Azure equivalent instances since AWS uses a different hypervisor. For a full list of tools, refer the [preinstalled software page](/docs/ci/preinstalled-software#windows-server-2022-x86-64) ## Resources: - [Configuration and best practices](/docs/ci/byoc/aws/config) - [Architecture and security](/docs/ci/byoc/aws/architecture) --- # Instance Profile URL: https://www.warpbuild.com/docs/ci/byoc/aws/instance-profile Description: Attach IAM Instance Profile to EC2 runners --- title: "Instance Profile" excerpt: "Attach IAM Instance Profile to EC2 runners" description: "Attach IAM Instance Profile to EC2 runners" hidden: false sidebar_position: 2 slug: "/byoc/aws/instance-profile" createdAt: "2025-01-19" updatedAt: "2025-01-19" --- ## Prerequisites Here's a checklist of things to have setup on AWS when getting started: ### ✅ AWS IAM Instance Profile Create an IAM instance profile and role attached to the instance profile. Here's how: - [AWS EC2 IAM roles](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) - [AWS IAM Instance Profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) ### ✅ Warpbuild Integration IAM role name Fetch the IAM role name from the WarpBuild connection page for the runner. [WarpBuild Connections](https://app.warpbuild.com/dashboard/byoc) WarpBuild Role Name Format: `warpbuild-` ## Setup Permissions Execute the below command to grant the `iam.PassRole` permission to the `warpbuild-` role. ```bash aws iam put-role-policy \ --role-name \ --policy-name PassRolePolicy \ --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "", "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } } ] }' ``` To verify the policy is attached, run the below command: ```bash aws iam simulate-principal-policy \ --policy-source-arn \ --action-names iam:PassRole \ --resource-arns \ --context-entries ContextKeyName=iam:PassedToService,ContextKeyType=string,ContextKeyValues=ec2.amazonaws.com ``` ## Attach IAM roles to the runners Use the Instance Profile ARN in the Custom Runner configuration to attach the profile to your runners. Each runner can have its own instance profile, allowing you to scope permissions per workload type. --- # Security Hardening URL: https://www.warpbuild.com/docs/ci/byoc/aws/security Description: Security hardening best practices for AWS BYOC stacks --- title: "Security Hardening" excerpt: "Security hardening best practices for AWS BYOC stacks" description: "Security hardening best practices for AWS BYOC stacks" hidden: false sidebar_position: 4 slug: "/byoc/aws/security" createdAt: "2026-05-01" updatedAt: "2026-05-01" --- ## Security Model WarpBuild BYOC on AWS is designed with workload isolation at its core: - **Ephemeral instances**: Each CI job runs on a distinct, freshly provisioned EC2 instance that is terminated after the job completes. There is no shared state or cross-contamination between jobs. - **User-controlled permissions**: The permissions available to runner instances are exactly what you choose to provide via security groups and IAM roles/instance profiles. WarpBuild does not inject additional permissions into runner workloads. The WarpBuild stack (created via CloudFormation) provisions networking infrastructure (VPC, subnets, security groups, VPC endpoints) and an S3 bucket. All IAM permissions for runner workloads are managed independently by you through [instance profiles](/docs/ci/byoc/aws/instance-profile). ## Current Stack Security Posture The default CloudFormation stack creates: | Resource | Default Configuration | | --- | --- | | **Security Group** | All egress allowed (`0.0.0.0/0`); ingress allowed from VPC subnet CIDRs only | | **VPC Endpoints** | S3 (gateway), ECR API and ECR Docker (image pulls) as interface endpoints - traffic stays within AWS network | | **S3 Bucket** | Used for WarpBuild cache data | | **Subnets** | Public subnets with optional private subnets + NAT gateways for static egress IPs | | **Network ACLs** | Default VPC NACLs (allow all) - customize these for additional controls | The security group attached to runner instances is defined at the stack level. In **create mode**, the security group is provisioned automatically by the CloudFormation template. In **import mode**, you select an existing security group when creating the stack. ## Best Practices for Tighter Controls ### 1. Use a dedicated VPC or AWS account Isolate your CI workloads from production infrastructure by deploying the WarpBuild stack in: - A **separate VPC** within the same account, or - A completely **separate AWS account** dedicated to CI/CD This limits the blast radius if a runner is compromised and simplifies audit boundaries. Use [AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html) to manage cross-account access where needed. ### 2. Block all inbound connections CI runners do not need to accept inbound connections - not even from within the VPC. The default WarpBuild security group allows ingress from VPC subnet CIDRs, but for tighter controls you should block all inbound traffic entirely: - Remove all inbound rules from the runner security group. - Do not attach security groups that allow `0.0.0.0/0` or VPC CIDR inbound. - If using import mode, create a security group with **no inbound rules**: ```json { "InboundRules": [], "OutboundRules": [ { "IpProtocol": "-1", "Destination": "0.0.0.0/0", "Description": "Allow all outbound" } ] } ``` VPC endpoints (S3, ECR) will continue to function with outbound-only rules since runners initiate the connections. ### 3. Disallow inter-instance communication Runner instances do not need to communicate with each other. To prevent lateral movement: - Use **Network ACLs** on your subnets to deny traffic between instances within the same subnet. Since each runner gets a unique IP, you can use NACLs to restrict intra-subnet traffic while still allowing traffic to VPC endpoints and NAT gateways. - Alternatively, create a more restrictive security group that only allows egress to `0.0.0.0/0` and ingress exclusively from VPC endpoint ENIs (rather than the full subnet CIDR). Refer to [AWS Network ACLs documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) for configuration details. ### 4. Restrict outbound traffic While runners need outbound internet access, you can tighten egress rules. The following outbound access is **required** for runners to function: - `api.warpbuild.com` - WarpBuild control plane (runner registration and lifecycle) - `api.github.com`, `github.com` - GitHub API and Git operations S3 access for cache is routed through the S3 VPC gateway endpoint provisioned by the stack. Runner telemetry requires outbound HTTPS access to Warpbuild AWS S3. Additionally, allow access to any package manager registries or external services your builds depend on. ### 5. Attach least-privilege instance profiles Instance profiles define what AWS resources your runner workloads can access. Attach an instance profile with only the permissions your CI jobs need. #### Setting up an instance profile An instance profile is configured at the **runner level** in the WarpBuild dashboard (Custom Runner configuration > Instance Profile ARN). Each runner can have its own instance profile, allowing you to scope permissions per workload type. #### Example: Least-privilege policy for ECR push If your CI jobs only need to push images to a specific ECR repository: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:PutImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload" ], "Resource": "arn:aws:ecr:::repository/" } ] } ``` #### Example: Least-privilege policy for S3 artifact upload If your CI jobs need to upload artifacts to a specific S3 bucket: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/*" ] } ] } ``` #### Creating the instance profile 1. Create an IAM role with the desired policy: ```bash aws iam create-role \ --role-name ci-runner-role \ --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" } ] }' ``` 2. Attach your least-privilege policy to the role: ```bash aws iam put-role-policy \ --role-name ci-runner-role \ --policy-name ci-runner-policy \ --policy-document file://policy.json ``` 3. Create the instance profile and add the role: ```bash aws iam create-instance-profile \ --instance-profile-name ci-runner-profile aws iam add-role-to-instance-profile \ --instance-profile-name ci-runner-profile \ --role-name ci-runner-role ``` 4. Grant `iam:PassRole` to the WarpBuild connection role (see [Instance Profile setup](/docs/ci/byoc/aws/instance-profile) for details): ```bash aws iam put-role-policy \ --role-name \ --policy-name PassRolePolicy \ --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam:::role/ci-runner-role", "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } } ] }' ``` For more details, refer to: - [AWS IAM Roles for EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) - [AWS IAM Instance Profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) - [AWS IAM Best Practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) ### 6. Enable IMDSv2 Require Instance Metadata Service Version 2 (IMDSv2) to protect against SSRF attacks that attempt to steal instance credentials. This can be enabled per-runner in the WarpBuild dashboard (Runner Specs > Require IMDSv2). See [IMDS configuration](/docs/ci/byoc/aws/config#set-instance-metadata-service-version-2-imds-v2-to-required) for setup instructions. ## Security Checklist Use this checklist to verify your BYOC AWS stack follows security best practices: - [ ] Stack deployed in a dedicated VPC or AWS account - [ ] Security group blocks all inbound traffic (except VPC endpoint connectivity) - [ ] No security group rules allowing `0.0.0.0/0` inbound - [ ] Inter-instance communication disabled via NACLs or security group rules - [ ] Outbound traffic restricted to required destinations - [ ] Instance profile attached with least-privilege permissions - [ ] IMDSv2 required on all runners - [ ] S3 bucket lifecycle policies configured for cache expiry - [ ] VPC endpoint policies scoped to required resources - [ ] Tags configured for cost attribution and access control (`managed-by: warpbuild`) --- # Config URL: https://www.warpbuild.com/docs/ci/byoc/azure/config Description: Configuration and best practices for setting up Azure with WarpBuild --- title: "Config" excerpt: "Configuration and best practices for setting up Azure with WarpBuild" description: "Configuration and best practices for setting up Azure with WarpBuild" hidden: false sidebar_position: 1 slug: "/byoc/azure/config" createdAt: "2024-11-07" updatedAt: "2024-11-07" --- ## Prerequisites: Permissions User must have [Privileged Role Administrator](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal#prerequisites) for setup. ## Cloud Connection ![Create Connection](./img/config/create-connection.png) Creating a cloud connection sets up a consent for Warpbuild CI Enterprise application with the permissions required by WarpBuild to manage runners. Provide the tenant ID and subscription ID to verify the connection after the consent and permission configuration (arm deployment) is complete ## Stack ![Create Stack](./img/config/create-stack.png) Creating a stack creates the infra configuration provided and uses the `storage account and container` for cache and telemetry. ![Create Stack](./img/config/create-stack-pending.png) The stack name, `storage account and container`, and region cannot be changed after creation. ## Custom Runners ![Custom Runners](./img/config/create-custom-runner.png) 1. Spot instances are useful for short jobs that can be interrupted and can lead to significant (~70%) cost savings. 2. One or more instance types in priority order can be chosen. The Github workflow uses a single runner label but picks the instance type based on availability. 3. The minimum disk configurations are: - Size: `256GB` ### Best practices: 1. Choose a minimum disk configuration of: - Size: `P20` Throughput and IOPS automatically managed by Azure. Refer: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#premium-ssd-size ## Limitations 1. BYOC Azure does not support import flow for stack creation. 2. Snapshot-based runners are not available for BYOC Azure. 3. BYOC Azure currently only enabled for East US. For adding more regions, please reach out to support@warpbuild.com. ## Coming Soon - Resource tagging --- # Azure URL: https://www.warpbuild.com/docs/ci/byoc/azure Description: Github actions runners on your Azure Subscription, managed by WarpBuild --- title: "Azure" excerpt: "Github actions runners on your Azure Subscription, managed by WarpBuild" description: "Github actions runners on your Azure Subscription, managed by WarpBuild" hidden: false sidebar_position: 3 slug: "/byoc/azure" createdAt: "2024-11-07" updatedAt: "2024-11-07" --- Connect your Azure Subscription to WarpBuild to run Github Actions runners. Enable Github Actions workflows to run on your own infrastructure and save 90% on your build costs. ## Quotas The runner resources are created in the BYOC Azure Subscription. To function correctly, here are some guidelines on the `additional` quotas required, per stack. We assume that the number of concurrently running jobs is `$CON`, say 1000. | Resource | Quota | Notes | URL | |-----------------------------------------|--------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------| | CPU | `$CON` * `vCPU per Job` | Adjust for machine type, preemptible, and on-demand instances | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | Persistent Disks | `$CON` * `DISK_TB` | Adjust provisioned IOPS if needed. | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | In-use regional external IPv4 addresses | 3 + `$CON` | 1 static IP is required for NAT in a stack.
One static IP is attached to each concurrently running job. | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | Object Storage | 1 | The same storage container is used for artifact cache, container layer caches, and telemetry data. | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | NAT | 3 | One per stack | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | Networks | 1 | One Network (Vnet) is needed | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | | Subnetworks | 2 | One public and private subnetwork is needed per stack. | [View and Adjust Quota](https://portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade/~/overview) | The quotas need to be applied to the region where the stack is created. Change the region in the Azure console while editing the quotas. This is not an exhaustive list. Please reach out to [support@warpbuild.com](mailto:support@warpbuild.com) for any questions or reach out on chat. ## Resources: - [Configuration and best practices](/docs/ci/byoc/azure/config) --- # Config URL: https://www.warpbuild.com/docs/ci/byoc/gcp/config Description: Configuration and best practices for setting up GCP with WarpBuild --- title: "Config" excerpt: "Configuration and best practices for setting up GCP with WarpBuild" description: "Configuration and best practices for setting up GCP with WarpBuild" hidden: false sidebar_position: 1 slug: "/byoc/gcp/config" createdAt: "2024-10-08" updatedAt: "2024-10-08" --- ## Prerequisites Here's a checklist of things to have setup on your GCP Project when getting started: ### ✅ Associate billing account The GCP project must be associated to a billing account for it to used. Use the link: https://console.cloud.google.com/billing/linkedaccount to check if your project is linked to a billing account. Make sure to choose your project from the project dropdown in GCP console. ### ✅ Enable services WarpBuild requires the following services be enabled before initiating a cloud connect. Make sure to choose your project from the project dropdown in GCP console. | Service | Purpose | Link | | ---------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | | Cloud Storage API | Used for caches and storing telemetry | [Enable](https://console.cloud.google.com/apis/api/storage.googleapis.com) | | IAM Service Account Credentials API | Generates short lived tokens through our service account to your project specific service account | [Enable](https://console.cloud.google.com/apis/api/iamcredentials.googleapis.com) | | Identity and Access Management (IAM) API | Creates service account for access management in your project | [Enable](https://console.cloud.google.com/apis/api/iam.googleapis.com) | | Cloud Deployment Manager V2 API | Creates cloud integrations and stacks using deployment manager for easier versioning | [Enable](https://console.cloud.google.com/apis/api/deploymentmanager.googleapis.com) | | Compute Engine API | Used for runner lifecycle management | [Enable](https://console.cloud.google.com/apis/api/compute.googleapis.com) | | Cloud Resource Manager API | Used for resource tagging and management | [Enable](https://console.cloud.google.com/apis/api/cloudresourcemanager.googleapis.com) | ### Permissions Users should have permissions to create the resources for cloud integration and stack. The following roles should be associated with the user: - [Security Admin](https://cloud.google.com/iam/docs/understanding-roles#iam.securityAdmin) - [Storage Admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) - [Deployment Manager Editor](https://cloud.google.com/iam/docs/understanding-roles#deploymentmanager.editor) - [Compute Admin](https://cloud.google.com/iam/docs/understanding-roles#compute.admin) ## Cloud Connection Creating a cloud connection sets up a service account role with the permissions required by WarpBuild Stacks and runners. This SA can be impersonated by WarpBuild's service account to generate short lived tokens which we use for access. ## Stack ![Create Stack](./img/config/create-stack.png) Creating a stack creates the infra configuration provided and uses the `cloud storage bucket` for cache and telemetry. ![Create Stack](./img/config/create-stack-pending.png) The stack name, `cloud storage bucket`, and region cannot be changed after creation. ## Custom Runners ![Custom Runners](./img/config/create-custom-runner.png) 1. Spot instances are useful for short jobs that can be interrupted and can lead to significant (~70%) cost savings. 2. One or more instance types in priority order can be chosen. The Github workflow uses a single runner label but picks the instance type based on availability. 3. The minimum disk configurations are: - Size: `100GB` ### Disk types The following disk types are available for GCP BYOC runners: | Disk Type | IOPS | Throughput | Notes | | --- | --- | --- | --- | | `pd-balanced` | Managed by GCP | Managed by GCP | Default. Good balance of price and performance. | | `pd-ssd` | Managed by GCP | Managed by GCP | Higher baseline performance than `pd-balanced`. | | `pd-standard` | Managed by GCP | Managed by GCP | Lowest cost, suitable for non-I/O-intensive workloads. | | `hyperdisk-balanced` | 3,000 – 160,000 | 140 – 2,400 MiB/s | Provisioned IOPS and throughput. Best for I/O-heavy CI workloads. | | `hyperdisk-extreme` | 300 – 350,000 | N/A | Provisioned IOPS only. Highest IOPS ceiling for extreme workloads. | For `pd-*` disk types, throughput and IOPS are automatically managed by GCP based on disk size. Refer: https://cloud.google.com/compute/docs/disks/performance For `hyperdisk-*` disk types, you configure provisioned IOPS (and throughput for `hyperdisk-balanced`) directly in the runner creation UI. ### Best practices: 1. Use multiple instance types, especially when using spot instances to ensure availability and jobs aren't stuck in queue. 2. When using multiple instance types, choose instance types that are similar in price and performance. 3. Choose a minimum disk configuration of: - Size: `150GB` 4. For I/O-heavy workloads (large builds, container image operations, heavy test suites), use `hyperdisk-balanced` with a starting configuration of IOPS: `3000` and Throughput: `140 MiB/s`, then scale up based on observed performance. 5. When using Hyperdisk types, ensure your GCP project has sufficient [Hyperdisk IOPS and throughput quotas](https://cloud.google.com/compute/docs/disks/hyperdisks#quotas) in the stack region. ## Limitations 1. BYOC GCP does not support import flow for stack creation. 4. Snapshot-based runners are not available for BYOC GCP. ## Coming Soon - Instances with LocalSSD - Resource tagging --- # GCP URL: https://www.warpbuild.com/docs/ci/byoc/gcp Description: Github actions runners on your GCP project, managed by WarpBuild --- title: "GCP" excerpt: "Github actions runners on your GCP project, managed by WarpBuild" description: "Github actions runners on your GCP project, managed by WarpBuild" hidden: false sidebar_position: 2 slug: "/byoc/gcp" createdAt: "2024-10-08" updatedAt: "2024-10-08" --- Connect your GCP project to WarpBuild to run Github Actions runners. Enable Github Actions workflows to run on your own infrastructure and save 90% on your build costs. ## Quotas The runner resources are created in the BYOC GCP project. To function correctly, here are some guidelines on the `additional` quotas required, per stack. We assume that the number of concurrently running jobs is `$CON`, say 1000. | Resource | Quota | Notes | URL | | --------------------------------------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | | CPU | `$CON` \* `vCPU per Job` | Adjust for machine type, preemptible, and on-demand instances | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | Persistent Disks | `$CON` \* `DISK_TB` | When using Hyperdisk types, also adjust provisioned IOPS and throughput quotas. See [Hyperdisk quotas](https://cloud.google.com/compute/docs/disks/hyperdisks#quotas). | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | In-use regional external IPv4 addresses | 3 + `$CON` | 1 static IP is required for cloud NAT in a stack.
One static IP is attached to each concurrently running job. | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | Cloud Storage | 1 | The same bucket is used for artifact cache, container layer caches, and telemetry data. | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | Cloud NAT | 3 | One per stack | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | Networks | 1 | One Network (VPC) is needed | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | | Subnetworks | 2 | One public and private subnetwork is needed per stack. | [Adjust Quota](https://console.cloud.google.com/iam-admin/quotas) | The quotas need to be applied to the region where the stack is created. Change the region in the GCP console while editing the quotas. This is not an exhaustive list. Please reach out to [support@warpbuild.com](mailto:support@warpbuild.com) for any questions or reach out on chat. ## Troubleshooting Ensure that the bucket name is globally unique. Else, you may see an error like this: ```bash (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1732573114216-627c41d05312d-c4e57059-xxxx]: errors: - code: RESOURCE_ERROR location: /deployments/xxxx/resources/ message: "{\"ResourceType\":\"storage.v1.bucket\",\"ResourceErrorCode\":\"403\"\ ,\"ResourceErrorMessage\":{\"code\":403,\"errors\":[{\"domain\":\"global\",\"\ message\":\"xxxxx@cloudservices.gserviceaccount.com does not have storage.buckets.get\ \ access to the Google Cloud Storage bucket. Permission 'storage.buckets.get'\ \ denied on resource (or it may not exist).\",\"reason\":\"forbidden\"}],\"message\"\ :\"xxxxx@cloudservices.gserviceaccount.com does not have storage.buckets.get\ \ access to the Google Cloud Storage bucket. Permission 'storage.buckets.get'\ \ denied on resource (or it may not exist).\",\"statusMessage\":\"Forbidden\"\ ,\"requestPath\":\"https://storage.googleapis.com/storage/v1/b/\"\ ,\"httpMethod\":\"GET\",\"suggestion\":\"Consider granting permissions to 300580948756@cloudservices.gserviceaccount.com\"\ }}" ``` ## Resources: - [Configuration and best practices](/docs/ci/byoc/gcp/config) --- # Attach Service Account URL: https://www.warpbuild.com/docs/ci/byoc/gcp/service-account Description: Attach custom service account to GCE runners to give them default access --- title: "Attach Service Account" excerpt: "Attach custom service account to GCE runners" description: "Attach custom service account to GCE runners to give them default access" hidden: false sidebar_position: 2 slug: "/byoc/gcp/service-account" createdAt: "2025-05-01" updatedAt: "2025-05-01" --- ## Prerequisites ### Configure gcloud This doc contains gcloud commands to help you setup the resources. Login to google cloud using and follow the gcloud steps. ``` gcloud login ``` Configure gcloud with the GCP project ID ``` gcloud config set project ``` ### Service Account Create a [service account](https://cloud.google.com/iam/docs/service-account-overview) to attach directly to GCE if you haven't already. ```bash gcloud iam service-accounts create "instance-sa" \ --display-name="Instance Service Account" \ ``` Set the service account as `SA_EMAIL` in your current terminal. We'll refer the above created service account as `SA_EMAIL` at all further points. ```bash export SA_EMAIL= ``` WarpBuild must have permissions to pass this service account to the runners that we spin up. For this you must establish a policy. ```bash gcloud iam service-accounts add-iam-policy-binding "${SA_EMAIL}" \ --member="serviceAccount:${CREATOR_SA}" \ --role="roles/iam.serviceAccountUser" ``` The `CREATOR_SA` here is the service account we use to spin up the runners. You can find this in your [BYOC](https://app.warpbuild.com/ci/byoc) page. ### Attach additional service account policies Right now our service account doesn't have any permissions which can be used to go keyless in the GCE instance. To do so, you must add some polices. For example, if you want to access the buckets and artifact registry you can do ``` echo "🔐 Granting Storage Admin to ${SA_EMAIL} at project level..." gcloud projects add-iam-policy-binding "${PROJECT_ID}" \ --member="serviceAccount:${SA_EMAIL}" \ --role="roles/storage.admin" echo "📦 Granting Artifact Registry Admin to ${SA_EMAIL} at project level..." gcloud projects add-iam-policy-binding "${PROJECT_ID}" \ --member="serviceAccount:${SA_EMAIL}" \ --role="roles/artifactregistry.admin" ``` ## Attach Service Account to the runners Use the `Service Account` field in the runner edit page to configure your runners to run with this service account. To validate, check the console page of your GCP project > Compute Engine > 'runner-instance' > Under 'API and identity management' > Check 'Service account'. This should have the same value as the service account that you created. --- # POST /addons/network URL: https://www.warpbuild.com/docs/api/addons/CreateNetworkAddonConfig --- title: "POST /addons/network" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /addons/network/{network-addon-config-id} URL: https://www.warpbuild.com/docs/api/addons/DeleteNetworkAddonConfig --- title: "DELETE /addons/network/{network-addon-config-id}" full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /addons/network/{network-addon-config-id} URL: https://www.warpbuild.com/docs/api/addons/GetNetworkAddonConfig --- title: "GET /addons/network/{network-addon-config-id}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /addons/network URL: https://www.warpbuild.com/docs/api/addons/ListNetworkAddonConfigs --- title: "GET /addons/network" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # PATCH /addons/network/{network-addon-config-id} URL: https://www.warpbuild.com/docs/api/addons/UpdateNetworkAddonConfig --- title: "PATCH /addons/network/{network-addon-config-id}" full: true _openapi: method: PATCH toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /cloud/integrations URL: https://www.warpbuild.com/docs/api/cloud/CreateIntegration Description: Creates a new cloud integration to connect WarpBuild to your cloud provider account. This enables WarpBuild to provision runner infrastructure in your cloud environment. Supported cloud providers: - **AWS**: Connect via IAM role with cross-account access - **GCP**: Connect via service account with Workload Identity Federation - **Azure**: Connect via service principal with federated credentials --- title: "POST /cloud/integrations" description: >- Creates a new cloud integration to connect WarpBuild to your cloud provider account. This enables WarpBuild to provision runner infrastructure in your cloud environment. Supported cloud providers: - **AWS**: Connect via IAM role with cross-account access - **GCP**: Connect via service account with Workload Identity Federation - **Azure**: Connect via service principal with federated credentials full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: - content: >- Creates a new cloud integration to connect WarpBuild to your cloud provider account. This enables WarpBuild to provision runner infrastructure in your cloud environment. Supported cloud providers: - **AWS**: Connect via IAM role with cross-account access - **GCP**: Connect via service account with Workload Identity Federation - **Azure**: Connect via service principal with federated credentials --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /cloud/integrations/{integration_id} URL: https://www.warpbuild.com/docs/api/cloud/GetIntegration Description: Retrieves a specific cloud integration by ID. A cloud integration connects WarpBuild to your cloud provider account (AWS, GCP, or Azure) for provisioning runner infrastructure. --- title: "GET /cloud/integrations/{integration_id}" description: >- Retrieves a specific cloud integration by ID. A cloud integration connects WarpBuild to your cloud provider account (AWS, GCP, or Azure) for provisioning runner infrastructure. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves a specific cloud integration by ID. A cloud integration connects WarpBuild to your cloud provider account (AWS, GCP, or Azure) for provisioning runner infrastructure. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /cloud/integrations/{integration_id}/actions URL: https://www.warpbuild.com/docs/api/cloud/ListCloudIntegrationActions --- title: "GET /cloud/integrations/{integration_id}/actions" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /cloud/integrations/{integration_id}/options/{entity_name} URL: https://www.warpbuild.com/docs/api/cloud/ListEntities --- title: "GET /cloud/integrations/{integration_id}/options/{entity_name}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /cloud/integrations URL: https://www.warpbuild.com/docs/api/cloud/ListIntegrations Description: Lists all cloud integrations for the authenticated organization. Cloud integrations connect WarpBuild to your cloud provider accounts (AWS, GCP, or Azure) for provisioning runner infrastructure. --- title: "GET /cloud/integrations" description: >- Lists all cloud integrations for the authenticated organization. Cloud integrations connect WarpBuild to your cloud provider accounts (AWS, GCP, or Azure) for provisioning runner infrastructure. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all cloud integrations for the authenticated organization. Cloud integrations connect WarpBuild to your cloud provider accounts (AWS, GCP, or Azure) for provisioning runner infrastructure. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /cloud/integrations/{integration_id}/sync URL: https://www.warpbuild.com/docs/api/cloud/SyncIntegration --- title: "POST /cloud/integrations/{integration_id}/sync" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /builder-profiles URL: https://www.warpbuild.com/docs/api/docker-builder/CreateBuilderProfile --- title: "POST /builder-profiles" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /builder-profiles/{builder_profile_id} URL: https://www.warpbuild.com/docs/api/docker-builder/DeleteBuilderProfile --- title: "DELETE /builder-profiles/{builder_profile_id}" full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /builders/{id}/details URL: https://www.warpbuild.com/docs/api/docker-builder/GetBuilderDetails --- title: "GET /builders/{id}/details" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /builder-profiles/{builder_profile_id} URL: https://www.warpbuild.com/docs/api/docker-builder/GetBuilderProfile --- title: "GET /builder-profiles/{builder_profile_id}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /builders URL: https://www.warpbuild.com/docs/api/docker-builder/ListBuilderInstances --- title: "GET /builders" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /builder-profiles URL: https://www.warpbuild.com/docs/api/docker-builder/ListBuilderProfiles --- title: "GET /builder-profiles" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /builder-profiles/{builder_profile_id}/cache/reset URL: https://www.warpbuild.com/docs/api/docker-builder/ResetBuilderProfileCache --- title: "POST /builder-profiles/{builder_profile_id}/cache/reset" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /jobs/daywise-costs URL: https://www.warpbuild.com/docs/api/jobs/GetDaywiseCosts Description: GetDaywiseCosts --- title: "GET /jobs/daywise-costs" description: GetDaywiseCosts full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: GetDaywiseCosts --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /org_metrics URL: https://www.warpbuild.com/docs/api/org-metrics/GetOrgMetrics Description: Fetches aggregated performance metrics from runner_performance_summary table, grouped hierarchically by Repository > Workflow > Job > SKU. Each runner instance includes max sustained CPU, memory utilization, filesystem utilization, disk IO, and network IO metrics. --- title: "GET /org_metrics" description: >- Fetches aggregated performance metrics from runner_performance_summary table, grouped hierarchically by Repository > Workflow > Job > SKU. Each runner instance includes max sustained CPU, memory utilization, filesystem utilization, disk IO, and network IO metrics. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Fetches aggregated performance metrics from runner_performance_summary table, grouped hierarchically by Repository > Workflow > Job > SKU. Each runner instance includes max sustained CPU, memory utilization, filesystem utilization, disk IO, and network IO metrics. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /reports/billing/ci URL: https://www.warpbuild.com/docs/api/reports/GetCIBilling Description: Returns billing data for CI jobs including chart data, summary, paginated job list, and available filters. --- title: "GET /reports/billing/ci" description: >- Returns billing data for CI jobs including chart data, summary, paginated job list, and available filters. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Returns billing data for CI jobs including chart data, summary, paginated job list, and available filters. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /reports/billing/cache URL: https://www.warpbuild.com/docs/api/reports/GetCacheBilling Description: Returns billing data for cache operations including chart data, summary, paginated entry list, and available filters. --- title: "GET /reports/billing/cache" description: >- Returns billing data for cache operations including chart data, summary, paginated entry list, and available filters. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Returns billing data for cache operations including chart data, summary, paginated entry list, and available filters. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /reports/billing/docker-builder URL: https://www.warpbuild.com/docs/api/reports/GetDockerBuilderBilling Description: Returns billing data for Docker Builder sessions including chart data, summary, paginated session list, and available filters. --- title: "GET /reports/billing/docker-builder" description: >- Returns billing data for Docker Builder sessions including chart data, summary, paginated session list, and available filters. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Returns billing data for Docker Builder sessions including chart data, summary, paginated session list, and available filters. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /reports/jobs URL: https://www.warpbuild.com/docs/api/reports/GetJobsReport Description: Returns aggregated per-job metrics (run count, success rate, p75/p90 of duration, queue time, CPU, memory) along with a multi-line time-series chart for the selected metric and percentile. --- title: "GET /reports/jobs" description: >- Returns aggregated per-job metrics (run count, success rate, p75/p90 of duration, queue time, CPU, memory) along with a multi-line time-series chart for the selected metric and percentile. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Returns aggregated per-job metrics (run count, success rate, p75/p90 of duration, queue time, CPU, memory) along with a multi-line time-series chart for the selected metric and percentile. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /reports/queue-timings URL: https://www.warpbuild.com/docs/api/reports/GetQueueTimings Description: Returns aggregated per-(runner, stack) queue time metrics (p75/p90 of total queue time) and a daily stacked-bar chart splitting total queue time into GitHub time and our (WarpBuild) time. --- title: "GET /reports/queue-timings" description: >- Returns aggregated per-(runner, stack) queue time metrics (p75/p90 of total queue time) and a daily stacked-bar chart splitting total queue time into GitHub time and our (WarpBuild) time. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Returns aggregated per-(runner, stack) queue time metrics (p75/p90 of total queue time) and a daily stacked-bar chart splitting total queue time into GitHub time and our (WarpBuild) time. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-image-versions/{id} URL: https://www.warpbuild.com/docs/api/runner-image-versions/GetRunnerImageVersion --- title: "GET /runner-image-versions/{id}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-image-versions URL: https://www.warpbuild.com/docs/api/runner-image-versions/ListRunnerImageVersions --- title: "GET /runner-image-versions" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /runner-images URL: https://www.warpbuild.com/docs/api/runner-images/CreateRunnerImage --- title: "POST /runner-images" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /runner-images/{id} URL: https://www.warpbuild.com/docs/api/runner-images/DeleteRunnerImage --- title: "DELETE /runner-images/{id}" full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-images/daywise-snapshot-storage-costs URL: https://www.warpbuild.com/docs/api/runner-images/GetDaywiseSnapshotStorageCosts Description: GetDaywiseSnapshotStorageCosts --- title: "GET /runner-images/daywise-snapshot-storage-costs" description: GetDaywiseSnapshotStorageCosts full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: GetDaywiseSnapshotStorageCosts --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-images/{id}/latest-version URL: https://www.warpbuild.com/docs/api/runner-images/GetLatestRunnerImageVersion --- title: "GET /runner-images/{id}/latest-version" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-images/{id} URL: https://www.warpbuild.com/docs/api/runner-images/GetRunnerImage --- title: "GET /runner-images/{id}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-images URL: https://www.warpbuild.com/docs/api/runner-images/ListRunnerImages --- title: "GET /runner-images" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner-images/snapshot-vcs-repositories URL: https://www.warpbuild.com/docs/api/runner-images/ListSnapshotVCSRepositories --- title: "GET /runner-images/snapshot-vcs-repositories" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # PUT /runner-images/{id} URL: https://www.warpbuild.com/docs/api/runner-images/UpdateRunnerImage --- title: "PUT /runner-images/{id}" full: true _openapi: method: PUT toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner_instance/{id} URL: https://www.warpbuild.com/docs/api/runner-instance/GetRunnerInstance Description: Retrieves detailed information about a specific runner instance by ID. A runner instance is a provisioned machine that executes CI/CD jobs. Returns the instance configuration, status, labels, and job processing metadata. --- title: "GET /runner_instance/{id}" description: >- Retrieves detailed information about a specific runner instance by ID. A runner instance is a provisioned machine that executes CI/CD jobs. Returns the instance configuration, status, labels, and job processing metadata. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves detailed information about a specific runner instance by ID. A runner instance is a provisioned machine that executes CI/CD jobs. Returns the instance configuration, status, labels, and job processing metadata. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /runners/{id} URL: https://www.warpbuild.com/docs/api/runners/DeleteRunner Description: Deletes a runner set from the authenticated organization. This will remove the runner configuration and prevent new instances from being provisioned. **Warning:** Any running instances associated with this runner will be terminated. This action cannot be undone. --- title: "DELETE /runners/{id}" description: >- Deletes a runner set from the authenticated organization. This will remove the runner configuration and prevent new instances from being provisioned. **Warning:** Any running instances associated with this runner will be terminated. This action cannot be undone. full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: - content: >- Deletes a runner set from the authenticated organization. This will remove the runner configuration and prevent new instances from being provisioned. **Warning:** Any running instances associated with this runner will be terminated. This action cannot be undone. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runners/{id} URL: https://www.warpbuild.com/docs/api/runners/GetRunner Description: Retrieves a specific runner (runner set) by ID. Returns the runner configuration, status, labels, and associated metadata for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. --- title: "GET /runners/{id}" description: >- Retrieves a specific runner (runner set) by ID. Returns the runner configuration, status, labels, and associated metadata for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves a specific runner (runner set) by ID. Returns the runner configuration, status, labels, and associated metadata for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runners/label_matcher URL: https://www.warpbuild.com/docs/api/runners/GetRunnerSetByMatchingLabels Description: Retrieves a runner set that matches the specified labels. This is used to find which runner configuration will be used when a CI/CD job requests specific labels. The label matching considers both exact matches and label attributes parsed from the labels. --- title: "GET /runners/label_matcher" description: >- Retrieves a runner set that matches the specified labels. This is used to find which runner configuration will be used when a CI/CD job requests specific labels. The label matching considers both exact matches and label attributes parsed from the labels. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves a runner set that matches the specified labels. This is used to find which runner configuration will be used when a CI/CD job requests specific labels. The label matching considers both exact matches and label attributes parsed from the labels. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runners/default-group URL: https://www.warpbuild.com/docs/api/runners/GetRunnerSetDefaultGroup Description: Retrieves the default runner group configuration for a specific VCS integration. The default group determines which runner is used when a workflow does not specify explicit runner labels. --- title: "GET /runners/default-group" description: >- Retrieves the default runner group configuration for a specific VCS integration. The default group determines which runner is used when a workflow does not specify explicit runner labels. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves the default runner group configuration for a specific VCS integration. The default group determines which runner is used when a workflow does not specify explicit runner labels. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runners/usage URL: https://www.warpbuild.com/docs/api/runners/GetRunnersUsage Description: Retrieves usage statistics for runners within a specified date range. Returns aggregated data about runner execution times, job counts, and resource consumption for billing and monitoring purposes. --- title: "GET /runners/usage" description: >- Retrieves usage statistics for runners within a specified date range. Returns aggregated data about runner execution times, job counts, and resource consumption for billing and monitoring purposes. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves usage statistics for runners within a specified date range. Returns aggregated data about runner execution times, job counts, and resource consumption for billing and monitoring purposes. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner_instance URL: https://www.warpbuild.com/docs/api/runners/ListRunnerInstances Description: Lists all runner instances for the authenticated organization with optional filtering and pagination. You can filter by labels, status, creation date, job ID, and search across multiple fields. --- title: "GET /runner_instance" description: >- Lists all runner instances for the authenticated organization with optional filtering and pagination. You can filter by labels, status, creation date, job ID, and search across multiple fields. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all runner instances for the authenticated organization with optional filtering and pagination. You can filter by labels, status, creation date, job ID, and search across multiple fields. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runner_pool URL: https://www.warpbuild.com/docs/api/runners/ListRunnerPools Description: Lists all runner pools for the authenticated organization. Runner pools allow you to configure warm pools of pre-provisioned runner instances for faster job startup times. A pool maintains a specified number of idle runner instances ready to be allocated immediately when a job is queued. --- title: "GET /runner_pool" description: >- Lists all runner pools for the authenticated organization. Runner pools allow you to configure warm pools of pre-provisioned runner instances for faster job startup times. A pool maintains a specified number of idle runner instances ready to be allocated immediately when a job is queued. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all runner pools for the authenticated organization. Runner pools allow you to configure warm pools of pre-provisioned runner instances for faster job startup times. A pool maintains a specified number of idle runner instances ready to be allocated immediately when a job is queued. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /runners URL: https://www.warpbuild.com/docs/api/runners/ListRunners Description: Lists all runner sets for the authenticated organization. Runner sets define the configuration templates for runner instances that will be provisioned when CI/CD jobs request matching labels. You can filter the results by image, provider, VCS integration, and other criteria using query parameters. --- title: "GET /runners" description: >- Lists all runner sets for the authenticated organization. Runner sets define the configuration templates for runner instances that will be provisioned when CI/CD jobs request matching labels. You can filter the results by image, provider, VCS integration, and other criteria using query parameters. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all runner sets for the authenticated organization. Runner sets define the configuration templates for runner instances that will be provisioned when CI/CD jobs request matching labels. You can filter the results by image, provider, VCS integration, and other criteria using query parameters. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # PATCH /runners/default-group URL: https://www.warpbuild.com/docs/api/runners/SetRunnerSetDefaultGroup Description: Sets or updates the default runner group for a specific VCS integration. The default runner is used when CI/CD workflows don't specify explicit runner labels. --- title: "PATCH /runners/default-group" description: >- Sets or updates the default runner group for a specific VCS integration. The default runner is used when CI/CD workflows don't specify explicit runner labels. full: true _openapi: method: PATCH toc: [] structuredData: headings: [] contents: - content: >- Sets or updates the default runner group for a specific VCS integration. The default runner is used when CI/CD workflows don't specify explicit runner labels. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /runners URL: https://www.warpbuild.com/docs/api/runners/SetupRunner Description: Creates a new runner set for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. You can create different types of runners: - **Stock runners**: WarpBuild managed runners with pre-configured images - **Custom runners**: Bring Your Own Cloud (BYOC) runners on AWS EC2, GCP, or Azure - **Custom image runners**: Runners with custom container images or custom AMIs --- title: "POST /runners" description: >- Creates a new runner set for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. You can create different types of runners: - **Stock runners**: WarpBuild managed runners with pre-configured images - **Custom runners**: Bring Your Own Cloud (BYOC) runners on AWS EC2, GCP, or Azure - **Custom image runners**: Runners with custom container images or custom AMIs full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: - content: >- Creates a new runner set for the authenticated organization. A runner set defines the configuration template for runner instances that will be provisioned when CI/CD jobs request matching labels. You can create different types of runners: - **Stock runners**: WarpBuild managed runners with pre-configured images - **Custom runners**: Bring Your Own Cloud (BYOC) runners on AWS EC2, GCP, or Azure - **Custom image runners**: Runners with custom container images or custom AMIs --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # PATCH /runners/{id} URL: https://www.warpbuild.com/docs/api/runners/UpdateRunner Description: Updates an existing runner set configuration. Only the fields specified in the request body will be updated; all other fields remain unchanged. You can update various aspects of a runner including its name, labels, storage configuration, and capacity type. --- title: "PATCH /runners/{id}" description: >- Updates an existing runner set configuration. Only the fields specified in the request body will be updated; all other fields remain unchanged. You can update various aspects of a runner including its name, labels, storage configuration, and capacity type. full: true _openapi: method: PATCH toc: [] structuredData: headings: [] contents: - content: >- Updates an existing runner set configuration. Only the fields specified in the request body will be updated; all other fields remain unchanged. You can update various aspects of a runner including its name, labels, storage configuration, and capacity type. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /snapshots/{id}/reconcile URL: https://www.warpbuild.com/docs/api/snapshot/ReconcileSnapshot --- title: "POST /snapshots/{id}/reconcile" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /snapshots URL: https://www.warpbuild.com/docs/api/snapshotter/CreateSnapshot --- title: "POST /snapshots" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /snapshots/{id} URL: https://www.warpbuild.com/docs/api/snapshotter/DeleteSnapshot --- title: "DELETE /snapshots/{id}" full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /snapshots/{id} URL: https://www.warpbuild.com/docs/api/snapshotter/GetSnapshot --- title: "GET /snapshots/{id}" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /snapshots URL: https://www.warpbuild.com/docs/api/snapshotter/ListSnapshots --- title: "GET /snapshots" full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # DELETE /stacks/{id} URL: https://www.warpbuild.com/docs/api/stacks/DeleteStack Description: Deletes an infrastructure stack from the authenticated organization. **Warning:** This operation will: 1. Remove all runners associated with this stack 2. Optionally deprovision cloud resources (VPC, subnets, storage buckets) depending on the onboarding mode 3. This action cannot be undone --- title: "DELETE /stacks/{id}" description: >- Deletes an infrastructure stack from the authenticated organization. **Warning:** This operation will: 1. Remove all runners associated with this stack 2. Optionally deprovision cloud resources (VPC, subnets, storage buckets) depending on the onboarding mode 3. This action cannot be undone full: true _openapi: method: DELETE toc: [] structuredData: headings: [] contents: - content: >- Deletes an infrastructure stack from the authenticated organization. **Warning:** This operation will: 1. Remove all runners associated with this stack 2. Optionally deprovision cloud resources (VPC, subnets, storage buckets) depending on the onboarding mode 3. This action cannot be undone --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /stacks/{id} URL: https://www.warpbuild.com/docs/api/stacks/GetStack Description: Retrieves a specific infrastructure stack by ID. A stack represents the cloud infrastructure configuration (VPC, subnets, security groups, storage buckets) in your cloud account where runners will be deployed. Stacks can be of different types: - **ec2**: AWS EC2 infrastructure - **gce**: Google Cloud Platform infrastructure - **avm**: Azure Virtual Machines infrastructure --- title: "GET /stacks/{id}" description: >- Retrieves a specific infrastructure stack by ID. A stack represents the cloud infrastructure configuration (VPC, subnets, security groups, storage buckets) in your cloud account where runners will be deployed. Stacks can be of different types: - **ec2**: AWS EC2 infrastructure - **gce**: Google Cloud Platform infrastructure - **avm**: Azure Virtual Machines infrastructure full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Retrieves a specific infrastructure stack by ID. A stack represents the cloud infrastructure configuration (VPC, subnets, security groups, storage buckets) in your cloud account where runners will be deployed. Stacks can be of different types: - **ec2**: AWS EC2 infrastructure - **gce**: Google Cloud Platform infrastructure - **avm**: Azure Virtual Machines infrastructure --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /stacks/{id}/actions URL: https://www.warpbuild.com/docs/api/stacks/ListStackActions Description: Lists all actions (operations) that have been performed on a stack. Actions include setup, upgrade, sync, and other infrastructure operations. --- title: "GET /stacks/{id}/actions" description: >- Lists all actions (operations) that have been performed on a stack. Actions include setup, upgrade, sync, and other infrastructure operations. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all actions (operations) that have been performed on a stack. Actions include setup, upgrade, sync, and other infrastructure operations. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /stacks/{id}/errors URL: https://www.warpbuild.com/docs/api/stacks/ListStackErrors Description: Lists all errors associated with a specific stack. Use this to diagnose issues with stack provisioning or operations. Supports pagination with `page` and `per_page` query parameters. --- title: "GET /stacks/{id}/errors" description: >- Lists all errors associated with a specific stack. Use this to diagnose issues with stack provisioning or operations. Supports pagination with `page` and `per_page` query parameters. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all errors associated with a specific stack. Use this to diagnose issues with stack provisioning or operations. Supports pagination with `page` and `per_page` query parameters. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # GET /stacks URL: https://www.warpbuild.com/docs/api/stacks/ListStacks Description: Lists all infrastructure stacks for the authenticated organization. Stacks represent the cloud infrastructure configurations where runners will be deployed. Stacks can be filtered by cloud provider type (ec2, gce, avm) and status. --- title: "GET /stacks" description: >- Lists all infrastructure stacks for the authenticated organization. Stacks represent the cloud infrastructure configurations where runners will be deployed. Stacks can be filtered by cloud provider type (ec2, gce, avm) and status. full: true _openapi: method: GET toc: [] structuredData: headings: [] contents: - content: >- Lists all infrastructure stacks for the authenticated organization. Stacks represent the cloud infrastructure configurations where runners will be deployed. Stacks can be filtered by cloud provider type (ec2, gce, avm) and status. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /stacks URL: https://www.warpbuild.com/docs/api/stacks/SetupStack Description: Creates a new infrastructure stack in your cloud account. A stack provisions the necessary cloud resources (VPC, subnets, security groups, storage buckets) for deploying runners. You can create stacks for different cloud providers: - **ec2**: AWS EC2 with CloudFormation - **gce**: Google Cloud Platform with Terraform - **avm**: Azure Virtual Machines with Terraform --- title: "POST /stacks" description: >- Creates a new infrastructure stack in your cloud account. A stack provisions the necessary cloud resources (VPC, subnets, security groups, storage buckets) for deploying runners. You can create stacks for different cloud providers: - **ec2**: AWS EC2 with CloudFormation - **gce**: Google Cloud Platform with Terraform - **avm**: Azure Virtual Machines with Terraform full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: - content: >- Creates a new infrastructure stack in your cloud account. A stack provisions the necessary cloud resources (VPC, subnets, security groups, storage buckets) for deploying runners. You can create stacks for different cloud providers: - **ec2**: AWS EC2 with CloudFormation - **gce**: Google Cloud Platform with Terraform - **avm**: Azure Virtual Machines with Terraform --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # PATCH /stacks/{id} URL: https://www.warpbuild.com/docs/api/stacks/UpdateStack Description: Updates an existing infrastructure stack configuration. Only specified fields will be updated. You can update the stack alias, configuration settings, and metadata. Some changes may trigger infrastructure updates in your cloud account. --- title: "PATCH /stacks/{id}" description: >- Updates an existing infrastructure stack configuration. Only specified fields will be updated. You can update the stack alias, configuration settings, and metadata. Some changes may trigger infrastructure updates in your cloud account. full: true _openapi: method: PATCH toc: [] structuredData: headings: [] contents: - content: >- Updates an existing infrastructure stack configuration. Only specified fields will be updated. You can update the stack alias, configuration settings, and metadata. Some changes may trigger infrastructure updates in your cloud account. --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- # POST /stacks/{id} URL: https://www.warpbuild.com/docs/api/stacks/UpgradeStack --- title: "POST /stacks/{id}" full: true _openapi: method: POST toc: [] structuredData: headings: [] contents: [] --- {/* This file was generated by Fumadocs. Do not edit this file directly. Any changes should be made by running the generation command again. */} --- --- # WarpBuild Blog Base URL: https://www.warpbuild.com/blog # Region-Specific Infrastructure: Data Residency and Zero Egress Costs for CI URL: https://www.warpbuild.com/blog/region-specific-infrastructure Description: WarpBuild now offers region-specific infrastructure on enterprise plans. Pin your CI data to the region you choose and eliminate all ingress and egress costs from your cloud. --- title: "Region-Specific Infrastructure: Data Residency and Zero Egress Costs for CI" excerpt: "WarpBuild now offers region-specific infrastructure on enterprise plans. Pin your CI data to the region you choose and eliminate all ingress and egress costs from your cloud." description: "WarpBuild now offers region-specific infrastructure on enterprise plans. Pin your CI data to the region you choose and eliminate all ingress and egress costs from your cloud." date: "2026-06-12" author: surya_oruganti cover: "/images/blog/region-specific-infrastructure/cover.png" --- WarpBuild now offers region-specific infrastructure on enterprise plans. Choose a region, and any data you choose remains in that specific region - runners, caches, artifacts, and logs included. Because your builds now run next to your data, this also eliminates all ingress and egress costs from your cloud (not applicable to macOS instances). This post covers why we built it, and why data transfer is the most underrated line item on a CI-heavy cloud bill. ## The hidden line item in your CI bill When teams audit CI costs, they look at runner minutes. That's the visible part. The invisible part is what your *cloud provider* bills you every time a build running somewhere else touches your data: 1. **Container registry pulls** - Every job that pulls images from ECR, GAR, or a self-hosted registry pays data transfer on the way out of your cloud. 2. **Artifact and cache traffic** - Build outputs, test fixtures, and dependencies flowing to and from S3 or GCS buckets. 3. **NAT gateway processing** - Traffic from private subnets gets billed per-GB on top of the transfer itself. 4. **Internal services** - Builds that hit your package mirrors, databases, or staging APIs pay transfer both ways. None of this shows up on your CI provider's invoice. It shows up on your AWS or GCP bill, scattered across `DataTransfer-Out-Bytes`, NAT gateway processing, and per-service transfer lines - which is exactly why it goes unnoticed. ## The math gets ugly fast Take a representative example. AWS charges roughly $0.09/GB for data transfer out to the internet, and NAT gateway processing adds $0.045/GB on top for traffic leaving private subnets. Now consider a mid-sized engineering team: - 200 CI jobs per day - Each job pulls a 4GB base image plus layers from ECR - Each job downloads ~1GB of dependencies and artifacts from S3 That's roughly 1TB of data leaving your cloud every day - about 30TB a month. At internet egress rates, that's **$2,700/month for registry and artifact egress alone**, before NAT gateway processing, before cross-region replication, and before anyone runs a retry. ![Where the money goes: a typical CI-heavy cloud bill](/images/blog/region-specific-infrastructure/cost-breakdown.png) For teams doing serious container work - monorepos, ML images, multi-arch builds - data transfer regularly accounts for a **significant percentage of total CI-related cloud spend**. We've seen bills where ECR and S3 transfer costs rivaled the compute cost of the builds themselves. The dirty secret is that this money buys you nothing: it's the same bytes, moving the same direction, billed only because the build ran in the wrong place. ## The fix: run the builds where the data lives Data transfer pricing has one giant loophole: **same-region traffic to S3, ECR, GAR, and GCS over the right paths is free**. The bytes don't change. The location does. ![Cross-region builds pay for every byte. Same-region builds don't.](/images/blog/region-specific-infrastructure/same-region.png) That's what region-specific infrastructure does: 1. **You pick the region.** Any AWS or GCP region - `eu-central-1` for your Frankfurt data, `us-east-1` next to your production stack, wherever your data already lives. 2. **We provision runner infrastructure there.** Same WarpBuild runners, warm pools, and unlimited concurrency - just physically located where you need them. 3. **Your chosen data never leaves.** Caches, artifacts, and logs are stored and processed in-region. Nothing you pin to the region crosses its boundary. 4. **Your cloud's transfer meter stops.** Image pulls, artifact downloads, and service calls become same-region traffic. All ingress and egress costs from your cloud are eliminated. The zero ingress/egress benefit applies to Linux and Windows runners. It is not applicable to macOS instances, which run on dedicated Apple Silicon hardware outside your cloud provider. ## Data residency, not just cost savings The same property that kills the transfer bill also answers a compliance question that comes up in almost every enterprise conversation: *where does our data go?* With region-specific infrastructure, the answer is simple - it stays where you put it. Any data you choose remains in that specific region. For teams subject to GDPR, regional data protection laws, or internal data residency policies, that turns CI from a compliance exception into a non-issue. It also pairs naturally with GitHub Enterprise Cloud's data residency offering, so your source code and your build infrastructure can live under the same regional guarantees. ## Available on enterprise plans Region-specific infrastructure is available today on WarpBuild enterprise plans, alongside [Dedicated Cloud](/products/dedicated-cloud) and [BYOC](/products/ci/byoc). There are no workflow changes beyond the runner label - your team won't notice anything except faster pulls. - [Region-specific infrastructure](/products/region-specific-infrastructure) - [Pricing](/pricing) - [Schedule a call](https://cal.com/suryao/start) --- --- # Your CI Wasn't Built for AI-Assisted Development URL: https://www.warpbuild.com/blog/ai-assisted-development-ci-infrastructure Description: Learn why CI pipelines break under AI-assisted development velocity. Discover how to fix queue times, cache thrashing, and flaky tests when using Copilot, Cursor, and other AI coding tools. --- title: "Your CI Wasn't Built for AI-Assisted Development" excerpt: "AI coding tools have changed how fast teams ship code. Most CI infrastructure was designed for human-speed development. Here's what breaks — and how to fix it." description: "Learn why CI pipelines break under AI-assisted development velocity. Discover how to fix queue times, cache thrashing, and flaky tests when using Copilot, Cursor, and other AI coding tools." date: "2026-01-13" author: surya_oruganti cover: "/images/blog/ai-assisted-development-ci-infrastructure/cover.png" --- Something shifted in the past eighteen months. Engineers who once spent hours crafting code now generate working implementations in minutes. Claude Code autocompletes entire features. [Cursor](https://cursor.sh/) rewrites files on command. The velocity gains are real, measurable, and accelerating. But there's a downstream effect that's getting less attention: CI infrastructure is buckling under the load. The CI systems most teams run today were architected for human-speed development. They assume a certain cadence of commits, a predictable volume of pull requests, a manageable rate of test execution. When code velocity doubles or triples, everything downstream breaks in predictable ways. Queue times spike. Caches thrash. Flaky tests that surfaced once a week now fail daily. Costs climb faster than budgets. This isn't an argument against AI tools. They're a genuine productivity multiplier. But the infrastructure that validates and ships that code needs to catch up. The bottleneck has shifted from writing code to validating code, and CI is now the constraint. ## Key Takeaways - **AI coding tools increase PR volume by 26-98%** depending on adoption levels, overwhelming CI systems designed for human-speed development - **Queue times, cache thrashing, and flaky tests** are the primary failure modes at higher velocity - **GitHub-hosted runner concurrency limits** (20 for Free, 60 for Team) become bottlenecks for AI-assisted teams - **Solutions include unlimited concurrency, larger caches, and test parallelization** - **Total cost analysis** should include developer wait time, not just compute costs ## The Velocity Shift Is Real [GitHub's research on Copilot](https://github.blog/news-insights/research/research-quantifying-github-copilots-impact-on-developer-productivity-and-happiness/) found that developers using the tool completed tasks 55% faster than those without it. A [multi-company study](https://github.blog/news-insights/research/research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/) involving over 4,800 developers showed a 26% increase in completed pull requests per week. [Stack Overflow's 2025 Developer Survey](https://survey.stackoverflow.co/2025/ai) found 84% of developers are using or planning to use AI tools in their workflow. Copilot alone has over 20 million users, with 90% of Fortune 100 companies now using it. The research confirms substantial PR volume increases. [Faros AI's analysis](https://www.index.dev/blog/ai-coding-assistants-roi-productivity) of over 10,000 developers found teams with high AI adoption created 47% more pull requests per developer per day, with some teams seeing up to 98% more PRs overall. The effect compounds: faster code generation leads to faster code reviews (because reviewers use AI too), which leads to faster merges, which leads to more CI runs per day. Consider a concrete scenario. A 20-person engineering team that previously opened 40 PRs per week adopts AI coding assistants across the org. Based on research showing 47-98% PR increases for high-adoption teams, within a month they're opening 60-80 PRs weekly. Each PR triggers 3-5 CI jobs on average. That's 120-200 CI runs per week becoming 180-400. The CI system that handled the old volume with headroom to spare is now frequently saturated. The math is straightforward. If your CI was sized for X throughput and your development velocity goes to 1.5-2X, something has to give. Usually it's developer wait time, and that erodes the velocity gains you thought you were getting. ## What Breaks at Higher Velocity The failure modes are predictable once you understand the mechanics. Each one has a trigger point and a symptom that shows up in developer experience. **Queue times explode.** Most CI systems have concurrency limits. [GitHub-hosted runners](https://docs.github.com/en/actions/reference/limits) allow 20 concurrent jobs for Free plans, 40 for Pro, 60 for Team, and up to 500 for Enterprise. At 40 PRs per week with modest job counts, you rarely hit those limits. Jobs start immediately. At 100+ PRs per week, the math changes. Jobs queue constantly, especially during peak hours when the whole team is pushing code. Developers report "CI is slow," but the jobs aren't actually running slowly. They're waiting in line. **Cache economics change.** Caches have size limits and eviction policies. [GitHub Actions cache storage](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) was historically limited to 10GB per repository (though this limit has been relaxed as of late 2025). At low velocity, your dependency caches, build caches, and test caches all fit comfortably. Cache hits are high. Builds are fast. At high velocity, more PRs means more cache writes. More cache writes means faster eviction. The cache that "always hit" at low velocity starts missing at high velocity. A build that took 3 minutes with warm caches now takes 8 minutes cold. Multiply that across hundreds of runs and you've lost hours of developer time daily. Learn more in our [guide to GitHub Actions caching](/blog/github-actions-cache). **Flaky tests surface more often.** A test with a 1% flake rate fails once per 100 runs. At 200 CI runs per week, that's 2 flakes. Annoying but manageable. At 600 CI runs per week, that's 6 flakes. Now flaky tests are a daily occurrence. The noise becomes constant. Teams start ignoring CI failures or reflexively re-running jobs. Trust in the test suite erodes. The signal that CI is supposed to provide gets lost. **Cost scales linearly, or worse.** Three times the runs means three times the compute cost. But the velocity gains aren't perfectly linear because there's coordination overhead. Finance starts asking questions. The CI budget that seemed reasonable last quarter is now a line item that needs justification. Teams defer infrastructure improvements because the bill is already high. See our [guide to reducing GitHub Actions costs](/blog/github-actions-cost-reduction) for optimization strategies. **Developer wait time compounds.** A 10-minute CI wait isn't bad in isolation. But at higher velocity, developers are pushing more frequently. Three PRs per day with 10-minute waits is 30 minutes of waiting. Context switching during those waits has its own cost. The "fast" AI-assisted development starts feeling slow because CI can't keep up. | Failure Mode | Trigger | Symptom | |--------------|---------|---------| | Queue saturation | PR volume exceeds concurrency limits | Jobs waiting 5-15 minutes before starting | | Cache thrashing | Write volume exceeds cache capacity | Build times 2-3x longer than baseline | | Flake amplification | Run volume surfaces rare failures | Multiple false failures per day | | Cost escalation | Linear compute scaling | 2-3x CI spend increase | | Wait time compounding | Higher PR frequency per developer | 30+ minutes daily waiting on CI | ## The AI-Generated Code Factor There's a nuance most teams miss. AI-generated code has characteristics that stress CI in specific ways, beyond just the volume increase. Research is beginning to quantify these effects. AI tends to generate explicit, readable code. That's good for humans reviewing it. But more lines means more to compile, more to analyze, more to test. [GitClear's analysis](https://www.gitclear.com/ai_assistant_code_quality_2025_research) of 211 million changed lines of code found a 4x increase in code duplication since AI tools became prevalent. Codebases are growing faster in absolute terms, not just in commit frequency. The build that used to process 50,000 lines now processes 80,000. AI coding assistants have no awareness of your build system. They don't optimize for incremental compilation. They don't consider whether the code they're generating will invalidate caches. They don't know that touching a certain file triggers a full rebuild. They're optimizing for correctness and readability, not CI performance. The copy-paste pattern is particularly problematic. AI makes it trivially easy to generate similar code across multiple files. Need the same validation logic in three places? AI will happily generate three implementations. GitClear's research shows copy-pasted code now exceeds refactored/moved code for the first time. This creates redundant test coverage and reduces cache effectiveness because more files are changing per commit. Generated tests are often brittle. AI-generated test suites frequently have poor isolation. Time dependencies, order dependencies, shared state. [CodeRabbit's 2025 report](https://www.coderabbit.ai/blog/state-of-ai-vs-human-code-generation-report) found AI-generated pull requests contain approximately 1.7x more issues than human-written PRs, with logic and correctness issues rising 75%. The tests pass when run individually but fail in certain sequences. More tests plus worse test architecture equals more flakiness. The test suite grows faster than its reliability. Code churn—code that gets discarded within two weeks of being written—is also increasing. GitClear projects this metric has doubled compared to pre-AI baselines. This means CI is running more jobs to validate code that won't survive. None of this is AI's fault. These tools aren't optimized for CI performance, and that's probably the right tradeoff for their primary use case. But it means the code velocity increase comes with a CI tax that teams need to account for. ## Adapting Your CI for AI-Speed Development The good news is that these problems are solvable. The solutions require some upfront investment but pay dividends as velocity continues to increase. **Remove the concurrency ceiling.** Start by auditing your current limits. Calculate your saturation rate: average PR volume multiplied by jobs per PR multiplied by average job duration, divided by working hours. If you're hitting concurrency limits more than 10% of the time, you need more headroom. The options are upgrading your GitHub plan (which has its own limits), [self-hosting runners](/blog/self-hosting-github-actions) (which adds operational burden), or using a runner provider that doesn't impose concurrency limits. The right choice depends on your team's appetite for infrastructure work. **Optimize caching for churn.** GitHub's cache storage fills fast at high velocity. Consider external caching solutions with larger storage limits. Smarter cache keys help too. Don't invalidate your entire dependency cache when the lockfile changes. Use content-addressed keys where possible. For Docker builds, layer caching is usually the biggest win. A well-structured Dockerfile with stable base layers can reduce build times by 60-80%. Measure your cache hit rate at current velocity, then project what happens when volume doubles. Our [Docker build optimization guide](/blog/optimizing-docker-builds) covers this in detail. **Architect tests for scale.** Parallelize aggressively. Sharding test suites across multiple runners can turn a 20-minute test run into a 4-minute one. Matrix builds let you test across environments simultaneously rather than sequentially. Implement flaky test detection and quarantine. When a test fails intermittently, automatically flag it and move it out of the critical path. Prune redundant tests. AI often generates overlapping coverage, and removing duplicates speeds up the suite without reducing confidence. Set time budgets per PR and enforce them. Learn more about [running concurrent tests effectively](/blog/concurrent-tests). ```yaml jobs: test: strategy: matrix: shard: [1, 2, 3, 4] runs-on: warpbuild-ubuntu-22.04-x64-4x steps: - uses: actions/checkout@v4 - name: Run tests (shard ${{ matrix.shard }}/4) run: | npm test -- --shard=${{ matrix.shard }}/4 ``` **Match runner sizing to the workload.** AI-assisted PRs often have larger diffs. Larger diffs benefit from bigger runners. The cost-per-minute versus time tradeoff shifts when velocity is high. A runner that costs 1.5x as much but finishes in 0.4x the time is worth it when you're running hundreds of jobs daily. The developer time saved exceeds the compute cost increase. Run the numbers for your specific workload. **Model costs for the new normal.** Don't assume linear growth. AI adoption curves are steep. If your team is at 30% AI tool adoption today, plan for 70% within a year. Build CI cost into the AI tooling ROI calculation. The productivity gains from AI coding assistants are real, but so is the infrastructure cost. Consider total cost: compute plus developer wait time plus operational burden. A system that costs more per minute but eliminates wait time and ops work often has lower total cost. ## The Infrastructure Gap There's a structural issue underneath all of this. GitHub-hosted runners were designed in an era of human-speed development. The concurrency limits, cache sizes, and pricing models assume a certain velocity. That assumption is breaking. Self-hosted runners give you control but add operational burden. That burden scales with volume. More runs means more infrastructure to manage, more capacity planning, more on-call rotations. For teams that already have platform engineering capacity, this can work. For teams that don't, it's a distraction from shipping product. Read about the [challenges of GitHub Actions at scale](/blog/github-actions-challenges) for more context. The new requirement is infrastructure that scales elastically with demand, has caching that performs at high throughput, starts instantly without queue time, and doesn't require a dedicated team to operate. This is the problem we built WarpBuild to solve. ## Frequently Asked Questions ### How much faster do AI coding tools make developers? GitHub's research found that developers using Copilot completed tasks 55% faster, with a [controlled study](https://github.blog/news-insights/research/research-quantifying-github-copilots-impact-in-the-enterprise-with-accenture/) showing a 26% increase in completed PRs per week. The downstream effect on CI compounds this—[research from Faros AI](https://www.index.dev/blog/ai-coding-assistants-roi-productivity) found high-adoption teams saw 47-98% more pull requests per day, significantly increasing CI load. ### Why does my CI feel slow even though individual jobs are fast? The most common cause is queue saturation. [GitHub-hosted runners have concurrency limits](https://docs.github.com/en/actions/reference/limits): 20 for Free, 40 for Pro, 60 for Team, and up to 500 for Enterprise. When you exceed these limits, jobs wait in line before they even start running. Check the "Queued" timestamp versus "In progress" timestamp in your workflow runs. ### How do I know if my cache is thrashing? Look for inconsistent build times. If the same build takes 3 minutes sometimes and 8 minutes other times, you're likely experiencing cache misses due to eviction. GitHub's cache storage can fill quickly at high velocity, especially with frequent lockfile changes. ### Should I use self-hosted runners or a managed service? Self-hosted runners remove concurrency limits but add operational burden that scales with volume. For teams without dedicated platform engineering capacity, managed services like WarpBuild provide unlimited concurrency without the ops overhead. ### How do I calculate the true cost of CI wait time? Multiply average wait time per PR by PRs per day by average developer hourly cost. A team with 50 PRs/day, 10-minute average waits, and $75/hour developer cost loses $6,250/week in developer time alone—often more than the CI compute cost itself. ## Moving Forward AI coding tools are a net positive for engineering velocity. The teams using them are shipping more, faster. But velocity gains upstream create pressure downstream. CI is the validation layer, and most CI infrastructure wasn't built for this level of throughput. The teams that will thrive in AI-assisted development are the ones that upgrade their infrastructure proactively. Not the ones scrambling after CI becomes the bottleneck. Not the ones watching developers wait in queues while the productivity gains evaporate. The specifics matter. Audit your concurrency headroom. Rethink your caching strategy for higher write volumes. Architect tests for parallelization and scale. Honestly assess whether your current CI setup can handle 50-100% more volume than it handles today. We're still early in the AI-assisted development curve. The tools are getting better. Adoption is accelerating. The teams that build infrastructure for this future now will have a structural advantage over those that wait. --- *If you're hitting these limits, WarpBuild offers unlimited concurrency and high-performance caching designed for high-velocity teams. [Start free →](https://www.warpbuild.com)* --- # Cost comparison: GitHub Actions Runner Controller (ARC) and WarpBuild URL: https://www.warpbuild.com/blog/arc-warpbuild-comparison-case-study Description: Comparing Cost Efficiency of GitHub Actions Runner Controller (ARC) using kubernetes and karpenter on AWS with WarpBuild BYOC runners. WarpBuild leads to >40% cost savings. --- title: "Cost comparison: GitHub Actions Runner Controller (ARC) and WarpBuild" excerpt: "Comparing Costs of GitHub Actions Runner Controller (ARC) with WarpBuild BYOC runners" description: "Comparing Cost Efficiency of GitHub Actions Runner Controller (ARC) using kubernetes and karpenter on AWS with WarpBuild BYOC runners. WarpBuild leads to >40% cost savings." date: "2024-09-18" author: prajjwal_dimri cover: "/images/blog/arc-warpbuild-comparison-case-study/cover.webp" --- In this case study, we will explore the cost, flexibility, and management aspects of running your own GitHub Actions Runners using ARC (Actions Runner Controller) vs. using WarpBuild's **Bring Your Own Cloud (BYOC)** offering on AWS. ## TL;DR In this case study, we compare setting up GitHub's Action Runner Controller on EKS using Karpenter for autoscaling, with WarpBuild's BYOC offering. We found that ARC comes with significant operational overhead and efficiency challenges. On the other hand, WarpBuild's BYOC solution provides better performance, ease of use, and lower operational costs, making it a more suitable choice for teams, especially with large volumes of CI/CD workflows. **Cost Comparison Highlights**: The cost comparison is for a representative 2 hour period, where there is a continuous load of commits, each triggering a job. We use `PostHog` OSS as an example repo to demonstrate the cost comparison on real world use cases over 960 jobs. - ARC Setup Cost (for the analyzed period): **$42.60** - WarpBuild BYOC Cost: **$25.20** This is effectively a **~41%** cost savings. ![Cost Comparison](/images/blog/arc-warpbuild-comparison-case-study/cost-comparison.png) You can find the detailed cost comparison [here](#cost-comparison). The following sections describe the setup of ARC Runners on EKS, and the assumptions that went into this. ## Setting up ARC Runners on EKS We setup Karpenter v1 and EKS using Terraform to provision the infrastructure. This approach provided more control, automation, and consistency in deploying and managing the EKS cluster and related resources. Complete setup code is available @ https://github.com/WarpBuilds/github-arc-setup ### EKS Cluster Setup The EKS cluster was provisioned using Terraform and runs on Kubernetes v1.30. A key aspect of our setup was using a dedicated node group for essential add-ons, keeping them isolated from other workloads. The `default-ng` node group utilizes `t3.xlarge` instance types, with taints to ensure that only critical workloads, such as Networking, DNS management, Node management, ARC controllers etc. can be scheduled on these nodes. ```hcl module "eks" { source = "terraform-aws-modules/eks/aws" cluster_name = local.cluster_name cluster_version = "1.30" cluster_endpoint_public_access = true cluster_addons = { coredns = {} eks-pod-identity-agent = {} kube-proxy = {} vpc-cni = {} } subnet_ids = var.private_subnet_ids vpc_id = var.vpc_id eks_managed_node_groups = { default-ng = { desired_capacity = 2 max_capacity = 5 min_capacity = 1 instance_types = ["t3.xlarge"] subnet_ids = var.private_subnet_ids taints = { addons = { key = "CriticalAddonsOnly" value = "true" effect = "NO_SCHEDULE" } } } } node_security_group_tags = merge(local.tags, { "karpenter.sh/discovery" = local.cluster_name }) enable_cluster_creator_admin_permissions = true tags = local.tags } ``` #### Private Subnets and NAT Gateway To secure our infrastructure, we placed the EKS nodes in private subnets, allowing them to communicate with external resources through a NAT Gateway. This configuration ensured that the nodes could still access the internet for essential tasks without exposing them directly to external traffic. Using private subnets with a NAT Gateway enhanced the security posture of the cluster while allowing for the necessary external connectivity. ### Karpenter for Autoscaling To manage autoscaling of the nodes and optimize cost and resource efficiency, we utilized Karpenter, which offers a more flexible and cost-effective alternative to the Kubernetes Cluster Autoscaler. Karpenter allows nodes to be created and terminated dynamically based on real-time resource needs, reducing over-provisioning and unnecessary costs. We deployed Karpenter using Terraform and Helm, with some notable configurations: - [**Karpenter v1.0.2**](https://karpenter.sh/): We chose the latest version of karpenter at the time of writing. - **Amazon Linux 2023 (AL2023)**: The default NodeClass provisions nodes with AL2023, and each node is configured with 300GiB of EBS storage. This additional storage is crucial for workloads that require high disk usage, such as CI/CD runners, preventing out-of-disk errors commonly encountered with default node storage (17GiB). This needs to be increased based on the number of jobs expected to run on a node in parallel. - **Private Subnet Selection**: The NodeClass is configured to use the private subnets created earlier. This ensures that nodes are spun up in a secure, isolated environment, consistent with the EKS cluster's network setup. - [**m7a Node Families**](https://aws.amazon.com/ec2/instance-types/m7a/): Using the NodePool resource, we restricted node provisioning to the m7a instance family. These instances were chosen for their performance-to-cost efficiency and are only provisioned in the us-east-1a and us-east-1b Availability Zones. - **On-demand Instances**: While Karpenter supports Spot Instances for cost savings, we opted for on-demand instances for an equivalent cost comparison. - **Consolidation Policy**: We configured a 5-minute consolidation delay, preventing premature node terminations that could disrupt workflows. Karpenter will only consolidate nodes once they are underutilized for at least 5 minutes, ensuring stable operations during peak workloads. ```hcl module "karpenter" { source = "terraform-aws-modules/eks/aws//modules/karpenter" cluster_name = module.eks.cluster_name enable_pod_identity = true create_pod_identity_association = true create_instance_profile = true node_iam_role_additional_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } tags = local.tags } resource "helm_release" "karpenter-crd" { namespace = "karpenter" create_namespace = true name = "karpenter-crd" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter-crd" version = "1.0.2" wait = true values = [] } resource "helm_release" "karpenter" { depends_on = [helm_release.karpenter-crd] namespace = "karpenter" create_namespace = true name = "karpenter" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter" version = "1.0.2" wait = true skip_crds = true values = [ <<-EOT serviceAccount: name: ${module.karpenter.service_account} settings: clusterName: ${module.eks.cluster_name} clusterEndpoint: ${module.eks.cluster_endpoint} EOT ] } resource "kubectl_manifest" "karpenter_node_class" { yaml_body = <<-YAML apiVersion: karpenter.k8s.aws/v1beta1 kind: EC2NodeClass metadata: name: default spec: amiFamily: AL2023 detailedMonitoring: true blockDeviceMappings: - deviceName: /dev/xvda ebs: volumeSize: 300Gi volumeType: gp3 deleteOnTermination: true iops: 5000 throughput: 500 instanceProfile: ${module.karpenter.instance_profile_name} subnetSelectorTerms: - tags: karpenter.sh/discovery: ${module.eks.cluster_name} securityGroupSelectorTerms: - tags: karpenter.sh/discovery: ${module.eks.cluster_name} tags: karpenter.sh/discovery: ${module.eks.cluster_name} Project: arc-test-praj YAML depends_on = [ helm_release.karpenter, helm_release.karpenter-crd ] } resource "kubectl_manifest" "karpenter_node_pool" { yaml_body = <<-YAML apiVersion: karpenter.sh/v1beta1 kind: NodePool metadata: name: default spec: template: spec: tags: Project: arc-test-praj nodeClassRef: name: default requirements: - key: "karpenter.k8s.aws/instance-category" operator: In values: ["m"] - key: "karpenter.k8s.aws/instance-family" operator: In values: ["m7a"] - key: "karpenter.k8s.aws/instance-cpu" operator: In values: ["4", "8", "16", "32", "64"] - key: "karpenter.k8s.aws/instance-generation" operator: Gt values: ["2"] - key: "topology.kubernetes.io/zone" operator: In values: ["us-east-1a", "us-east-1b"] - key: "kubernetes.io/arch" operator: In values: ["amd64"] - key: "karpenter.sh/capacity-type" operator: In values: ["on-demand"] limits: cpu: 1000 disruption: consolidationPolicy: WhenEmpty consolidateAfter: 5m YAML depends_on = [ kubectl_manifest.karpenter_node_class ] } ``` We also ran another setup with a single job per node to compare the performance and cost implications of running multiple jobs on a single node. ```diff - key: "karpenter.k8s.aws/instance-cpu" - operator: In - values: ["4", "8", "16", "32", "64"] + key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: ["8"] ``` ### Actions Runner Controller and Runner Scale Set Once Karpenter was configured, we proceeded to set up the GitHub Actions Runner Controller (ARC) and the Runner Scale Set using Helm. The ARC setup was deployed with Helm using the following command and values: ```bash helm upgrade arc \ --namespace "${NAMESPACE}" \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller \ --values runner-set-values.yaml --install ``` ```yaml tolerations: - key: "CriticalAddonsOnly" operator: "Equal" value: "true" effect: "NoSchedule" ``` This configuration applies tolerations to the controller, enabling it to run on nodes with the `CriticalAddonsOnly` taint i.e. `default-ng` nodegroup, ensuring it doesn't interfere with other runner workloads. Next, we set up the Runner Scale Set using another Helm command: ```bash helm upgrade warp-praj-arc-test oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set --namespace ${NAMESPACE} --values values.yaml --install ``` The key points for our Runner Scale Set configuration: - **GitHub App Integration**: We connected our runners to GitHub via a GitHub App, enabling the runners to operate at the organization level.\ - **Listener Tolerations**: Like the controller, the listener template also included tolerations to allow it to run on the `default-ng` node group. - **Custom Image for Runners**: We used a custom Docker image for the runner pods (detailed in the next section). - **Resource Requirements**: To simulate high-performance runners, the runner pods were configured to require 8 CPU cores and 32 GiB of RAM, which aligns with the performance of an 8x runner used in the workflows. ```yaml githubConfigUrl: "https://github.com/Warpbuilds" githubConfigSecret: github_app_id: "" github_app_installation_id: "" github_app_private_key: | -----BEGIN RSA PRIVATE KEY----- [your-private-key-contents] -----END RSA PRIVATE KEY----- github_token: "" listenerTemplate: spec: containers: - name: listener securityContext: runAsUser: 1000 tolerations: - key: "CriticalAddonsOnly" operator: "Equal" value: "true" effect: "NoSchedule" template: spec: containers: - name: runner image: command: ["/home/runner/run.sh"] resources: requests: cpu: "4" memory: "16Gi" limits: cpu: "8" memory: "32Gi" controllerServiceAccount: namespace: arc-systems name: arc-gha-rs-controller ``` ### Custom Image for Runner Pods By default, the Runner Scale Sets use GitHub's official `actions-runner` image. However, this image doesn't include essential utilities such as wget, curl, and git, which are required by various workflows. To address this, we created a custom Docker image based on GitHub's runner image, adding the necessary tools. This image was hosted in a public ECR repository and was used by the runner pods during our tests. The custom image allowed us to run workflows without missing dependencies and ensured smooth execution. ```dockerfile FROM ghcr.io/actions/actions-runner:2.319.1 RUN sudo apt-get update && sudo apt-get install -y wget curl unzip git RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/* ``` This approach ensured that our runners were always equipped with the required utilities, preventing errors and reducing friction during the workflow runs. ### Tagging Infrastructure for Cost Tracking In order to track costs effectively during the ARC setup, we implemented cost allocation tags across all the resources that we used for the setup along with collecting hourly data. AWS Cost Explorer allowed us to monitor and attribute costs to specific resources based on these tags. This was essential for calculating the true cost of running ARC compared to the WarpBuild BYOC solution. ## Setting up BYOC Runners on WarpBuild ### Adding Cloud Account Setting up BYOC (Bring Your Own Cloud) runners on WarpBuild begins by connecting your own cloud account. After signing up for WarpBuild, navigate to the BYOC page and follow the process to add your cloud account. This step is critical as it allows WarpBuild to provision and manage runners directly in your own AWS environment, providing greater control and flexibility. ![Add Cloud Account Flow](/images/blog/arc-warpbuild-comparison-case-study/C2.gif) ### Creating Stack Once your cloud account is connected, you need to create a Stack in the WarpBuild dashboard. A WarpBuild Stack represents a group of essential infrastructure components, such as VPCs, subnets, and object storage buckets, provisioned in a specific region of your cloud account. These components are required for running CI workflows on WarpBuild. ![Create Stack Flow](/images/blog/arc-warpbuild-comparison-case-study/S2.gif) ### Custom Runner Creation For this experiment, we also created a custom 8x runner. Although WarpBuild provides default stock runner configurations, creating a custom runner allowed us to match the specifications of the ARC runners. WarpBuild runners are based on the Ubuntu 22.04 image, which is approximately 60GB in size. This image is pre-configured to work seamlessly with GitHub Actions workflows, offering better performance and compatibility than a general-purpose runner image. While such an image would be impractical for an ARC setup due to the high storage costs incurred every time a new node is provisioned, WarpBuild manages this efficiently through its runner orchestration. ![Create Runner Flow](/images/blog/arc-warpbuild-comparison-case-study/R2.gif) ### Tagging Infrastructure for Cost Tracking WarpBuild simplifies cost tracking for its users by automatically tagging all provisioned resources. This allows users to monitor and manage costs more effectively. Additionally, WarpBuild offers a dedicated dashboard where users can see real-time cost breakdowns, making cost management more transparent. ## Workflow Simulation ### PostHog's Frontend CI Workflow To simulate real-world use-case, we leveraged PostHog's Frontend CI workflow. This workflow is designed to run a series of frontend checks, followed by two sets of jobs: one for code quality checks and another for executing a matrix of Jest tests. This setup provided a comprehensive load for both the ARC and WarpBuild BYOC runners, allowing us to assess their performance under typical CI workloads. You can view the workflow file here: [PostHog Frontend CI Workflow](https://github.com/WarpBuilds/posthog/blob/master/.github/workflows/ci-frontend.yml) ### Auto-Commit Simulation Script To ensure continuous triggering of the Frontend CI workflow, we developed an automated commit script in JavaScript. This script generates commits every minute on the forked PostHog repository, which in turn triggers the CI workflow. Both the ARC and the WarpBuild BYOC runners simultaneously pick up these jobs, enabling us to track costs and performance over time. The script is designed to run for two hours, ensuring a consistent workload over an extended period for accurate cost measurement. The results were then analyzed to compare the costs of using ARC versus WarpBuild's BYOC runners. Commit simulation script: ```javascript const { exec } = require("child_process"); const fs = require("fs"); const path = require("path"); const repoPath = "arc-setup/posthog"; const frontendDir = path.join(repoPath, "frontend"); const intervalTime = 1 * 60 * 1000; // Every Minute const maxRunTime = 2 * 60 * 60 * 1000; // 2 hours const setupGitConfig = () => { exec('git config user.name "Auto Commit Script"', { cwd: repoPath }); exec('git config user.email "auto-commit@example.com"', { cwd: repoPath }); }; const makeCommit = () => { const logFilePath = path.join(frontendDir, "commit_log.txt"); // Create the frontend directory if it doesn't exist if (!fs.existsSync(frontendDir)) { fs.mkdirSync(frontendDir); } // Write to commit_log.txt in the frontend directory fs.appendFileSync( logFilePath, `Auto commit in frontend at ${new Date().toISOString()}\n`, ); // Add, commit, and push changes exec(`git add ${logFilePath}`, { cwd: repoPath }, (err) => { if (err) return console.error("Error adding file:", err); exec( `git commit -m "Auto commit at ${new Date().toISOString()}"`, { cwd: repoPath }, (err) => { if (err) return console.error("Error committing changes:", err); exec("git push origin master", { cwd: repoPath }, (err) => { if (err) return console.error("Error pushing changes:", err); console.log("Changes pushed successfully"); }); }, ); }); }; setupGitConfig(); const interval = setInterval(makeCommit, intervalTime); // Stop the script after 2 hours setTimeout(() => { clearInterval(interval); console.log("Script completed after 2 hours"); }, maxRunTime); ``` ## Cost Comparison | **Category** | **ARC (Varied Node Sizes)** | **WarpBuild** | **ARC (1 Job Per Node)** | | ------------------ | --------------------------- | ------------------ | ------------------------ | | **Total Jobs Ran** | 960 | 960 | 960 | | Node Type | m7a (varied vCPUs) | m7a.2xlarge | m7a.2xlarge | | Max K8s Nodes | 8 | - | 27 | | Storage | 300GiB per node | 150GiB per runner | 150GiB per node | | IOPS | 5000 per node | 5000 per runner | 5000 per node | | Throughput | 500Mbps per node | 500Mbps per runner | 500Mbps per node | | Compute | $27.20 | $20.83 | $22.98 | | EC2-Other | $18.45 | $0.27 | $19.39 | | VPC | $0.23 | $0.29 | $0.23 | | S3 | $0.001 | $0.01 | $0.001 | | WarpBuild Costs | - | $3.80 | - | | **Total Cost** | **$45.88** | **$25.20** | **$42.60** | ## Performance and Scalability The following metrics showcase the average time taken by WarpBuild BYOC Runners and ARC Runners for jobs in the Frontend-CI workflow: | **Test** | **ARC (Varied Node Sizes)** | **WarpBuild** | **ARC (1 Job Per Node)** | | ----------------------- | --------------------------- | -------------------- | ------------------------ | | **Code Quality Checks** | ~9 minutes 30 seconds | ~7 minutes | ~7 minutes | | **Jest Test (FOSS)** | ~2 minutes 10 seconds | ~1 minute 30 seconds | ~1 minute 30 seconds | | **Jest Test (EE)** | ~1 minute 35 seconds | ~1 minute 25 seconds | ~1 minute 25 seconds | ARC runners exhibited slower performance primarily because multiple runners shared disk and network resources on the same node, causing bottlenecks despite larger node sizes. In contrast, WarpBuild's dedicated VM runners eliminated this resource contention, allowing jobs to complete faster. To address these bottlenecks, we tested a **1 Job Per Node** configuration with ARC, where each job ran on its own node. This approach significantly improved performance, matching the job times of WarpBuild runners. However, it introduced higher job start delays due to the time required to provision new nodes. > Note: Job start delays are directly influenced by the time needed to provision a new node and pull the container image. Larger image sizes increase pull times, leading to longer delays. If the image size is reduced, additional tools would need to be installed during the action run, increasing the overall workflow run time. This is a trade-off that you don't have to make with WarpBuild. You can further enhance optimization by leveraging WarpBuild's features [custom images](/docs/ci/byoc/custom-vm-images), [snapshot runners](/docs/ci/features/snapshot-runners) and more. ## Conclusion The cost and performance comparison between ARC and WarpBuild's BYOC offering demonstrates clear advantages to using WarpBuild. WarpBuild provides the same flexibility as ARC in configuring and scaling your own runners, but without the operational complexity and performance bottlenecks (such as resource contention on larger nodes) make it ideal for large-scale workloads. ARC's scalability is limited by node resources like disk I/O and network throughput, which can affect workflow performance despite using high-performance nodes. WarpBuild simplifies the entire process, offering better performance with lower operational overhead and lower costs. It handles provisioning and scaling seamlessly while maintaining performance, making it the ideal option for CI/CD management for high performance teams. --- # Blacksmith vs WarpBuild Comparison - 2025 May URL: https://www.warpbuild.com/blog/blacksmith-warpbuild-comparison-2025-May Description: Blacksmith features, performance, pricing, and how it compares to WarpBuild. --- title: "Blacksmith vs WarpBuild Comparison - 2025 May" excerpt: "Blacksmith features, performance, pricing, and how it compares to WarpBuild." description: "Blacksmith features, performance, pricing, and how it compares to WarpBuild." date: "2025-05-19" author: surya_oruganti cover: "/images/blog/blacksmith-warpbuild-comparison-2025-May/cover.png" --- Blacksmith provides Github Actions runners that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed comparison between Blacksmith and WarpBuild to help you make an informed decision. ## Feature Comparison | Feature | Blacksmith | WarpBuild | WarpBuild Advantage | | ------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **CPUs** | Server class (AMD EPYC, ARM Ampere) | x86-64 (Desktop Class Ryzen 7950X3D), arm64 (Graviton 4) | arm64: 40% more powerful but ~20% more expensive than Blacksmith; x86-64: same performance; Better networking, more disk options | | **Architecture** | x86-64, arm64 | x86-64, arm64 | arm64: 40% more powerful but ~20% more expensive than Blacksmith; x86-64: same performance; Better networking, more disk options | | **Concurrency** | Unlimited | Unlimited | | | **OS Support** | Ubuntu 22.04, 24.04 only | Ubuntu 22.04, 24.04, MacOS 13/14/15 with M4 Pro, Windows Server 2022 | Latest Linux, MacOS, Windows, custom images through app | | **Caching** | 25GB per repo | Unlimited; 7-day retention; Scales to 100+ jobs with no throttling | Unlimited storage, better scaling, container layer caching | | **Infrastructure** | EU and US | Cloud (EU), BYOC (AWS, GCP, Azure any region) | Multiple providers/regions, reduced data transfer costs | | **Sticky Disks** | Available | Not available | Cache stored on sticky disks is instantly available to runners, but concurrency is limited | | **Remote Docker Builder** | Only x86-64 | x86-64 and arm64 multi-arch builds | Multi arch support for fast, native builds. | | **SSO support** | Not available | SSO supported | SSO supported for Microsoft Entra ID, Google, Okta, Auth0, JumpCloud etc. | | **Static IPs** | Available as paid feature | Available at no cost (BYOC only) | | | **Pricing** | 50% of GitHub cost | x86-64: Same as Blacksmith; arm64: 40% more powerful, 20% more expensive | | | **Snapshots** | Not available | Available | Save and restore runner state for persistence and incremental builds. Provides 10x improvement in build times by eliminating dependency installation time. | | **Bring Your Own Cloud (BYOC)** | Not available | Available | Cloud-hosted control plane with runners in user's cloud account. Provides maximum flexibility, zero management overhead, and is 10x cheaper than Blacksmith. Users can leverage preferential pricing with their cloud providers. | | **Compliance** | SOC2 Type2 | SOC2 Type2 | | | **Global Regions** | Limited to EU and US | Cloud (EU), Support for 29+ regions globally (BYOC) | Minimizes data transfer costs, improves performance, and supports data residency regulations essential for sensitive workloads. | | **Configurable Disks** | Fixed 80-160GB | Configurable sizes, IOPS, and throughput | Optimized for ML/AI workloads, large container builds, monorepos, game and mobile app development. | | **Advanced Dashboard** | Richer dashboard | Rich dashboard | Blacksmith has more insights on metrics like cost saved, and analytics on cache usage. | | **Security** | Bot requires read-write access to code and build logs. | Bot requires minimal permissions and no code or build logs access. | This is crucial for Enterprises and security conscious teams. | ![Blacksmith WarpBuild Cache](/images/blog/blacksmith-warpbuild-comparison-2025-May/blacksmith-warpbuild-cache.png) ![WarpBuild Dashboard](/images/blog/blacksmith-warpbuild-comparison-2025-May/warpbuild-dashboard.png) ![WarpBuild Analytics](/images/blog/blacksmith-warpbuild-comparison-2025-May/warpbuild-analytics.png) ## Conclusion Blacksmith provides fast Github Actions runners. WarpBuild provides equally fast x86-64 runners, and even faster arm64 runners. For enterprises, WarpBuild delivers 10x faster builds with SSO, snapshots, multi-arch docker builder cloud. WarpBuild also provides BYOC for improved security and more customization at a fraction of the cost (~5x cheaper compared to Blacksmith). ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). For any errors in this post, please contact us at support@warpbuild.com. --- --- # Blacksmith vs WarpBuild Comparison URL: https://www.warpbuild.com/blog/blacksmith-warpbuild-comparison Description: Blacksmith features, performance, and why WarpBuild is a better Github Actions runner alternative. --- title: "Blacksmith vs WarpBuild Comparison" excerpt: "Blacksmith features, performance, and why WarpBuild is a better Github Actions runner alternative." description: "Blacksmith features, performance, and why WarpBuild is a better Github Actions runner alternative." date: "2024-08-22" author: surya_oruganti cover: "/images/blog/blacksmith-warpbuild-comparison/cover.png" --- Blacksmith provides Github Actions runners, that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed description of the features of Blacksmith, and see how it compares to WarpBuild. ## Blacksmith Features ### `x86-64` and `arm64` Runners Blacksmith supports both x86-64 and arm64 architectures. This allows you to build your projects on both platforms, without emulation. This can speed up your arm64 builds 2-5x. WarpBuild Advantage: WarpBuild supports x86-64 and arm64 instances. WarpBuild arm64 instances are ~20% more powerful for faster raw performance but Blacksmith's x86-64 instances are ~15% faster. WarpBuild has faster networking, more disk configurations which lead to overall faster builds. ### Concurrency Blacksmith has no concurrency limits, in theory. However, there may be some delays for large customers because of lead time in provisioning instances. WarpBuild Advantage: WarpBuild supports truly unlimited concurrency at no additional cost out of the box for x86-64 and arm64 instances. ### OS and Images Blacksmith supports Ubuntu 22.04 only, compatible with Github actions runner images. WarpBuild Advantage: WarpBuild supports ubuntu 22.04 and the latest 24.04 ubuntu image as well, and is 100% compatible with Github actions runner images. Users can use the app to setup any number of custom base images directly. > WarpBuild also supports MacOS runners powered by M2 Pros for blazing fast MacOS builds on MacOS 13 and 14. ### Caching Blacksmith provides 25GB of cache per repo, free. Any additional usage evicts the least recently used cache entries. The cache performance is fast for low concurrency workflows but may not scale well for high concurrency workflows since it is backed by a single disk. WarpBuild Advantage: WarpBuild provides unlimited cache storage with a 7-day retention policy from last access. The cache performance is blazing fast even for workflows having 100+ concurrent jobs. This is a major advantage for larger customers, especially when there are large artifacts, monorepos, or container builds with large layers. > WarpBuild supports container large layer caching, which Blacksmith does not support. ![Blacksmith WarpBuild Cache](/images/blog/blacksmith-warpbuild-comparison/blacksmith-warpbuild-cache.png) ### Hosting Provider Blacksmith runners are hosted on Hetzner, with most of the compute in the EU region. WarpBuild Advantage: WarpBuild runs compute on AWS, GCP, and Azure and users can choose which region to run their builds in. This has enormous advantages for customers to minimize inter-region data transfer costs and improve performance. ### Security Blacksmith runners are ephemeral VMs, running on bare-metal. This is potentially subject to noisy neighbors and performance degradation. WarpBuild Advantage: WarpBuild runners are ephemeral VMs as well, with the virtualization and isolation handled by the underlying cloud provider (AWS, GCP, Azure) and strong performance guarantees. This allows WarpBuild to be more secure and compliant with the most stringent security standards. ### Enterprise Compliance Blacksmith is SOC2 Type1 compliant. Data residency regions are not handled. WarpBuild Advantage: WarpBuild is in the process of getting SOC2 Type2 compliance certification. The documentation will be available for free, on request. ### Static IPs Blacksmith supports static IPs for the runner instances, required for allowlisting in sensitive workflows. This is a paid feature and is available on request. WarpBuild Advantage: WarpBuild offers static IPs for runners (on BYOC only) at no additional cost. ### Runner Pricing Blacksmith's pricing is 50% of the cost of a Github Actions runner for x86-64 and arm64 runners. WarpBuild Advantage: WarpBuild x86-64 runners are the same price as Blacksmith runners. The arm64 runners are 20% more expensive but offer ~20% higher performance. ### Dashboard and Analytics Blacksmith has a basic dashboard for runners at the high level without drill-downs, but with nice cache analytics. WarpBuild Advantage: WarpBuild supports a rich dashboard for runners, cache usage, and builds. There are also analytics and insights for the entire repository, including build times, build failure rates, runtime trends, activity heatmaps and more. ![WarpBuild Analytics](/images/blog/blacksmith-warpbuild-comparison/warpbuild-analytics.png) ## Missing Features Blacksmith is missing a lot of features essential for robust CI. These features are usually deal breakers for large and fast growing teams. WarpBuild supports all of these features. ### Snapshots WarpBuild supports saving and restoring state from a runner instance for persistence and incremental builds is essential for large codebases. WarpBuild users see a _10x improvement_ in build times, due to this feature. Snapshots are very useful because the time in a CI workflow spent installing dependencies is eliminated and snapshots enable incremental builds. ### Bring Your Own Cloud (BYOC) WarpBuild supports BYOC, with a cloud-hosted control plane and the runners spawned in the user's cloud account. This provides the best of both worlds with maximum flexibility and zero management overhead. This is a major advantage for larger customers and is 10x cheaper than Blacksmith. Users can leverage preferential pricing agreements with their cloud providers for even more value. ### Regions WarpBuild supports over 29 regions globally. This is huge for minimizing data transfer costs and improving performance. It is essential for some customers with sensitive workloads and data residency regulations. ### Disk Configurations Blacksmith only supports 64GB of disk storage. WarpBuild supports configurable disk sizes, iops, and throughput. This is useful for ML/AI workloads, large container builds, monorepos, game developers, and mobile app development. ### Roadmap Blacksmith's product is still evolving. In contrast, WarpBuild is already the most capable product in this space and has been adding new features and capabilities to its platform rapidly since launch less than a year ago. ![WarpBuild Dashboard](/images/blog/blacksmith-warpbuild-comparison/warpbuild-dashboard.png) ## Conclusion Blacksmith is a basic provider of Github Actions runners. WarpBuild is superior to Blacksmith in every way, except ~10% difference in x86-64 vCPU performance. Blacksmith is ~5x more expensive compared to WarpBuild's BYOC runners. Large or fast growing teams use WarpBuild for their CI/CD needs at scale for 10x faster builds with snapshots, better security, and more customizable with BYOC. ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- Stay tuned for more updates and features coming soon. Happy building! --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). Contact us at support@warpbuild.com. --- --- # BuildJet Is Shutting Down: Migrate to WarpBuild URL: https://www.warpbuild.com/blog/buildjet-shutting-down Description: BuildJet is shutting down on March 31, 2026. Learn why WarpBuild is the best alternative for fast, affordable GitHub Actions runners with snapshots, unlimited concurrency, and multi-cloud support. --- title: "BuildJet Is Shutting Down: Migrate to WarpBuild" description: "BuildJet is shutting down on March 31, 2026. Learn why WarpBuild is the best alternative for fast, affordable GitHub Actions runners with snapshots, unlimited concurrency, and multi-cloud support." excerpt: "BuildJet is shutting down. Here's why WarpBuild is the best alternative for your GitHub Actions workflows." date: "2026-02-10" author: surya_oruganti cover: "/images/blog/buildjet-shutting-down/cover.png" --- On February 6, 2026, BuildJet [announced](https://buildjet.com/for-github-actions/blog/we-are-shutting-down) that it is shutting down. The service will stop running jobs on March 31, 2026, and new signups have already been halted. If you're a BuildJet customer, you need to migrate your workflows before the deadline. BuildJet was one of the first to prove that teams needed faster GitHub Actions runners. They showed that the default 2-core VMs weren't cutting it — and thousands of teams agreed. Credit where it's due: BuildJet helped establish the market for third-party CI runners. Teams with demanding CI workloads still need more — snapshots, unlimited concurrency, multi-cloud infrastructure, and fast caching at scale. This is even more essential now, with so much more code being generated everyday by AI tools that CI is fast becoming the bottleneck. That's exactly where WarpBuild comes in. ## What This Means for Your Team Here's the timeline: - **February 6, 2026:** New signups halted. All concurrency subscriptions are now free. - **March 31, 2026:** BuildJet stops running jobs entirely. If your workflows use `buildjet-*` runner labels, they will fail after March 31. You need to migrate before then. You have two options: go back to GitHub's stock runners, or move to WarpBuild and keep the fast CI experience your team is used to. ## Why Not Just Go Back to GitHub Runners? If your team chose BuildJet, it was because you needed faster builds. That need doesn't go away when BuildJet does. GitHub's default runners are 2-core shared VMs, and while their larger runners offer more CPU, they still lack features that modern CI demands — snapshots, bring-your-own-cloud, unlimited concurrency, and fast caching at scale. If fast CI matters to your team, it's worth looking at what's available today. ## Why WarpBuild WarpBuild is a natural next step for BuildJet users. Same one-line setup, same drop-in replacement model — with additional capabilities on top. For a detailed feature-by-feature comparison, see our [BuildJet vs WarpBuild comparison](/blog/buildjet-warpbuild-comparison-2025-May). Here's what matters most: ### Snapshots: 2-10x Faster Builds WarpBuild provides fast hardware plus [snapshots](/docs/ci/features/snapshot-runners) — the ability to save and restore full VM state across builds. Instead of reinstalling dependencies, rebuilding caches, and setting up environments from scratch every run, your CI starts exactly where it left off. This is the single biggest unlock for CI performance. ### Unlimited Concurrency WarpBuild has no concurrency limits and no extra fees. Run as many parallel jobs as your workflows need — no caps, no add-on pricing. ### Fast, Unlimited Cache WarpBuild provides unlimited [cache storage](/docs/ci/features/caching) with 7-day retention from last access, designed to stay fast even at 100+ concurrent jobs. It works with the standard `actions/cache` action — no proprietary tooling needed. ### Multi-Cloud and 29+ Regions WarpBuild supports AWS, GCP, and Azure across 29+ regions globally. Pick the region closest to your source code and artifact storage to minimize latency and data transfer costs. ### Bring Your Own Cloud (BYOC) For teams that want maximum control and savings, [WarpBuild BYOC](/docs/ci/byoc) lets you run CI runners in your own AWS, GCP, or Azure account. WarpBuild manages the control plane while runners execute in your infrastructure — giving you 10x cost savings compared to hosted options, plus static IPs, custom images, and full network control. BuildJet never offered this. ### Full OS Coverage BuildJet supported Ubuntu 20.04 and 22.04 only. WarpBuild runs Ubuntu 20.04/22.04/24.04, Windows Server 2022/2025, and macOS 13/14/15/26 on M4 Pro hardware. Whatever your workflows need, WarpBuild covers it. ### Enterprise Ready WarpBuild is SOC2 Type 2 compliant, supports SSO through Microsoft Entra ID, Google, Okta, Auth0, and JumpCloud, and offers a 99.9% SLA with dedicated support. BuildJet was not SOC2 compliant and charged $500 just for a security assessment. ### Active Development BuildJet's product was essentially unchanged for over 2.5 years before the shutdown announcement. WarpBuild ships new features every week — remote Docker builders, configurable disks, analytics dashboards, and more. You're migrating to a platform that's investing in the future, not winding down. ## Migrating from BuildJet to WarpBuild Migration takes under 10 minutes for most teams. Here's how: ### 1. Sign up and install the WarpBuild bot Create an account at [app.warpbuild.com](https://app.warpbuild.com) and install the WarpBuild GitHub bot on your repositories. See the [quick start guide](/docs/ci/quick-start) for details. ### 2. Update your runner labels Replace BuildJet runner labels with their WarpBuild equivalents in your workflow files: | BuildJet Label | WarpBuild Label | | --- | --- | | `buildjet-2vcpu-ubuntu-2204` | `warp-ubuntu-2204-x64-2x` | | `buildjet-4vcpu-ubuntu-2204` | `warp-ubuntu-2204-x64-4x` | | `buildjet-8vcpu-ubuntu-2204` | `warp-ubuntu-2204-x64-8x` | | `buildjet-16vcpu-ubuntu-2204` | `warp-ubuntu-2204-x64-16x` | | `buildjet-2vcpu-ubuntu-2204-arm` | `warp-ubuntu-latest-arm64-2x` | | `buildjet-4vcpu-ubuntu-2204-arm` | `warp-ubuntu-latest-arm64-4x` | For a full list of available runner configurations, see the [cloud runners documentation](/docs/ci/cloud-runners). Here's what the change looks like in a workflow file: ```yaml title="Before (BuildJet)" jobs: build: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - uses: actions/checkout@v4 - run: make build ``` ```yaml title="After (WarpBuild)" jobs: build: runs-on: warp-ubuntu-2204-x64-4x steps: - uses: actions/checkout@v4 - run: make build ``` ### 3. Swap the cache action If you're using `buildjet/cache`, replace it with `actions/cache`. WarpBuild's caching infrastructure is fully compatible with the standard GitHub Actions cache action. ```yaml title="Before" - uses: buildjet/cache@v4 ``` ```yaml title="After" - uses: actions/cache@v4 ``` That's it. Your workflows will now run on WarpBuild's infrastructure with faster hardware, better caching, and no concurrency limits. ## Get Started BuildJet helped prove that teams deserve faster CI. WarpBuild is where that journey continues — with snapshots, unlimited concurrency, multi-cloud support, and pricing that's 50% cheaper than GitHub. Don't wait until March 31. [Sign up for WarpBuild](https://app.warpbuild.com) and migrate your workflows today. For a deeper technical comparison, read our [full BuildJet vs WarpBuild breakdown](/blog/buildjet-warpbuild-comparison-2025-May). --- # BuildJet vs WarpBuild Comparison - 2025 May URL: https://www.warpbuild.com/blog/buildjet-warpbuild-comparison-2025-May Description: BuildJet features, performance, pricing, and how it compares to WarpBuild. --- title: "BuildJet vs WarpBuild Comparison - 2025 May" excerpt: "BuildJet features, performance, pricing, and how it compares to WarpBuild." description: "BuildJet features, performance, pricing, and how it compares to WarpBuild." date: "2025-05-19" author: surya_oruganti cover: "/images/blog/buildjet-warpbuild-comparison-2025-May/cover.png" --- BuildJet provides Github Actions runners that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed comparison between BuildJet and WarpBuild to help you make an informed decision. ## Feature Comparison | Feature | BuildJet | WarpBuild | WarpBuild Advantage | | ------------------ | --------------------------------------------------- | -------------------------------------------------------- | -------------------------------------------------- | | **Architecture** | x86-64, arm64 | x86-64 (Desktop Class Ryzen 7950X3D), arm64 (Graviton 4) | More powerful instances for faster raw performance | | **Concurrency** | Limited (64 x86, 32 arm64); +$300/month for 100vCPU | Unlimited | No limits or fees | | **OS Support** | Ubuntu 20/22; Limited custom images | Ubuntu 20/22/24; MacOS 13/14/15; Custom images | Latest OS, MacOS, full compatibility | | **Caching** | 20GB/repo; Slow | Unlimited; 7-day retention; Fast | Unlimited storage, faster performance | | **Infrastructure** | Hetzner (EU) | Cloud (EU), BYOC (AWS, GCP, Azure) | Multiple providers/regions | | **Security** | KVM-based | KVM-based / Cloud provider isolation; Strong guarantees | Better security standards | | **Compliance** | Not SOC2 compliant; $500 assessment fee | SOC2 Type2 compliant | Higher compliance at no cost | | **Pricing** | x86-64: 50% of GitHub; arm64: 20% cheaper | x86-64: 50% of GitHub; arm64: 40% cheaper | Better x86-64 and arm64 price-performance | ## WarpBuild Exclusive Features | Feature | Description & Benefit | | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Remote Docker Builder** | Run docker builds on a remote machine with full local caching. This infrastructure is optimized with high performance processors, and local NVMe SSDs. This is a major advantage for large container builds, monorepos, and game and mobile app development. | | **Snapshots** | Save and restore runner state for persistence and incremental builds. Provides 10x improvement in build times by eliminating dependency installation time. | | **Bring Your Own Cloud (BYOC)** | Cloud-hosted control plane with runners in user's cloud account on AWS, GCP, Azure. Provides maximum flexibility, zero management overhead, and is 10x cheaper than BuildJet. | | **SSO support** | SSO support for Microsoft Entra ID, Google, Okta, Auth0, JumpCloud etc. Ensures secure and enterprise ready deployment. | | **SOC2 Type2 Certification** | SOC2 Type2 compliant. Documentation available on request. Provides higher compliance standards at no additional cost. | | **Global Regions** | Support for 29+ regions globally. Minimizes data transfer costs, improves performance, and supports data residency regulations. | | **Static IPs** | Static IP addresses for BYOC runner instances. Required for allowlisting in sensitive workflows. | | **Configurable Disks** | Cloud runners with local NVMe SSDs. BYOC runners with configurable disk sizes, IOPS, and throughput. Optimized for ML/AI workloads, large container builds, monorepos, game and mobile app development. | | **Dashboard and Analytics** | Rich dashboard for runners, cache usage, builds, with insights on build times, failure rates, trends. Enables data-driven CI optimization. | ## Product Development | Aspect | BuildJet | WarpBuild | | ------------------- | -------------------------------- | ------------------------------------------------- | | **Innovation Rate** | Product unchanged for >2.5 years | Rapid feature development and feature rich | | **Roadmap** | Maintenance mode | Active development with regular feature additions | ![WarpBuild Dashboard](/images/blog/buildjet-warpbuild-comparison-2025-May/warpbuild-dashboard.png) ![WarpBuild Analytics](/images/blog/buildjet-warpbuild-comparison-2025-May/warpbuild-analytics.png) ![WarpBuild Cache](/images/blog/buildjet-warpbuild-comparison-2025-May/warpbuild-cache.png) ## Conclusion BuildJet provides basic Github Actions runners, but lacks essential features for robust CI/CD platforms. It has been in maintenance mode for approximately 1.5 years. WarpBuild offers superior price, performance, and features, making it the preferred choice for large or fast-growing teams. ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). For any errors in this post, please contact us at support@warpbuild.com. --- --- # BuildJet vs WarpBuild Comparison URL: https://www.warpbuild.com/blog/buildjet-warpbuild-comparison Description: BuildJet features, performance, and why WarpBuild is a better Github Actions runner alternative. --- title: "BuildJet vs WarpBuild Comparison" excerpt: "BuildJet features, performance, and why WarpBuild is a better Github Actions runner alternative." description: "BuildJet features, performance, and why WarpBuild is a better Github Actions runner alternative." date: "2024-08-20" author: surya_oruganti cover: "/images/blog/buildjet-warpbuild-comparison/cover.png" --- BuildJet provides Github Actions runners, that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed description of the features of BuildJet, and see how it compares to WarpBuild. ## BuildJet Features ### `x86-64` and `arm64` Runners BuildJet supports both x86-64 and arm64 architectures. This allows you to build your projects on both platforms, without emulation. This can speed up your builds 2-5x. WarpBuild Advantage: WarpBuild supports x86-64 and arm64 instances, that are more powerful for faster raw performance. ### Concurrency BuildJet supports up to 64 concurrent x86-64 vCPUs and 32 concurrent arm64 vCPUs for builds. This can be increased at an additional cost of $300/month for 100vCPU. WarpBuild Advantage: WarpBuild supports unlimited concurrency at no additional cost out of the box for x86-64 and arm64 instances. ### OS and Images BuildJet supports Ubuntu 22.04, Ubuntu 20.04, compatible with Github actions runner images, with some deviations. Custom base images are available for large customers at an additional cost. WarpBuild Advantage: WarpBuild supports the latest 24.04 ubuntu image as well, and is 100% compatible with Github actions runner images. Users can use the app to setup any number of custom base images directly. > WarpBuild also supports MacOS runners powered by M2 Pros for blazing fast MacOS builds on MacOS 13 and 14. ### Caching BuildJet provides 20GB of cache per repo, free. Any additional usage evicts the oldest cache entries. Users migrating away from BuildJet have reported that the cache performance was slow. WarpBuild Advantage: WarpBuild provides unlimited cache storage with a 7-day retention policy from last access. The cache performance is blazing fast even for workflows having 100+ concurrent jobs. This is a major advantage for larger customers, especially when there are large artifacts, monorepos, or container builds with large layers. > WarpBuild supports container large layer caching, which BuildJet does not support. ![WarpBuild Cache](/images/blog/buildjet-warpbuild-comparison/warpbuild-cache.png) ### Hosting Provider BuildJet runners are hosted on Hetzner, with most of the compute in the EU region. WarpBuild Advantage: WarpBuild runs compute on AWS, GCP, and Azure and users can choose which region to run their builds in. This has enormous advantages for customers to minimize inter-region data transfer costs and improve performance. ### Security BuildJet runners are KVM-based ephemeral VMs, running on bare-metal. This is potentially subject to noisy neighbors and performance degradation. WarpBuild Advantage: WarpBuild runners are ephemeral VMs as well, with the virtualization and isolation handled by the underlying cloud provider (AWS, GCP, Azure) and strong performance guarantees. This allows WarpBuild to be more secure and compliant with the most stringent security standards. ### Enterprise Compliance BuildJet is not SOC2 compliant. A Security Assessment Questionnaire is available for a $500 fee. WarpBuild Advantage: WarpBuild is in the process of getting SOC2 Type2 compliance certification. The documentation will be available for free, on request. ### Runner Pricing BuildJet's pricing is 50% of the cost of a Github Actions runner for x86-64. The arm64 runners are less powerful (about 40% the memory per vCPU) compared to Github hosted runners and are 20% cheaper. WarpBuild Advantage: WarpBuild x86-64 runners are the same price as BuildJet. The arm64 runners are more powerful on single-core and multi-core performance compared to Github hosted runners while being 40% cheaper. ![BuildJet Dashboard](/images/blog/buildjet-warpbuild-comparison/buildjet-dashboard.png) ## Missing Features BuildJet is missing a lot of features essential for robust CI. These features are usually deal breakers for large and fast growing teams. WarpBuild supports all of these features. ![WarpBuild Dashboard](/images/blog/buildjet-warpbuild-comparison/warpbuild-dashboard.png) ### Snapshots WarpBuild supports saving and restoring state from a runner instance for persistence and incremental builds is essential for large codebases. WarpBuild users see a 10x improvement in build times, due to this feature. Snapshots are very useful because the time in a CI workflow spent installing dependencies is eliminated and snapshots enable incremental builds. ### Bring Your Own Cloud (BYOC) WarpBuild supports BYOC, with a cloud-hosted control plane and the runners spawned in the user's cloud account. This provides the best of both worlds with maximum flexibility and zero management overhead. This is a major advantage for larger customers and is 10x cheaper than BuildJet. Users can leverage preferential pricing agreements with their cloud providers for even more value. ### Regions WarpBuild supports over 29 regions globally. This is huge for minimizing data transfer costs and improving performance. It is essential for some customers with sensitive workloads and data residency regulations. ### Static IPs WarpBuild supports static IPs for the runner instances, required for allowlisting in sensitive workflows. ### Disk Configurations WarpBuild supports configurable disk sizes, iops, and throughput. This is useful for ML/AI workloads, large container builds, monorepos, game developers, and mobile app development. ### Dashboard and Analytics WarpBuild supports a rich dashboard for runners, cache usage, and builds. There are also analytics and insights for the entire repository, including build times, build failure rates, runtime trends, activity heatmaps and more. ![WarpBuild Analytics](/images/blog/buildjet-warpbuild-comparison/warpbuild-analytics.png) ### Roadmap and Execution BuildJet's product has remained unchanged for >1.5 years, with no features or updates added. In contrast, WarpBuild is already the most capable product in this space and has been adding new features and capabilities to its platform rapidly since launch less than a year ago. ## Conclusion BuildJet is a basic provider of Github Actions runners, but it is missing a lot of features essential for a robust CI/CD platform. BuildJet has effectively been in maintenance mode for the last ~1.5 years. Large or fast growing teams use WarpBuild for their CI/CD needs for price, performance, and features. ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- Stay tuned for more updates and features coming soon. Happy building! --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). Contact us at support@warpbuild.com. --- --- # Cirrus CI Is Shutting Down: Migrate to GitHub Actions + WarpBuild URL: https://www.warpbuild.com/blog/cirrus-ci-shutting-down Description: Cirrus CI shuts down June 1, 2026 as Cirrus Labs joins OpenAI. Learn how to migrate your workflows to GitHub Actions with WarpBuild - faster M4 Pro macOS runners, snapshots, unlimited concurrency, and 50% cheaper than GitHub's default runners. --- title: "Cirrus CI Is Shutting Down: Migrate to GitHub Actions + WarpBuild" description: "Cirrus CI shuts down June 1, 2026 as Cirrus Labs joins OpenAI. Learn how to migrate your workflows to GitHub Actions with WarpBuild - faster M4 Pro macOS runners, snapshots, unlimited concurrency, and 50% cheaper than GitHub's default runners." excerpt: "Cirrus CI is shutting down. Here's how to migrate to GitHub Actions with WarpBuild for faster builds, M4 Pro macOS runners, and better pricing." date: "2026-04-08" author: surya_oruganti cover: "/images/blog/cirrus-ci-shutting-down/cover.png" --- On April 7, 2026, Cirrus Labs [announced](https://cirruslabs.org/) that Cirrus CI is shutting down. The service will stop running jobs on **June 1, 2026**, as the Cirrus Labs team joins OpenAI's Agent Infrastructure group. If you're a Cirrus CI user, you need to migrate your workflows before the deadline. Cirrus CI earned its place in the CI landscape. It was one of the first platforms to offer affordable macOS CI on Apple Silicon through [Tart](https://github.com/cirruslabs/tart), their open-source virtualization tool. Per-second billing, no concurrency limits, and generous free tiers for open source made it a home for projects like PostgreSQL, Bitcoin Core, and Podman. The team genuinely cared about developer experience, and it showed. The good news: Cirrus Labs is relicensing Tart, Vetu, and Orchard under more permissive licenses, so the community retains those tools. The less good news: no migration guidance was provided. If your CI depends on `.cirrus.yml`, it will stop working on June 1. Here's how to move forward. ## What This Means for Your Team - **June 1, 2026:** Cirrus CI stops running jobs entirely. - **Cirrus Runners:** No longer accepting new customers. Existing contracts honored through their periods. - **Your `.cirrus.yml` workflows will break** after the shutdown date. Unlike other recent CI provider shutdowns that only required swapping a runner label, this one requires migrating your entire CI configuration to a new platform. You have two decisions to make: which CI platform and which runner infrastructure. Our recommendation: **GitHub Actions** as the CI platform, and **WarpBuild** for the runner infrastructure. ## Why GitHub Actions + WarpBuild GitHub Actions has become the default CI platform for teams on GitHub. The ecosystem is massive - over 50,000 reusable actions in the marketplace, native integration with pull requests, issues, deployments, and OIDC-based authentication. Most CI tooling ships GitHub Actions support first. If you were on Cirrus CI, you chose it for specific reasons: macOS support, per-second billing, no concurrency limits, open-source friendliness. GitHub Actions with WarpBuild runners gives you all of that - and more. Here's how the key Cirrus CI features map over: | Cirrus CI | GitHub Actions + WarpBuild | | --- | --- | | Per-second billing, no concurrency limits | Per-minute billing, **unlimited concurrency** - no caps, no add-on pricing | | macOS M1 VMs (Tart) | **macOS M4 Pro** - three generations newer, 30%+ faster | | Linux containers | Linux x86-64 and ARM64 runners with NVMe SSDs | | Windows containers | Windows Server 2022 and 2025 runners | | Built-in caching | **Unlimited cache** with 7-day retention via `actions/cache` | | Persistent workers | **BYOC** - full cloud-account integration on AWS, GCP, Azure | | Free for open source | GitHub Actions free minutes for public repos | What you gain that Cirrus CI never offered: [snapshot runners](/docs/ci/features/snapshot-runners) (2-10x faster Linux builds), a 50,000+ action marketplace, reusable workflows, matrix builds with native syntax, and GitHub Environments with deployment protection rules. ## macOS Runners - M4 Pro, Three Generations Ahead If you used Cirrus CI for macOS builds, this is the most important section. Cirrus CI ran macOS VMs on M1 hardware via Tart. WarpBuild runs on **Apple M4 Pro** - three generations newer with a PassMark single-core score of 4625, 30% faster than M2 Pro and significantly faster than M1. Builds that took 10 minutes on Cirrus CI's M1 runners typically complete in 6-7 minutes on WarpBuild's M4 Pro, meaning the total cost per build is often lower despite a higher per-minute rate. | Runner | CPU | Memory | Storage | Price | | --- | --- | --- | --- | --- | | `warp-macos-15-arm64-6x` | 6 vCPU | 22GB | 120GB SSD | $0.08/min | | `warp-macos-15-arm64-12x` | 12 vCPU | 44GB | 270GB SSD | $0.16/min | WarpBuild supports macOS 13, 14, 15, and 26, with Xcode, iOS Simulator, Fastlane, and CocoaPods pre-installed. These runners are [60% faster than GitHub's macos-latest-xlarge and 2x cheaper](/products/ci/macos-runners). Cirrus CI: Apple M1 (Tart VMs) → WarpBuild: Apple M4 Pro - 60% faster than GitHub-hosted M1 runners, up to 8x faster than Intel-based runners. For iOS and macOS builds, this is the single biggest upgrade available today. ## What Else WarpBuild Brings ### Snapshot Runners: 2-10x Faster Linux Builds This is something Cirrus CI never had. WarpBuild [snapshot runners](/docs/ci/features/snapshot-runners) save and restore the entire VM state between builds. Instead of reinstalling dependencies, rebuilding caches, and setting up environments from scratch every time, your CI starts exactly where it left off. Currently available for Linux runners, snapshots are especially powerful for builds with heavy dependency trees - cutting build times by 2-10x. ### Unlimited Concurrency, No Credit System Cirrus CI used a credit-based pricing model - buy credits, spend them across different runner types at different rates. WarpBuild uses flat per-minute pricing with no concurrency caps. Run as many parallel jobs as your workflows need. No credits to manage, no surprise bills when your team scales up. When you factor in faster hardware (and snapshot runners for Linux workloads), the cost per build on WarpBuild is typically lower than what you were paying on Cirrus CI. Fewer minutes per build means lower total spend. ### Unlimited Cache WarpBuild provides [unlimited cache storage](/docs/ci/features/caching) with 7-day retention from last access. It works with the `WarpBuilds/cache` action - no proprietary tooling. WarpBuild has none. ### Bring Your Own Cloud (BYOC) Cirrus CI offered persistent workers for self-hosted setups, but not full cloud-account integration. [WarpBuild BYOC](/docs/ci/byoc) lets you run CI runners in your own AWS, GCP, or Azure account. WarpBuild manages the control plane while runners execute in your infrastructure - giving you up to 10x cost savings compared to hosted options, plus static IPs, custom machine images, and full network control. ### Full OS and Architecture Coverage - **Linux:** x86-64 and ARM64, Ubuntu 22.04 and 24.04, up to 32 vCPU - **Windows:** Server 2022 and 2025, up to 32 vCPU - **macOS:** 13, 14, 15, 26 on M4 Pro ### Enterprise Ready WarpBuild is [SOC2 Type 2 compliant](/blog/soc2), supports SSO through Microsoft Entra ID, Google, Okta, Auth0, and JumpCloud, and offers a 99.9% SLA with dedicated support across 29+ regions globally. ## Migrating from Cirrus CI to GitHub Actions + WarpBuild This migration is bigger than a runner label swap - you're moving from Cirrus CI's `.cirrus.yml` configuration format to GitHub Actions workflow files. For simple setups, expect a few hours. For complex multi-platform configurations, plan for a day or two. ### Step 1: Sign Up and Install the WarpBuild Bot Create an account at [app.warpbuild.com](https://app.warpbuild.com) and install the WarpBuild GitHub bot on your repositories. See the [quick start guide](/docs/ci/quick-start) for details. ### Step 2: Convert Your .cirrus.yml to GitHub Actions Workflows Here's how Cirrus CI concepts map to GitHub Actions: | Cirrus CI | GitHub Actions | | --- | --- | | `task` | `jobs.` | | `script` | `jobs..steps[*].run` | | `cache` | `actions/cache@v4` | | `matrix` | `jobs..strategy.matrix` | | `depends_on` | `jobs..needs` | | `only_if` / `skip` | `jobs..if` | | `env` | `env` (workflow or job level) | | `osx_instance` | `runs-on: warp-macos-15-arm64-6x` | | `container` | `jobs..container` | | `arm_container` | `runs-on: warp-ubuntu-latest-arm64-4x` | | `windows_container` | `runs-on: warp-windows-latest-x64-4x` | Here's a real-world before and after. A typical Cirrus CI config with macOS and Linux tasks: ```yaml title=".cirrus.yml (Before - Cirrus CI)" macos_task: osx_instance: image: ghcr.io/cirruslabs/macos-runner:sonoma env: SCHEME: MyApp build_script: - xcodebuild -scheme $SCHEME -sdk iphoneos build test_script: - xcodebuild -scheme $SCHEME -sdk iphonesimulator test linux_task: container: image: node:20 node_modules_cache: folder: node_modules fingerprint_script: cat package-lock.json install_script: - npm ci test_script: - npm test ``` ```yaml title=".github/workflows/ci.yml (After - GitHub Actions + WarpBuild)" name: CI on: [push, pull_request] jobs: macos-build: runs-on: warp-macos-15-arm64-6x env: SCHEME: MyApp steps: - uses: actions/checkout@v4 - name: Build run: xcodebuild -scheme $SCHEME -sdk iphoneos build - name: Test run: xcodebuild -scheme $SCHEME -sdk iphonesimulator test linux-test: runs-on: warp-ubuntu-latest-x64-4x container: image: node:20 steps: - uses: actions/checkout@v4 - uses: actions/cache@v4 with: path: node_modules key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} - name: Install run: npm ci - name: Test run: npm test ``` For a full list of available runner labels and configurations, see the [cloud runners documentation](/docs/ci/cloud-runners). ### Step 3: Set Up Caching Cirrus CI had built-in `cache` directives with folder and fingerprint configuration. In GitHub Actions, use `actions/cache@v4` with WarpBuild's unlimited cache backend: ```yaml title="Caching in GitHub Actions" - uses: actions/cache@v4 with: path: | ~/.cache/pip node_modules key: ${{ runner.os }}-deps-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-deps- ``` ### Step 4: Migrate Secrets and Environment Variables Cirrus CI used encrypted variables in `.cirrus.yml`. In GitHub Actions, store secrets in **Settings → Secrets and variables → Actions** at the repository or organization level. Reference them in workflows as `${{ secrets.MY_SECRET }}`. For deployment-specific secrets, use [GitHub Environments](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) with protection rules - something Cirrus CI didn't offer natively. ### Step 5: Enable Snapshot Runners for Linux (Optional) Once your Linux workflows are running on WarpBuild, you can enable [snapshot runners](/docs/ci/features/snapshot-runners) for an additional 2-10x speedup. This saves your full VM state - installed dependencies, compiled caches, configured tools - and restores it on the next run. Snapshots are currently available for Linux runners and are especially powerful for builds with heavy dependency installation steps. ## What About Cirrus CI's Open Source Tools? Cirrus Labs is relicensing Tart, Vetu, and Orchard under more permissive licenses and has stopped charging licensing fees. If you self-hosted macOS VMs using Tart, those tools remain available and the community can continue to build on them. But if you used Cirrus CI's managed infrastructure and don't want the operational burden of running your own macOS VM fleet, WarpBuild handles all of that - on newer M4 Pro hardware, without any infrastructure maintenance on your end. ## Frequently Asked Questions **When does Cirrus CI shut down?** Cirrus CI stops running jobs on **June 1, 2026**. All `.cirrus.yml` workflows will stop working after this date. **What is happening to Cirrus Labs?** The Cirrus Labs team is joining OpenAI's Agent Infrastructure team. Their open-source tools (Tart, Vetu, Orchard) will continue under more permissive licenses. **What about Cirrus Runners?** Cirrus Runners is no longer accepting new customers. Existing customers will have their contracts honored through their contracted periods, but the service is winding down alongside the CI platform. **Is WarpBuild a drop-in replacement for Cirrus CI?** Not exactly. Cirrus CI was a standalone CI platform with its own `.cirrus.yml` configuration. WarpBuild provides fast runner infrastructure for **GitHub Actions**. You'll need to migrate your CI configuration to GitHub Actions workflow files and use WarpBuild runner labels - this post provides a [step-by-step guide](#migrating-from-cirrus-ci-to-github-actions--warpbuild). **Does WarpBuild support macOS runners?** Yes. WarpBuild provides macOS runners on **Apple M4 Pro** hardware - three generations newer than Cirrus CI's M1-based Tart VMs. Available in 6 vCPU ($0.08/min) and 12 vCPU ($0.16/min) configurations, supporting macOS 13, 14, 15, and 26. See the [macOS runners page](/products/ci/macos-runners) for details. **How long does migration take?** For simple workflows with a few tasks, a few hours. For complex multi-platform configurations with many tasks, matrix builds, and custom scripts, plan for 1-2 days. The main effort is converting `.cirrus.yml` syntax to GitHub Actions workflow syntax - once that's done, pointing at WarpBuild runners is a one-line change. ## Get Started Cirrus CI served the developer community well for nearly a decade. WarpBuild is where that journey continues - with M4 Pro macOS runners, snapshot builds, unlimited concurrency, and infrastructure that's actively improving every week. Don't wait until June 1. [Sign up for WarpBuild](https://app.warpbuild.com) and start migrating your workflows today. The [quick start guide](/docs/ci/quick-start) will get you running in under 10 minutes, and the [cloud runners documentation](/docs/ci/cloud-runners) has the full list of available runner configurations. Need help migrating a complex Cirrus CI setup? Reach out to [support@warpbuild.com](mailto:support@warpbuild.com) - we're happy to assist. --- # Concurrent tests in GitHub Actions URL: https://www.warpbuild.com/blog/concurrent-tests Description: Speeding up test suites by running them concurrently on multiple machines with GitHub Actions --- title: "Concurrent tests in GitHub Actions" excerpt: "Concurrent tests in GitHub Actions" description: "Speeding up test suites by running them concurrently on multiple machines with GitHub Actions" date: "2024-04-18" author: abhijit_hota cover: "/images/blog/concurrent-tests/cover.png" --- Running builds and tests are probably the most common use-cases for GitHub Actions. Modern test frameworks and build systems have built-in support for sharding tests and remote execution. Sharding is essentially running your tests or builds in parallel, not only on different threads or cores but distributing them across different machines altogether. ## Concurrent tests for popular test frameworks This guide details how to set up concurrent tests for some of the popular test frameworks. We will explore how to set up test sharding in GitHub Actions for Jest, Playwright and Pytest. ### Jest Jest is a popular JavaScript testing framework. It provides [native support for test sharding](https://jestjs.io/docs/cli#--shard) using the `--shard` option to run your tests in parallel simultaneously across multiple machines. The option takes an argument in the form of `shardIdx/shardCount`, where `shardIdx` is a number representing index of the shard and `shardCount` is the total number of shards. A simple benchmark on [a dummy test suite run](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8738287628) showed that sharding improves the run time from 3 minutes to 30 seconds. Here's how you can set it up in GitHub Actions: ```yaml name: CI on: push jobs: test: name: Tests runs-on: warp-ubuntu-latest-x64-4x strategy: fail-fast: false matrix: shardCount: [10] shardIdx: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 - run: npm ci - name: Run Jest tests run: npx jest --shard=${{ matrix.shardIdx }}/${{ matrix.shardCount }} ``` Jest parallelizes test runs across workers to maximize performance. You could optimize the performance of each shard by using the --maxWorkers option to specify the number of workers to use. ### Playwright Playwright is a popular end-to-end automation and testing framework for web applications. [Native support for test sharding](https://playwright.dev/docs/test-sharding) is available using the `--shard` option. Just like we saw with Jest earlier, the `--shard` option takes an argument in the form of `shardIdx/shardCount`, where `shardIdx` is the index of the shard and `shardCount` is the total number of shards. Sharding the tests improve the time from around 5 minutes 26 seconds to 1 minute 25 seconds for a [dummy test suite run](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8740435954). The setup is very similar to that of Jest: ```yaml name: CI on: push jobs: tests: name: Tests runs-on: warp-ubuntu-latest-x64-4x strategy: fail-fast: false matrix: shardCount: [10] shardIndex: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 - run: npm ci - name: Install Playwright browsers run: npx playwright install --with-deps - name: Run Playwright tests run: npx playwright test --shard=${{ matrix.shardIndex }}/${{ matrix.shardCount }} ```
  1. Playwright runs your tests in parallel by default using worker processes. To further optimize the tests in each shard, you can use the --workers option to specify the number of workers to use.
  2. Consider using container-based jobs to potentially speed up tests by reducing the overhead of browser installation for each shard.
 ### Pytest Pytest is a widely used testing framework for Python. Although Pytest doesn't natively support test sharding across machines, the third-party plugin [`pytest-split`](https://github.com/jerry-git/pytest-split) can distribute tests based on duration or name. The performance gain after sharding was really significant since Pytest doesn't run tests in parallel by default. The [dummy test runs](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8738290262) showed a 10x improvement in test run times - from 500 to 50 seconds. Setting up the workflow involves installing the `pytest-split` package and running pytest with the `--splits` and `--group` options: ```yaml name: CI on: push jobs: test: name: Tests runs-on: warp-ubuntu-latest-x64-4x strategy: fail-fast: false matrix: splitCount: [10] group: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 - run: pip install pytest pytest-split - name: Run pytest run: pytest --splits ${{ matrix.splitCount }} --group ${{ matrix.group }} ``` You can also optimize the tests to run faster by parallelizing the tests within each shard by using the pytest-xdist plugin. ## Comparison and Notes All of the test suites used, workflows and their runs can be found in our [`concurrent-tests`](https://github.com/WarpBuilds/concurrent-tests) repository. Here is a comparison the test run performance before and after sharding for the three test frameworks: | Test Framework | Default | Sharded x10 | Improvement | Workflow Run | | -------------- | ------- | ----------- | ----------- | ------------------------------------------------------------------------------ | | Jest | 3m | 30s | 6x | [Link](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8738287628) | | Playwright | 5m 26s | 1m 25s | 3.8x | [Link](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8740435954) | | Pytest | 8m 20s | 50s | 10x | [Link](https://github.com/WarpBuilds/concurrent-tests/actions/runs/8738290262) |

An important thing to keep in mind before sharding your tests with GitHub Actions is - all the steps inside the job are run again for each shard. This includes dependency installs, fetching third party actions, etc. For example, as stated earlier in the Playwright setup, we need to install the browsers for each shard.

Steps like these could add significant overhead and the performance gain might not be worth it or even inexistent. In worst cases, it might even increase the overall run time. It makes sense to benchmark your tests before and after sharding to see the benefits. Usually, large test suites with long run times benefit the most from sharding.

 ## Limitations While GitHub Actions' matrix strategy is really handy for parallelizing our tests and builds, a constraint that can't be ignored for performance is the imposed limit on number of concurrent jobs. GitHub has [a limit of 20 concurrent jobs per account](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits). You can increase this limit to 40 on a pro account or 60 on a team account but it is still very limiting for large teams. ## Further improvements Overall CI workflow times with GitHub actions can be reduced by parallelizing tests. Run times can be further improved by making the tests within each shard run faster by using the native parallelization features of the test frameworks or by using third-party packages. WarpBuild provides blazing fast runners, optimized for CPU, network, and disk performance that are 30% faster at half the cost. **At [WarpBuild](https://warpbuild.com), there are _no limits_ on the number of concurrent jobs**. You can run as many jobs as you want in parallel and minimize the wait times on GitHub Actions workflows. It takes only ~2 minutes to [get started](https://app.warpbuild.com). Even if WarpBuild doesn't impose a concurrency limitation, there is an upstream constraint by GitHub which limits the maximum number of jobs generated by a job matrix to 256. But that limit is seldom the problem in practice. --- # Debug GitHub Actions in live CI environment with AI URL: https://www.warpbuild.com/blog/debug-github-actions-ai Description: A comprehensive guide to debugging GitHub Actions CI failures by SSH-ing into the live runner environment. Covers Tailscale (zero-config) and Cloudflare Tunnel (SSH key) approaches with step-by-step setup instructions. Uses Cursor as the IDE and AI assistants for real-time debugging. --- title: "Debug GitHub Actions in live CI environment with AI" excerpt: "Stop the push-wait-fail cycle. Two methods to SSH directly into your GitHub Actions runner on failure for real-time debugging in live CI environment with your IDE (Cursor) and AI assistants." description: "A comprehensive guide to debugging GitHub Actions CI failures by SSH-ing into the live runner environment. Covers Tailscale (zero-config) and Cloudflare Tunnel (SSH key) approaches with step-by-step setup instructions. Uses Cursor as the IDE and AI assistants for real-time debugging." date: "2025-12-23" author: prashant_raj cover: "/images/blog/debug-github-actions-ai/cover.png" --- import { Step, Steps } from 'fumadocs-ui/components/steps'; ## The Problem Debugging CI failures often devolves into a frustrating cycle: make a change, push, wait for the build, hit the next error, repeat. This happens because replicating the CI environment locally is difficult—or sometimes impossible when dealing with OAuth tokens, cloud IAM roles, or environment-specific configurations. This guide shows you how to break that cycle by SSH-ing directly into your live CI environment when a job fails. You'll get full IDE access (with AI coding assistants) and an interactive terminal to diagnose and fix issues in real-time. This guide uses Cursor. Any VS Code fork may work but alternatives have not been tested. ## Prerequisites - [Remote-SSH extension](https://marketplace.cursorapi.com/items?itemName=anysphere.remote-ssh) installed in Cursor/VS Code - A GitHub repository with Actions workflows - For Tailscale method: A [Tailscale account](https://login.tailscale.com/start) - For SSH method: An SSH key pair and [Cloudflare CLI](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/) --- ## Method 1: Tailscale (Recommended) Tailscale provides a zero-trust mesh VPN that eliminates SSH key management entirely. Authentication is handled through your identity provider, and devices on your tailnet can communicate directly without exposing ports to the public internet. No SSH keys to configure, rotate, or store in secrets. Keyless authentication via your identity provider. Ephemeral nodes auto-remove when the runner terminates. ### Setup Tailscale ### Create a Tailscale account Sign up at [login.tailscale.com/start](https://login.tailscale.com/start). This creates your personal tailnet—a private mesh network for your devices. ### Add your local machine to the tailnet Follow the [Tailscale device setup guide](https://tailscale.com/kb/1316/device-add) to install Tailscale on your development machine. Verify it appears in your [admin dashboard](https://login.tailscale.com/admin/machines). ### Generate an ephemeral auth key Navigate to **Settings → Personal Settings → Keys** in the Tailscale admin console. Click **Generate auth key** with these options: - **Ephemeral**: Enabled (auto-removes the device when disconnected) - **Reusable**: Enabled (allows the same key for multiple runner registrations) ![tailscale auth key](/images/blog/github-actions-faster-debugging/tailscale-auth-key-form.png) ### Add the auth key to GitHub Secrets In your repository, go to **Settings → Secrets and variables → Actions** and create a new secret named `TAILSCALE_AUTH_KEY_DEBUG` with your generated auth key. ### Configure the Workflow Add this step to your workflow after the step that's failing. It connects the runner to your tailnet and keeps the job alive for debugging: ```yaml - name: Setup Tailscale SSH if: ${{ failure() }} run: | # Write secret to temp file mkdir -p /tmp/secrets echo "${{ secrets.TAILSCALE_AUTH_KEY_DEBUG }}" > /tmp/secrets/tailscale_auth_key chmod 600 /tmp/secrets/tailscale_auth_key # Install Tailscale curl -fsSL https://tailscale.com/install.sh | sh # Start Tailscale with auth key and SSH enabled sudo tailscale up --auth-key=$(cat /tmp/secrets/tailscale_auth_key) --hostname=gha-debug-${GITHUB_RUN_ID} --ssh # Get connection info TAILSCALE_IP=$(tailscale ip -4) TAILSCALE_HOSTNAME="gha-debug-${GITHUB_RUN_ID}" echo "" echo "========================================" echo "SSH INTO RUNNER" echo "========================================" echo "ssh runner@$TAILSCALE_IP" echo "ssh runner@$TAILSCALE_HOSTNAME" echo "" echo "OPEN IN CURSOR:" echo "cursor --folder-uri \"vscode-remote://ssh-remote+runner%40$TAILSCALE_IP/home/runner/work/\"" echo "========================================" echo "" echo "(Keeping job alive; cancel the workflow when done debugging.)" tail -f /dev/null ``` ### Connect from Cursor When the workflow fails, the step above logs a Cursor command. Copy and run it in your terminal: ```console cursor --folder-uri "vscode-remote://ssh-remote+runner%40100.88.xx.xx/home/runner/work/" ``` Cursor opens directly to the runner's workspace. You now have full IDE access with integrated terminal and AI assistance. --- ## Method 2: SSH with Cloudflare Tunnel If you can't use Tailscale, this method uses traditional SSH keys with Cloudflare Tunnel to expose the runner's SSH port without a public IP. This approach requires managing SSH keys and updating your local SSH config for each debug session. It's more complex but works in environments where Tailscale isn't an option. ### Setup SSH Keys ### Generate an SSH key pair (if needed) Check for existing keys with `ls ~/.ssh`. If you need a new key, generate one: ```bash ssh-keygen -t ed25519 -C "github-actions-debug" ``` See the [GitHub SSH key guide](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) for details. ### Add the private key to GitHub Secrets Create a secret named `SSH_PRIVATE_KEY_DEBUG` containing your **private** key (the file without the `.pub` extension). ### Configure the Workflow Add these steps after the failing step. They configure SSH and create a Cloudflare tunnel: ```yaml - name: Setup SSH private key if: ${{ failure() }} run: | mkdir -p ~/.ssh echo "${{ secrets.SSH_PRIVATE_KEY_DEBUG }}" > ~/.ssh/custom_key chmod 600 ~/.ssh/custom_key ssh-keygen -y -f ~/.ssh/custom_key > ~/.ssh/custom_key.pub chmod 644 ~/.ssh/custom_key.pub cat >> ~/.ssh/config << 'EOF' Host * IdentityFile ~/.ssh/custom_key AddKeysToAgent yes EOF chmod 600 ~/.ssh/config - name: Start SSH session with Cloudflare Tunnel if: ${{ failure() }} uses: valeriangalliat/action-sshd-cloudflared@v1 ``` ### Connect from Cursor ### Clear any cached host keys ```bash ssh-keygen -R action-sshd-cloudflared ``` ### Configure the SSH proxy Add a host entry to `~/.ssh/config` using the hostname from the action output: ```text Host cf-gha HostName action-sshd-cloudflared User runner ProxyCommand cloudflared access tcp --hostname StrictHostKeyChecking accept-new ``` Replace `` with the Cloudflare hostname (e.g., `facilities-canvas-frequency-reasonable.trycloudflare.com`). ### Open Cursor ```bash cursor --folder-uri "vscode-remote://ssh-remote+cf-gha/home/runner/work/" ``` --- ## Production Considerations ### Finding Runner Logs When debugging with AI assistants, you'll often want to feed them the full job logs. WarpBuild runners store logs at: | Image | Log Location | | --- | --- | | Ubuntu x86-64 | `/runner/_diag/*.log` | | Ubuntu ARM64 24.04 | `/runner/_diag/*.log` | | Windows x86-64 | `C:\warpbuilds\runner\_diag\*.log` | | macOS ARM64 | `/Users/runner/.warpbuild/github-runner/runner-app-new/_diag/*.log` | ### Timeout and Notifications Keeping a runner alive indefinitely burns CI minutes. Add a timeout and optional Slack notification for visibility: ```yaml - name: Notify on failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - name: Setup debug session if: ${{ failure() }} timeout-minutes: 30 # Auto-terminate after 30 minutes run: | # ... Tailscale or SSH setup from above ``` GitHub Actions has a default job timeout of 6 hours. Without an explicit timeout-minutes, a forgotten debug session will continue burning minutes until it hits that limit. See [rtCamp/action-slack-notify](https://github.com/rtCamp/action-slack-notify) for notification configuration and [GitHub's timeout documentation](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idstepstimeout-minutes) for step timeout syntax. --- WarpBuild provides high-performance GitHub Actions runners with 10x faster job start times and built-in debugging features. Our runners include pre-configured log locations and optimized networking for seamless SSH access. - **Linux, Windows, and macOS** runners across all major cloud providers - **50-90% cost savings** compared to GitHub-hosted runners - **Enterprise-ready** with BYOC (Bring Your Own Cloud) support Get started or book a demo to see how WarpBuild can accelerate your CI/CD pipeline. --- # Depot vs WarpBuild Comparison - 2025 May URL: https://www.warpbuild.com/blog/depot-warpbuild-comparison-2025-May Description: Depot features, performance, pricing, and how it compares to WarpBuild. --- title: "Depot vs WarpBuild Comparison - 2025 May" excerpt: "Depot features, performance, pricing, and how it compares to WarpBuild." description: "Depot features, performance, pricing, and how it compares to WarpBuild." date: "2025-05-19" author: surya_oruganti cover: "/images/blog/depot-warpbuild-comparison-2025-May/cover.png" --- Depot provides Github Actions runners that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed comparison between Depot and WarpBuild to help you make an informed decision. Check out the live benchmark comparison between WarpBuild and Depot [here](https://www.warpbuild.com/compare/depot). ## Feature Comparison | Feature | Depot | WarpBuild | WarpBuild Advantage | | ------------------------------- | -------------------------------------------------- | -------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **CPU: x86-64** | AMD EPYC m7a | x86-64 (Desktop Class Ryzen 7950X3D) | WarpBuild is 40% more powerful than Depot for the same price | | **CPU: arm64** | AWS Graviton 4 | AWS Graviton 4 | Depot is 33% more expensive for the same performance; | | **MacOS hardware** | M2 Pro (8vcpu) 24GB RAM | M4 Pro (6 vcpu) 24GB RAM | WarpBuild jobs are ~20% faster | | **OS Support** | Ubuntu 22.04, 24.04; MacOS 14; Windows Server 2022 | Ubuntu 22.04, 24.04, MacOS 13/14/15 with M4 Pro, Windows Server 2022 | Latest Linux, MacOS, Windows, custom images | | **Bring Your Own Cloud (BYOC)** | Enterprise plan and AWS only | Self-serve on AWS, GCP, Azure | Cloud-hosted control plane with runners in user's cloud account. Provides maximum flexibility, zero management overhead, and does not require an Enterprise Plan. | | **Infrastructure** | Region info unavailable | Cloud (EU), BYOC (AWS, GCP, Azure any region) | Multiple providers/regions, reduced data transfer costs, and BYOC for improved security | | **Remote Docker Builder** | Multi-arch, limited concurrency | Multi-arch higher concurrency | WarpBuild spins up multiple instances in parallel for concurrent builds while Depot runs parallel builds on the same instance causing slow-down. WarpBuild also provides a multi-arch docker builder cloud. | | **SSO support** | Available | Available | WarpBuild supports SSO with direct integrations for Microsoft Entra ID, Google, Okta, Auth0, JumpCloud etc. | | **Static IPs** | No | Available at no cost (BYOC only) | | | **Snapshots** | Not available | Available | Save and restore runner state for persistence and incremental builds. Provides 10x improvement in build times by eliminating dependency installation time. | | **Caching** | Unlimited | Unlimited; 7-day retention; | - | | **Advanced Dashboard** | Richer dashboard | Rich dashboard | Depot has estimated analytics on time saved by builds and docker layer explorer. WarpBuild does not. | | **Dedicated Cache Actions** | No | Yes | WarpBuild provides framework specific cache actions to speed up builds. | | **Compliance** | SOC2 Type2 | SOC2 Type2 | | | **Fast boot** | Instances on Standby for fast boot | Instances on standby for fast boot even on BYOC. | Extremely valuable, especially for Windows isntances and larger instance types | | **Pricing** | Fixed subscription of $200/month beyond usage | No subscription required, pay as you go. | | ![Depot WarpBuild Cache](/images/blog/depot-warpbuild-comparison-2025-May/depot-warpbuild-cache.png) ![WarpBuild Dashboard](/images/blog/depot-warpbuild-comparison-2025-May/warpbuild-dashboard.png) ![WarpBuild Analytics](/images/blog/depot-warpbuild-comparison-2025-May/warpbuild-analytics.png) ## Conclusion WarpBuild's x86-64 runners are much faster than Depot's runners while the arm64 runners are similar in performance but cheaper. Overall, WarpBuild is cheaper and fully usage based without any subscription fees. WarpBuild also provides MacOS M4 Pro hardware for faster builds. For enterprises, WarpBuild delivers fully customizable BYOC options, SSO, snapshots, better security, and more customization at a fraction of the cost (~5x cheaper compared to Depot). ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). For any errors in this post, please contact us at support@warpbuild.com. --- --- # Design files: Onboarding URL: https://www.warpbuild.com/blog/design-files-onboarding Description: Designing the best onboarding experience --- title: "Design files: Onboarding" excerpt: "Designing the onboarding experience from first principles that engineers love by going the extra mile." description: "Designing the best onboarding experience" date: "2023-12-15" author: surya_oruganti cover: "/images/blog/design-files-onboarding/cover.png" --- WarpBuild's value proposition is built around a fundamental invariant - everybody wants builds to be faster, and everybody wants things cheaper[1]. Now, that means our primary job shifts from convincing developers to use our product to making people aware of the fact that our product exists. This shortens the funnel significantly. Once the user signs up to try the product, the onus is on the onboarding flow to ensure there is no drop-off and that is a challenge we took up very seriously. We laid out some principles to deliver on this promise: - Onboarding must be trivially easy - High degree of polish is required for the product, from day 1 - Speed is a feature and critical to developer experience ## The onboarding process Switching a GitHub Actions workflow to WarpBuild is a one line change in the workflow file. Easy right? Not really. It's very common for repositories to have tens or even hundreds of GitHub Actions workflows. Our single highest priority for a signed up user is that we want all the user's workflows to run on WarpBuild. Changing 100s of workflows manually is frustrating, obviously. Asking our users to do that would be conducive to exactly two things: having our users hate us and ensuring they don't switch workflows. We set out to solve this while designing the UI to: - Pull information from GitHub about the connected repositories. Then parse and display the workflows present. - Raise a PR with the user selected runner configuration for all selected workflows in one click. - Open the PR in a new tab so users can review and merge. This is how our onboarding workflow looks like now and it worked brilliantly! ![Onboarding workflow](/images/blog/design-files-onboarding/onboarding-workflow.gif) ## The results We had users move 50+ workflows in a few minutes and [got good HN karma](https://news.ycombinator.com/item?id=38572160) because of this. Our users love it! While the numbers are small to provide statistically significant analysis, we continue to see very high funnel progression and conversion to paid usage. 📚 Check out the [documentation here](/docs/ci/) ⚡️ [Get started with WarpBuild in 2 minutes here](https://app.warpbuild.com) --- [1] Variant of [this quote by Jeff Bezos](https://www.goodreads.com/quotes/966699-i-very-frequently-get-the-question-what-s-going-to-change). --- # Cached Docker Builders - ARM64 support URL: https://www.warpbuild.com/blog/docker-builders-arm64 Description: ARM64 support for cached docker builders for multi-arch builds, for the world's fastest docker builds. --- title: "Cached Docker Builders - ARM64 support" excerpt: "ARM64 support for cached docker builders for multi-arch builds, for the world's fastest docker builds." description: "ARM64 support for cached docker builders for multi-arch builds, for the world's fastest docker builds." date: "2025-03-19" author: surya_oruganti cover: "/images/blog/docker-builders-arm64/cover.png" --- WarpBuild recently announced support for new docker container builders combine high performance processors with directly attached SSDs to deliver the fastest docker builds in the world. Now, we are excited to announce ARM64 support for these builders to enable multi-arch builds. ## What does this mean? This means that you can now build and push your docker images for `linux/amd64` and `linux/arm64` architectures from a single build. ## Caching Similar to the x86_64 builders, the ARM64 builders support caching of the build context, base image, and dependencies. This means that you can now build and push your docker images for `linux/amd64` and `linux/arm64` architectures from a single build. Caches are automatically managed by the builder and no additional configuration is required. Remove the `cache-from` and `cache-to` steps from your `build-push-action` step as the builder will handle it for you. This leads to build times that are 2-3x faster than the x86_64 builders with emulation for `linux/arm64` builds. ## 🚀 Try it out Create a builder profile in the WarpBuild dashboard and add the following to your GitHub actions workflow before your `build-push-action` step: ```yaml - name: Configure WarpBuild Docker Builders uses: Warpbuilds/docker-configure@v1 with: profile-name: "super-fast-builder" - name: Build and push uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: linux/amd64,linux/arm64 # Provide the platforms you want to build for push: true tags: ${{ steps.docker_build.outputs.image }} ``` Try out WarpBuild's new docker builders - [Documentation](/docs/ci/docker-builders). - [Get started](https://app.warpbuild.com). --- --- # The World's Fastest Docker Builders URL: https://www.warpbuild.com/blog/docker-builders Description: WarpBuild's new docker container builders combine high performance processors with directly attached SSDs to deliver the fastest docker builds in the world. --- title: "The World's Fastest Docker Builders" excerpt: "WarpBuild's new docker container builders combine high performance processors with directly attached SSDs to deliver the fastest docker builds in the world." description: "WarpBuild's new docker container builders combine high performance processors with directly attached SSDs to deliver the fastest docker builds in the world." date: "2025-03-14" author: surya_oruganti cover: "/images/blog/docker-builders/cover.png" --- WarpBuild's new docker container builders combine high performance processors with directly attached SSDs to deliver the fastest docker builds in the world. ## First principles ### The hardware The cloud instances have amazing network speeds, but the disk speed is often a limiting factor. There are two types of instances that cloud providers offer: 1. Ones with local SSDs - The local SSDs are fast, but they come with a catch - the local SSDs are ephemeral. This means that the disk is lost when the instance is terminated. This requires the context to be persisted elsewhere which becomes a bottleneck and a maintenance nightmare. 2. Ones with network-attached SSDs - The network-attached SSDs are high-latency, but the size is not limited. The performance in terms of IOPS and throughput is low by default but can be improved though that becomes extremely expensive. Processors are fast, specifically the Genoa-X EPYC processors compared to the intel processors (`m7a` on aws, `c4d` on gcp, and `dasv6` on azure). However, for quick builds, the IO is the limiting factor. The processor speeds show a significant improvement to overall build times when the the build step is time consuming (as opposed to the IO operations). A quick aside: The `m7a` and `dasv6` instances have roughly the same single core performance when tested on Passmark (~2900). However, the `c4d` instances have a single core performance of ~3400. While benchmarks are not everything, this is a good indicator of the performance difference. ### Logical optimizations aka caching The fastest network or disk transfer is one that is not needed. Caching can eliminate the need for some of the transfers. The more we can cache, the faster the build. ## What makes a fast docker builder? The (interesting part of the) lifecycle of a docker build is as follows: 1. Transfer the context to the builder instance 2. Download the base image 3. Download the dependencies 4. Build the application 5. Push the image to a container registry All the steps except the actual build step are network or disk IO bound. The actual build step is processor and memory bound, though it can also depend on the disk IOPS in certain cases. ### But it builds fast on my laptop That is true, because your typical Macbook has an extremely high single core performance processor and an extremely high IOPS disk (SSD). The network speed may be low, but the entire context, the base image, the dependencies, and some parts of the build step are cached and readily available. ### How do we replicate this, but on a cloud instance? The answer is simple - attach a high performance disk to a high performance CPU instance and pair it with a fast network. Doing this is inefficient in a public cloud environment, because the disk is ephemeral and the cost of the instance is high. ## The solution We went baremetal. We bought high performance CPUs and attached large volumes of extremely fast SSDs to them. We then paired it with a blazing fast network. We then created a custom orchestration layer on top of that to manage the lifecycle of the docker builders. This orchestration layer is built ground up with the following capabilities: 1. Complete caching for maximum build speed. 2. Dedicated cores of fast, high single core performance processors. 3. Storage that is directly attached to the builder instance to ensure that the disk IO is not a bottleneck. 4. Nested virtualization to ensure that the builder instance is completely isolated from the host. 5. Managing the storage lifecycle even with parallel builds. Managing the storage lifecycle is a non-trivial problem. We had to ensure that we can handle parallel builds (currently limited but will soon be unlimited) and that the build context is available to the builder instance. Copy-on-write volumes are used to ensure that the build context is available to the builder instance with minimal storage overhead and fast builder startup times. ## Performance This was a lot of effort to get right, but the results speak for themselves. For the same commit on `posthog/posthog` and `netflix/dispatch` repositories, the docker builders are able to deliver build times that are upto 65x faster than the public cloud builders! ![Docker Builder Performance Comparison](/images/blog/docker-builders/comparison.png) The chart above shows the build time comparison between using the default GitHub actions runners, another provider with builders hosted in the public cloud, and the WarpBuild docker builders. Since launch, we have customers reporting real life build times reductions from `7:00 -> 0:45`, `4:00 -> 1:30` and the list goes on. ## 🚀 Try it out Create a builder profile in the WarpBuild dashboard and add the following to your GitHub actions workflow before your `build-push-action` step: ```yaml - name: Configure WarpBuild Docker Builders uses: Warpbuilds/docker-configure@v1 with: profile-name: "super-fast-builder" ``` Try out WarpBuild's new docker builders - [Documentation](/docs/ci/docker-builders). - [Get started](https://app.warpbuild.com). --- --- # Docker registry mirror setup URL: https://www.warpbuild.com/blog/docker-mirror-setup Description: Setup docker registry mirror for faster image pulls and avoiding rate limit issues --- title: "Docker registry mirror setup" excerpt: "Setup docker registry mirror for faster image pulls and avoiding rate limit issues" description: "Setup docker registry mirror for faster image pulls and avoiding rate limit issues" date: "2024-04-17" author: surya_oruganti cover: "/images/blog/docker-mirror-setup/cover.png" --- You might have run into a docker rate limit issue when pulling docker images from DockerHub if you didn't sign in to DockerHub and were pulling the image anonymously. DockerHub has a rate limit of 100 pulls per 6 hours per IP address. For authenticated users, the limit is 200 pulls per 6 hours. However, this goes up to 5000 pulls per day with a paid plan. In many cases, this is not enough. One way to work around these limits is to send requests to a registry mirror. The docker daemon can be configured to pull images from the mirror instead of going to DockerHub each time for the pull. Docker maintains an [image](https://hub.docker.com/_/registry) which can be used for this exact purpose. Another way is to use public mirrors such as Google's `https://mirror.gcr.io`. However, this will not contain private registries and the coverage of all public Dockerhub images is not guaranteed either. We'll focus on the first method, setting this up on AWS, the pros, cons and common pitfalls. ## Infra setup - A Kubernetes cluster, EKS. This isn't a requirement for deploying registry but we prefer to manage it through a k8s cluster. - Ingress nginx setup on the k8s cluster. - Cert-manager setup on the k8s cluster. - Cluster issuer for cert-manager setup called `letsencrypt-prod` or something else. - An S3 bucket. This is used to store the images. You can set this up as just a container on AWS Fargate, AWS ECS, Google Cloud Run, or any other container runner. The data from the s3 backend does not go through this container but is instead directly transferred from s3 to the docker process. This is beneficial as it avoids egress fees in many scenarios. ## Deploying We'll deploy the registry using a [helm chart](https://artifacthub.io/packages/helm/twuni/docker-registry). If you wish to use just the k8s yaml file. You should do a helm template and make the suggested changes on the generated k8s manifest. ```yaml image: repository: mirror.gcr.io/registry ingress: enabled: true className: nginx path: / hosts: - annotations: ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" # You might need to change based on your issuer cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" labels: {} tls: - secretName: registry-mirror-docker-registry-ingress hosts: - resources: limits: cpu: 1 memory: 1Gi requests: cpu: 0.5 memory: 512Mi storage: s3 # Secrets for S3 access and secret keys # Use a secretRef with keys (accessKey, secretKey) for secrets stored outside # the chart s3: secretRef: "registry-mirror-aws-credentials" ``` Save the above file as values.yaml. ```yaml apiVersion: v1 kind: Secret metadata: name: registry-mirror-aws-credentials namespace: mirror type: Opaque stringData: accessKey: secretKey: ``` Save the above Kubernetes secret as secret.yaml and replace the accessKey and secretKey. Since we are using `stringData` you don't need to encode your credentials to base64. Make sure that the DNS mapping is correct, and make sure the URL is routed to your cluster. The processing of configuring the DNS will depend on what you are using to manage the mappings. If you are completely on AWS, it should be in Route53. Make sure you have configured kubectl with your cluster context. In the case of AWS EKS just run, ```console aws eks update-kubeconfig --name --region ``` This with make your cluster the default context. We set up the secret first so that the registry has access to the s3 bucket. ```console kubectl apply -f secret.yaml ``` If you wish to validate that the secret was added to the cluster run the following. ```console kubectl get secret registry-mirror-aws-credentials -n mirror ``` This should give you info on the k8s secret. Install the registry on your cluster with the following command ```console helm repo add twuni https://helm.twun.io helm install registry-mirror twuni/docker-registry \ --namespace mirror \ --version 2.2.3 \ --values values.yaml \ --create-namespace ``` This will set up a registry mirror deployment in the mirror namespace. If you need to make updates to the values, replace the `helm install` with `helm update`. ## Try out the mirror Configure your docker daemon to use the registry mirror. Add the following entry to your `/etc/docker/daemon.json`. If you don't have this file create a new one with only the entry below. ```json { "registry-mirrors": [""] } ``` Restart the docker daemon. ```console # stop the docker daemon sudo systemctl stop docker.service # verify that the docker daemon is stopped, this would list the service as # stopped sudo systemctl status docker.service # start the docker daemon sudo systemctl start docker.service ``` Do a pull of an image say `ubuntu:22.04`. ```console docker pull ubuntu:22.04 ``` After this change, the docker daemon will query the mirror service if it has ubuntu:22.04. If it doesn't it will pull from `docker.io`. And the mirror service will silently pull ubuntu:22.04. Remove the docker image for ubuntu:22.04 and re-pull. ``` docker image rm ubuntu:22.04 docker pull ubuntu:22.04 ``` This should pull the image from s3. You can check the registry mirror logs to verify this. You would see a bunch of 307 with layer sha codes. 307 is sent because of redirection to the pre-signed URL by the registry mirror. You can also verify that the s3 storage has these sha layers cached. ## Pros - Faster downloads, download from s3 is very fast which means your images are downloaded at a boosted speed. - Dockerhub rate limits are bypassed. ## Cons - Infra management overhead. You'll need to pay for compute and S3. - No direct lifecycle support for images. So no way to clean up stale images. So you end up having old images in your s3 bucket. You can configure the lifecycle at S3 but it's for all objects not just the stale ones. ## Common Pitfalls ### Using docker.io image for the registry mirror. We had a bad deployment that was causing the Docker mirror to restart. The registry mirror pods became unreachable which means all the traffic was directed to DockerHub now. This quickly led to the Docker mirror container itself being throttled because we were using the [official registry image](https://hub.docker.com/_/registry). We switched the image to pull from `gcr.io` instead to mitigate this. ### Surprising data transfer charges for S3 S3 is excellent when you want a cheap and simple way to save and restore data that can scale. It is also free if your transfers are within the same region which is the case for us. So it was surprising to see us incurring an unexpected huge amount of data transfer on our AWS bill. Our infra hadn't changed apart from the registry, and the registry sends a pre-signed URL which is so small that it can be neglected. Scouring through the AWS docs, we found that even though the bucket was in the same region it was still being transferred globally because our route tables didn't have a direct gateway to AWS S3 service. To configure it you need to set up a VPC gateway endpoint for S3, making the data transfers free, within the same region. ## Footnote This is just one of the many optimizations that you'll get out of the box with WarpBuild runners to make your GitHub Actions CI workflows faster. You can try it out at [app.warpbuild.com](https://app.warpbuild.com) ## References Docker registry mirror image: https://hub.docker.com/_/registry Docker registry mirror source code: https://github.com/distribution/distribution/tree/main/registry AWS S3 Pricing: https://aws.amazon.com/s3/pricing/ AWS S3 Gateway Endpoint: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html --- # Using GitHub Actions Cache with popular languages URL: https://www.warpbuild.com/blog/github-actions-cache Description: Using GitHub Actions Cache with popular languages --- title: "Using GitHub Actions Cache with popular languages" excerpt: "Using GitHub Actions Cache with popular languages" description: "Using GitHub Actions Cache with popular languages" date: "2024-05-16" author: surya_oruganti cover: "/images/blog/github-actions-cache/cover.webp" --- ## GitHub Actions Cache GitHub Actions provides a powerful CI/CD platform enabling developers to automate workflows and streamline development pipelines. One valuable feature to speed up these pipelines is **caching**. By caching dependencies and other build artifacts, you can drastically reduce build times, particularly for frameworks that rely on extensive dependency fetching and compilation. GitHub provides a [`cache`](https://github.com/actions/cache) action that allows workflows to cache files between workflow runs. In this post, we'll dive into how to use this action for popular programming languages and frameworks, including Node.js, Python, Rust, Go, PHP, and Java. We'll also highlight common pitfalls, considerations, and shortcomings of the cache action to provide a comprehensive understanding. ## Benefits Caching dependencies offers several benefits: 1. **Faster Builds**: By caching dependencies, you can avoid the time-consuming process of downloading and installing them on every workflow run. This leads to faster build times and quicker feedback loops. 2. **Reduced Network Bandwidth**: Caching minimizes the need to download dependencies repeatedly, saving network bandwidth and reducing the load on package registries. 3. **Improved Reliability**: Caching ensures that your builds are less susceptible to network issues or outages of package registries, as the cached dependencies can be restored locally. ## Using the Cache Action GitHub provides official environment setup actions for a few popular languages and frameworks. These actions support caching dependencies out of the box. For the rest, you can use the actions/cache action directly to cache the relevant directories. ### Node.js Caching dependencies in Node.js involves storing the package manager cache. The official [`setup-node`](https://github.com/actions/setup-node) action [supports caching](https://github.com/actions/setup-node#caching-global-packages-data) by using `actions/cache` under the hood, abstracting out the setup required to cache the required package manager cache directories. It supports caching for `npm`, `yarn`, and `pnpm` with the `cache` input. Caching is **disabled** be default. Caching the node_modules is not recommended by GitHub as it fails across Node versions and doesn't work well with npm ci. ```yaml name: Node CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 cache: "npm" # or 'yarn' or 'pnpm' - name: Install dependencies run: npm ci # or 'yarn install --frozen-lockfile' or 'pnpm install --frozen-lockfile' ``` The above action uses the relevant lockfile used by the package manager to create the cache key. For more control over caching, such as using your own cache keys or caching the `node_modules` directory, you can use the `actions/cache` action directly. Here's an example of caching the package directory for an `npm` project: ```yaml name: Node CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 - name: Cache .npm directory uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - name: Install dependencies run: npm ci ``` Make sure to use the correct cache directory for your package manager (npm, yarn, or pnpm). You can get the cache directory by running npm config get cache or yarn cache dir. Learn more here. ### Python Caching in Python projects also involves storing the package manager cache directory. Similar to Node.js, the official [`setup-python`](https://github.com/actions/setup-python/) action also [supports caching](https://github.com/actions/setup-python/#caching-packages-dependencies) via the `cache` input. ```yaml name: Python CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v5 with: python-version: "3.12" cache: "pip" # or 'poetry' or 'pipenv' - name: Install dependencies run: pip install -r requirements.txt ``` Similarly, you can also use the `actions/cache` action directly for more control over caching: ```yaml name: Python CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Python uses: actions/setup-python@v5 with: python-version: "3.12" - name: Cache pip packages uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: pip install -r requirements.txt ``` You can find the correct cache directory for pip by running pip cache dir and for poetry by running poetry config cache-dir. Learn more here ### Golang For Go projects, caching the Go modules directory speeds up the build process. The directory is generally located at `~/go/pkg/mod` and can be found by running `go env GOMODCACHE`. The [`setup-go`](https://github.com/actions/setup-go/) action provides [caching support](https://github.com/actions/setup-go/#caching-dependency-files-and-build-outputs) for Go projects with the `cache` input. Unlike Node.js and Python, this input is a boolean value that enables or disables caching. Caching is **enabled** by default. ```yaml name: Go CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: "1.22" cache: true # Note: this is not required as caching is enabled by default - name: Build run: go build ./... ``` You can also disable the caching by setting `cache: false` in the `actions/setup-go` action and use the `actions/cache` action directly for more control. ```yaml name: Go CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: "1.22" cache: false - name: Cache Go modules uses: actions/cache@v4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Build run: go build ./... ``` If you use vendor directories, the modules get loaded from your project's vendor directory instead of downloading from the network or restoring from cache. In such cases, caching the Go modules directory may not be necessary. ### Rust Rust's package manager, Cargo caches the modules and binaries in the `~/.cargo` directory. The compiled dependencies are stored in the `target` directory of the project. Rust has no official GitHub Action for setup, so you can use the `actions/cache` action directly to cache the relevant directories. ```yaml name: Rust CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Rust uses: dtolnay/rust-toolchain@stable - name: Cache cargo registry and build uses: actions/cache@v4 with: path: | ~/.cargo/bin/ ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Build and test run: cargo test --all ``` ### Java Java projects commonly use the Gradle or Maven build tools which have their corresponding cache directories. Java does have an official [`setup-java`](https://github.com/actions/setup-java) action that [supports caching](https://github.com/actions/setup-java#caching-packages-dependencies) via the `cache` input. This input takes the name of the build tool (`maven`, `gradle` or `sbt`) to cache their relevant directories. Caching is disabled by default. ```yaml name: Java CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: "temurin" java-version: "17" cache: "maven" # or 'gradle' or 'sbt' - name: Build with Maven run: mvn -B clean verify ``` You can also use the `actions/cache` action directly for more control over caching. #### Maven Example ```yaml name: Java CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: "temurin" java-version: "17" - name: Cache Maven repository uses: actions/cache@v4 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - name: Build with Maven run: mvn -B clean verify ``` #### Gradle Example ```yaml name: Java Gradle CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v4 with: distribution: "temurin" java-version: "17" - name: Cache Gradle wrapper uses: actions/cache@v4 with: path: | ~/.gradle/caches ~/.gradle/wrapper key: ${{ runner.os }}-gradle-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }} restore-keys: | ${{ runner.os }}-gradle- - name: Build with Gradle run: chmod +x gradlew && ./gradlew build ``` ### PHP PHP projects with Composer can cache their dependencies by caching the Composer cache directory. PHP has no official GitHub Action for setup, so you can use the `actions/cache` action directly. ```yaml name: PHP Cache Workflow on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - uses: shivammathur/setup-php@v2 with: php-version: '8.3' # The cache directory is usually located at ~/.composer/cache # This step can be skipped and the cache directory can be hardcoded # in the `path` field of the `actions/cache` step. - name: Get Composer Cache Directory id: composer-cache run: | echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Cache Composer dependencies uses: actions/cache@v4 with: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-composer- - name: Install dependencies run: composer install --prefer-dist ``` ### Ruby The official [`ruby/setup-ruby`](https://github.com/ruby/setup-ruby) action provides [caching support](https://github.com/ruby/setup-ruby#caching-bundle-install-automatically) for Ruby projects with the `bundler-cache` input. This input takes a boolean value to enable or disable caching. Caching is **disabled** by default. ```yaml name: Ruby CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Ruby uses: ruby/setup-ruby@v1 with: ruby-version: "3.3" bundler-cache: true # Installing dependencies via `bundle install` or `gem install bundler` # is not required as the action automatically installs dependencies. - name: Run tests run: bundle exec rake test ``` We can also directly cache the `bundle` directory using the `actions/cache` action. Manually caching this directory is not recommended, and the suggested approach is to use the ruby/setup-ruby action as shown above. ```yaml name: Ruby CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Ruby uses: ruby/setup-ruby@v1 with: ruby-version: "3.3" - name: Cache gems uses: actions/cache@v4 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} restore-keys: | ${{ runner.os }}-gems- - name: Install dependencies run: | gem install bundler bundle install --path vendor/bundle - name: Run tests run: bundle exec rake test ``` ### .NET (NuGet) The official [`setup-dotnet`](https://github.com/actions/setup-dotnet) action provides [caching support](https://github.com/actions/setup-dotnet#caching-nuget-packages) for .NET projects with the `cache` input. This input takes a boolean value to enable or disable caching. Caching is **disabled** by default. Passing an explicit NUGET_PACKAGES is also recommended for caching the NuGet packages directory instead of the global cache directory since there might be some huge packages pre-installed. ```yaml name: .NET CI on: [push, pull_request] jobs: build: runs-on: windows-latest env: NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages steps: - uses: actions/checkout@v4 - name: Setup .NET uses: actions/setup-dotnet@v4 with: dotnet-version: "6.x" cache: true - name: Restore dependencies run: dotnet restore --locked-mode - name: Build run: dotnet build my-project ``` For caching manually, use the `actions/cache` action directly. ```yaml name: .NET CI on: [push, pull_request] jobs: build: runs-on: windows-latest env: NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages steps: - uses: actions/checkout@v4 - name: Setup .NET uses: actions/setup-dotnet@v4 with: dotnet-version: "6.x" - name: Cache NuGet packages uses: actions/cache@v4 with: path: ${{ github.workspace }}/.nuget/packages key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }} # Or **/*.csproj restore-keys: | ${{ runner.os }}-nuget- - name: Restore dependencies run: dotnet restore --locked-mode - name: Build run: dotnet build my-project ``` ## Considerations While the cache action speeds up workflows, be mindful of these considerations: 1. **Cache Keys and Restoring:** Using unique cache keys ensures a cache is correctly restored or created. However, overly specific keys may result in missed cache hits. 2. **Sequencing:** Sequence of cache commits and restores could lead to unpredictable behavior in workflows, especially if the cache keys are insufficiently defined. 3. **Cache Size:** Large caches can take longer to restore, reducing the performance gain. 4. **Invalidation:** Changes in dependencies (like updates in `package-lock.json` or `go.sum`) will cause a new cache to be created. 5. **Security Risks:** Ensure sensitive files are not accidentally cached. ## Common Pitfalls 1. **Concurrency Issues:** Parallel jobs can overwrite the cache leading to incomplete or corrupted data. 2. **Storage Limits:** Exceeding storage limits (10 GB per repository) will cause cache eviction and is a very low limit for many use cases. 3. **Compatibility:** Some caches may not be compatible across different operating systems or configurations. ## Conclusion Leveraging the GitHub Actions cache action can significantly accelerate your CI/CD workflows, especially with common languages like Node.js, Python, Rust, Go, PHP, and Java. However, it's essential to manage cache keys, avoid overly large caches, and be cautious of security issues. For optimal results, test different strategies to see which works best for your specific project requirements. ## Unlimited, fast cache with `WarpBuilds/cache` action While GitHub Actions provides great flexibility and functionality, workflow speeds can always benefit from improvements. This is where WarpBuild comes in. Offering GitHub Actions runners with unlimited, superfast caching capabilities, WarpBuild accelerates your builds with blazing speed. The `WarpBuilds/cache` action is a drop-in replacement for the `actions/cache`, so you can get started instantly. [Here are the cache docs](/docs/ci/features/caching). - **Unlimited Caching:** Never worry about hitting cache size limits or losing important build data. - **Fast Caching:** Save substantial time by utilizing highly optimized caching mechanisms. By seamlessly integrating WarpBuild into your workflows, you can significantly speed up your CI/CD pipelines without compromising flexibility or reliability. [Try it out](https://www.warpbuild.com). ## References - [Caching Dependencies with GitHub Actions](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#examples) - [`actions/cache` GitHub Repository](https://github.com/actions/cache) - [More caching examples using `actions/cache`](https://github.com/actions/cache/blob/main/examples.md) --- # Common challenges with GitHub Actions URL: https://www.warpbuild.com/blog/github-actions-challenges Description: Common challenges with GitHub Actions --- title: "Common challenges with GitHub Actions" excerpt: "Common challenges with GitHub Actions" description: "Common challenges with GitHub Actions" date: "2023-11-14" author: surya_oruganti cover: "/images/blog/github-actions-challenges/thumbnail.png" --- GitHub actions is very powerful. There are some common challenges that developers face while using GitHub Actions. In this article, we will discuss some of the common challenges for folks evaluating the use of GitHub Actions for CI. 1. **YAML Syntax and Expression Evaluation**: One non-trivial aspect is the correct evaluation of expressions in YAML. For example, GitHub Actions' context and expression syntax within `if` conditions are often misunderstood. A misinterpretation of how expressions like `github.event_name == 'push' && github.ref == 'refs/heads/main'` are evaluated can lead to workflows not triggering as expected. It's not just about syntax; it's about understanding the context and logical evaluation within the GitHub Actions environment. 2. **Workflow Debugging and Logging**: A significant challenge is identifying issues within actions that don't provide verbose logging. For instance, if a custom action doesn't log its internal processing steps, and it fails, developers might have to fork the action and add logging themselves to diagnose the issue. It's a layer deeper than just looking at workflow logs; it's about understanding and possibly modifying the actions themselves. 3. **Advanced Dependency Management**: Consider managing dependencies across multiple jobs and workflows. Developers might face issues where a job in one workflow produces a build artifact that should be used in another workflow. Managing this across branches or forks, especially with versioning, requires a deep understanding of artifacts, workflow triggers, and job dependencies. 4. **Resource Allocation and Optimization**: Beyond just hitting resource limits, there's the optimization of these resources. For instance, parallelizing tests can speed up workflows, but if not managed correctly, it can lead to resource contention or rate-limiting issues, especially when interacting with external APIs or services. It's about strategically utilizing resources for optimal performance. 5. **Security in Complex Environments**: Handling secrets in multi-environment workflows poses challenges. For example, using organization-level secrets effectively while ensuring they're not exposed in forked repository runs, especially when dealing with public repositories, requires a careful setup of access controls and understanding of the security model of GitHub Actions. 6. **Dynamic Workflow Configurations**: Developers might need to dynamically generate workflow configurations based on external factors, like changes in a database or a response from an API. This requires using output parameters from one job to control the behavior of subsequent jobs, often leading to complex workflow setups that are hard to maintain and debug. 7. **Integrating Diverse Tools and Services**: Challenges arise when integrating with tools that don't have existing marketplace actions or when the existing actions are not flexible enough. This might involve writing custom scripts or actions to interface with these tools, understanding their APIs, and handling authentication in a secure way. 8. **Concurrency and Dependency Management**: Managing dependencies between parallel jobs can be complex. For instance, if multiple jobs modify a shared resource like a database or a file in a storage bucket, ensuring that these modifications don't conflict or cause data integrity issues requires sophisticated coordination and concurrency control mechanisms. 9. **Caching Strategies for Complex Builds**: Effective caching in multi-language or multi-framework projects is challenging. It requires a deep understanding of how dependencies are resolved and stored. Incorrect caching can lead to outdated dependencies being used, or in the worst case, corrupt build environments. Developers need to craft caching strategies that are both efficient and reliable. 10. **Cross-Platform Workflow Design**: Designing workflows that are truly cross-platform involves more than just specifying different runners. It requires an understanding of the different environment variables, filesystem paths, and tool availability across operating systems. For example, handling path normalization across Windows and Unix systems in a workflow requires careful scripting and consideration of OS-specific peculiarities. These points reflect the intricacies and advanced challenges faced in GitHub Actions, requiring a deep understanding and strategic approach to workflow design and execution. --- # Reducing GitHub Actions Costs URL: https://www.warpbuild.com/blog/github-actions-cost-reduction Description: Practical guide to reducing GitHub Actions costs with triggers, cancellation, caching, right-sizing, and more --- title: "Reducing GitHub Actions Costs" excerpt: "Practical guide to reducing GitHub Actions costs with triggers, cancellation, caching, right-sizing, and more" description: "Practical guide to reducing GitHub Actions costs with triggers, cancellation, caching, right-sizing, and more" author: surya_oruganti date: "2025-10-20" cover: "/images/blog/github-actions-cost-reduction/cover.png" --- This guide focuses on practical ways to reduce costs while improving reliability and developer UX. It's vendor-neutral and cites primary docs throughout. Cost is largely a function of billed minutes, runner SKU, artifact/storage usage, and fan-out. Understanding billing and usage is the first step: see About billing for GitHub Actions and Viewing your Actions usage. ## Cost Optimizations ### Run less by default (event filters) Only run workflows when it matters. ```yaml on: pull_request: branches: ["main", "release/*"] paths: ["app/**", "lib/**", "package.json"] paths-ignore: ["**/*.md", "docs/**", "*.png", "*.svg"] push: branches: ["main"] ``` - See workflow syntax for `paths`/`paths-ignore`: [docs](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions) - Skip runs with commit messages or workflow inputs: [skipping runs](https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs) Use separate lightweight linters for every push and run heavy integration tests only for PRs targeting main. ### Cancel superseded work Stop old runs when new commits arrive. ```yaml concurrency: group: ci-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true ``` - Concurrency groups and cancellation: [docs](https://docs.github.com/en/actions/using-jobs/using-concurrency) ### Add timeouts to jobs Set hard ceilings on job time. ```yaml jobs: test: timeout-minutes: 20 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: npm ci && npm test ``` - Timeouts via workflow syntax: [docs](https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions) ### Cache smartly (dependencies and Docker) Caching cuts both time and cost. ```yaml - uses: actions/cache@v4 with: path: ~/.npm key: npm-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} restore-keys: npm-${{ runner.os }}- ``` - Dependency caching: [docs](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) For Docker image builds, prefer BuildKit/Buildx with the GitHub cache backend: ```yaml - uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@v5 with: push: false cache-from: type=gha cache-to: type=gha,mode=max ``` - Buildx cache with `type=gha`: [Docker docs](https://docs.docker.com/build/ci/github-actions/cache/) ### Store less, keep it shorter (artifacts) Artifacts are billed for storage and egress. Upload only what you need, compress appropriately, and reduce retention. **Example savings:** A team uploading 5GB of artifacts daily with default 90-day retention stores 450GB/month. Reducing retention to 7 days cuts this to 35GB-a **92% reduction**. At GitHub's storage rates ($0.008/GB/day for Actions), this saves ~$100/month. ```yaml - uses: actions/upload-artifact@v4 with: name: reports path: reports/** retention-days: 7 # default is 90 days compression-level: 6 # balance speed vs size ``` **Quick wins:** - Reduce retention from 90 to 7-14 days: **~85-90% storage cost reduction** - Compress artifacts: typical **40-60% size reduction** for logs and build outputs - Upload only test failures, not full test runs - Artifacts and retention: [docs](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) ### Choose cheaper runners and architectures Linux runners are cheaper than macOS/Windows. Where possible, move tasks to Linux, and isolate platform-specific steps. Use arm64 runners for builds that are not CPU bound. **GitHub-hosted pricing multipliers (relative to Linux x64):** - Linux x64: **1x** baseline - Linux arm64: **~0.5x** (50% cheaper) - Windows: **2x** (2x more expensive) - macOS x64: **10x** (10x more expensive) - macOS arm64 (M1): **3-5x** (3-5x more expensive) **Example:** A workflow running 1,000 minutes/month on macOS x64 costs ~10x more than the same workflow on Linux. Switching non-macOS-specific tasks to Linux can save **$80-90/month** per 1,000 minutes at typical GitHub Teams pricing. Billing differences and entitlements vary by plan and OS: see About billing for GitHub Actions. ### Parallelize thoughtfully Matrix builds are powerful but can explode costs. Keep fan-out intentional and throttle when needed. ```yaml strategy: matrix: node: [18, 20, 22] max-parallel: 2 ``` - Matrix usage and limits (256 jobs): [docs](https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs) ### Observe and budget Track performance and spend so you can right-size and de-fanout with confidence.
  • Billing overview and usage: docs
  • Viewing usage: docs
 ```bash # Org billing summary (requires org admin) gh api \ -H "Accept: application/vnd.github+json" \ /orgs/OWNER/settings/billing/actions | jq # A run's billable minutes and timing gh api \ -H "Accept: application/vnd.github+json" \ /repos/OWNER/REPO/actions/runs/123456/timing | jq # Repository artifact sizes gh api \ -H "Accept: application/vnd.github+json" \ /repos/OWNER/REPO/actions/artifacts?per_page=100 | jq '.artifacts[] | {name, size_in_bytes, expired}' # Cache usage for a repo gh api \ -H "Accept: application/vnd.github+json" \ /repos/OWNER/REPO/actions/cache/usage | jq ```

Track: total minutes/spend, median run time for critical workflows, queue time, artifact GB.

 ### Right-size your runners Use data to pick the smallest runner that meets SLOs. **Example:** If a build takes 20 minutes on 2-core and 12 minutes on 8-core, you're paying **4x the rate for a 1.67x speedup**-net result is **2.4x more expensive** for that run. Right-sizing down from 8-core to 4-core (if 4-core completes in 15 minutes) cuts cost by **2x** while only adding 3 minutes. This optimizes for cost but developer experience may suffer. - Track job duration trends in the Actions UI and compare before/after changes: [usage](https://docs.github.com/en/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage) - Watch CPU/memory-bound steps: run smaller/larger machine experiments and choose the knee of the curve - Prefer improving IO (cache, network, disk) before simply scaling CPU Mermaid decision helper: ```mermaid flowchart LR S[Job slow?] -->|Yes| CPU{CPU >80%?} CPU -- Yes --> SizeUp[Use larger runner] CPU -- No --> IO{IO wait/high net?} IO -- Yes --> BiggerDisk[Use faster disk/network] IO -- No --> Fanout[Reduce matrix fanout] S -->|No| Keep[Keep size] ``` To test right-sizing safely, cap max-parallel, then A/B compare durations and queue times before switching your default runner. ### Flaky tests quietly tax your bill Retries and re-runs multiply minutes. Treat flakiness as a cost center. - Prefer “retry failed tests only” where supported (keeps cost bounded) - Quarantine known-flaky suites and run them on schedule, not per-PR - Surface failure triage early; fail fast before long e2e suites Framework knobs (examples):

See: jest.retryTimes

```yaml # Jest run: npx jest --maxWorkers=50% # consider also: jest.retryTimes() ```

See: Playwright retries docs

```yaml # Playwright config use: retries: 2 workers: 4 ```

See: pytest-rerunfailures

```bash # Pytest example pytest -q --maxfail=1 # fail fast pytest --reruns 2 --only-rerun "AssertionError" ```
- Re-running jobs/workflows: [docs](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs) ### Self-hosted runners can save costs Self-hosting can reduce per-minute costs (e.g., spot/preemptible instances) and unlock bespoke hardware and caching. It also introduces infra, security, and maintenance overhead. Compared to GitHub hosted runners, self-hosted runners have the potential to save upto 90% on costs. ## Cost-first execution flowchart ```mermaid flowchart TD A[Push/PR] --> B{Paths match?} B -- No --> X[Skip] B -- Yes --> C[Concurrency group] C -->|cancel previous| D[Run CI] D --> E{Cache hit?} E -- Yes --> F[Fast + cheaper] E -- No --> G[Build + save cache] G --> H[Upload minimal artifacts] ``` --- ## How WarpBuild can help This guide is vendor-neutral; if you want managed building blocks that implement many of the above: - Fast cloud runners (Linux, Windows, macOS): [`/docs/ci/cloud-runners/`](/docs/ci/cloud-runners/) - Snapshot runners: `/docs/ci/features/snapshot-runners/` - Fast cache and Docker Builders: [`/docs/ci/features/caching/`](/docs/ci/features/caching/), [`/docs/ci/docker-builders/`](/docs/ci/docker-builders/) - Observability guides: [`/docs/ci/features/observability/`](/docs/ci/features/observability/) - Quick start: [`/docs/ci/quick-start/`](/docs/ci/quick-start/) --- --- # The Complete Guide to GitHub Actions for Monorepos: Turborepo, Nx, and pnpm Workspaces URL: https://www.warpbuild.com/blog/github-actions-monorepo-guide Description: Learn how to optimize GitHub Actions for monorepos using Turborepo, Nx, and pnpm workspaces. Reduce CI time by 12x with affected-only execution, remote caching, and dynamic matrix strategies. --- title: "The Complete Guide to GitHub Actions for Monorepos: Turborepo, Nx, and pnpm Workspaces" excerpt: "Monorepos run 10-100x more CI jobs than single-repo teams. Naive GitHub Actions configs explode CI minutes, queue times, and cost. This is the guide that should have existed years ago." description: "Learn how to optimize GitHub Actions for monorepos using Turborepo, Nx, and pnpm workspaces. Reduce CI time by 12x with affected-only execution, remote caching, and dynamic matrix strategies." date: "2026-01-13" author: surya_oruganti cover: "/images/blog/github-actions-monorepo-guide/cover.png" --- import { Callout } from 'fumadocs-ui/components/callout'; import { Tab, Tabs } from 'fumadocs-ui/components/tabs'; import { Step, Steps } from 'fumadocs-ui/components/steps'; ## Key Takeaways - **Run less, not faster.** Affected-only execution is the biggest lever. Running 4 packages instead of 45 beats any caching optimization. - **Remote caching compounds.** Local caching helps one run. Remote caching lets every run share work across your team. - **Matrix parallelism requires concurrency.** 30 matrix jobs on a 20-concurrency system just moves the bottleneck to queue time. - **Pin your base SHA.** Dynamic affected detection can race with merges to main. --- ## Why Monorepos Break CI Single-repo CI is predictable: code changes, tests run, build happens. Three jobs per PR, done. Monorepos scale combinatorially. A 30-package repo with naive config runs all 30 test suites on every push. Add matrix testing across Node versions and you're at 60-90 jobs per PR. A one-line README fix triggers the same CI load as a core library rewrite. Dependencies make it worse. Change package C and you need to test A and B too (they import it). Naive configs either test everything (wasteful) or only the changed package (misses downstream breakage). ```mermaid flowchart LR subgraph Naive["Naive CI"] P1[Push] --> A1[Run all 30 packages] A1 --> W1[90 jobs per PR] end subgraph Smart["Affected-Only CI"] P2[Push] --> D[Detect changes] D --> A2[Run 4 affected packages] A2 --> W2[12 jobs per PR] end ``` [GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners) bottleneck this in two ways: | Constraint | Impact | |------------|--------| | **Concurrency limits** | Free: 20 jobs, Team: 60, Enterprise: up to 500. A 90-job PR queues constantly. | | **Cache storage** | Historically 10GB per repo. 30 packages with pnpm, dist, and test caches fill it fast. Caches evict, builds run cold. | Learn more about [common GitHub Actions challenges](/blog/github-actions-challenges) and [caching strategies](/blog/github-actions-cache). --- ## Affected-Only Execution Detect which packages changed, run CI only for those plus their dependents. This is the difference between 90 jobs and 8 jobs per PR. ### The Wrong Way ```yaml # Don't do this - runs all 50 packages on every push jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: bun install - run: bun test ``` ### The Right Way The `--filter` flag tells Turborepo to only run tasks for packages changed since `origin/main`. The `...` syntax includes dependents. ```yaml jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # Required for git comparison - run: bun install - run: bunx turbo run test --filter='...[origin/main...HEAD]' ``` See the [Turborepo GitHub Actions guide](https://turborepo.dev/docs/guides/ci-vendors/github-actions). Nx uses `NX_BASE` and `NX_HEAD` environment variables. The [`nrwl/nx-set-shas`](https://github.com/nrwl/nx-set-shas) action sets these correctly for PRs and push events. ```yaml jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: nrwl/nx-set-shas@v4 - run: bun install - run: bunx nx affected -t test --base=$NX_BASE --head=$NX_HEAD ``` See the [Nx affected command docs](https://nx.dev/docs/features/ci-features/affected). ### Common Footguns Both tools need git history to compare changes. Default `actions/checkout` does a shallow clone with `fetch-depth: 1`. You need `fetch-depth: 0` for full history, or enough depth to reach your merge-base. On a PR, compare against the base branch. On push to main, compare against the previous commit. Turborepo handles this with `[origin/main...HEAD]`. Nx requires the `nx-set-shas` action. PRs from forks may need explicit fetch: ```yaml - run: git fetch origin main:main ``` Changes to `package.json`, `turbo.json`, or `bun.lockb` at the root might affect all packages. Both tools handle this, but verify your config triggers full CI when needed. For explicit control over root changes: ```yaml - id: check-root run: | if git diff --name-only origin/main...HEAD | grep -qE '^(package\.json|turbo\.json|bun\.lockb)$'; then echo "root_changed=true" >> $GITHUB_OUTPUT else echo "root_changed=false" >> $GITHUB_OUTPUT fi - name: Run affected tests if: steps.check-root.outputs.root_changed != 'true' run: bunx turbo run test --filter='...[origin/main...HEAD]' - name: Run all tests (root changed) if: steps.check-root.outputs.root_changed == 'true' run: bunx turbo run test ``` --- ## Caching That Works Dependency caching is necessary but not sufficient. Build artifacts are where real time savings live. ### Dependency Caching **bun** is excellent for monorepos. Its binary lockfile and global cache mean fast installs with minimal overhead. ```yaml - uses: oven-sh/setup-bun@v2 - uses: actions/cache@v4 with: path: ~/.bun/install/cache key: bun-${{ runner.os }}-${{ hashFiles('bun.lockb') }} restore-keys: bun-${{ runner.os }}- - run: bun install ``` **pnpm**'s content-addressable store means identical dependencies across packages are stored once: ```yaml - uses: pnpm/action-setup@v2 with: version: 9 - uses: actions/setup-node@v4 with: node-version: '22' cache: 'pnpm' ``` ### Build Artifact Caching For TypeScript monorepos, cache `dist` folders and `.tsbuildinfo` files: ```yaml - uses: actions/cache@v4 with: path: | packages/**/dist packages/**/.tsbuildinfo key: build-${{ runner.os }}-${{ hashFiles('packages/**/src/**', 'packages/**/tsconfig.json') }} restore-keys: build-${{ runner.os }}- ``` Use `hashFiles` on source content, not `github.sha`. Every commit has a different SHA, so you'd almost never hit cache. Content-based keys mean identical source produces hits regardless of commit. The `restore-keys` fallback means partial hits still help—you get a recent build even if today's exact hash isn't cached. ### Why Naive Caching Falls Short - **Key granularity matters.** One key for all packages = any change invalidates everything. Per-package keys = 50 cache operations per job. - **Size limits bite.** A 30-package TypeScript monorepo can exceed storage limits fast. Caches evict under LRU. Jobs run cold. - **Restore time scales with size.** A 2GB cache takes 30-60 seconds to restore. If your build only takes 90 seconds, you've added 50% overhead. --- ## Matrix Strategies for Parallel Testing Once you've detected affected packages, parallelize their execution across runners. ### Dynamic Matrix Generation Generate the matrix from affected packages, not hardcoded: ```yaml jobs: detect: runs-on: ubuntu-latest outputs: packages: ${{ steps.affected.outputs.packages }} base_sha: ${{ steps.set-base.outputs.base_sha }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - id: set-base run: | BASE_SHA=$(git merge-base origin/main HEAD) echo "base_sha=$BASE_SHA" >> $GITHUB_OUTPUT - run: bun install - id: affected run: | PACKAGES=$(bunx turbo run test --filter='...[${{ steps.set-base.outputs.base_sha }}...HEAD]' --dry-run=json | jq -c '[.tasks[].package] | unique') echo "packages=$PACKAGES" >> $GITHUB_OUTPUT test: needs: detect if: ${{ needs.detect.outputs.packages != '[]' }} strategy: matrix: package: ${{ fromJson(needs.detect.outputs.packages) }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: bun install - run: bunx turbo run test --filter=${{ matrix.package }} ``` Between the detect job and test jobs, someone might merge to main. If you use `origin/main` directly, the affected calculation might not match reality when tests run. Pinning the merge-base SHA ensures consistency. ### When Matrix Helps vs Hurts | Matrix helps when... | Matrix hurts when... | |---------------------|----------------------| | Package tests are slow (>2 min) | Package tests are fast (<30 sec) | | You have concurrency headroom | Job startup exceeds test time | | Tests are independent | Concurrency limits mean jobs queue anyway | For fast tests, a single job running all affected packages sequentially might be faster than 10 matrix jobs each spending 30 seconds on setup. ### Test Sharding Within Packages If one package has 80% of your test time, shard within it. Learn more about [running concurrent tests effectively](/blog/concurrent-tests): ```yaml strategy: matrix: package: ${{ fromJson(needs.detect.outputs.packages) }} shard: [1, 2, 3, 4] steps: - run: bunx turbo run test --filter=${{ matrix.package }} -- --shard=${{ matrix.shard }}/4 ``` A 12-minute test suite becomes 3 minutes wall-clock (with sufficient concurrency). ### Concurrency Reality Check 30 jobs at 2 minutes each on 20 concurrent slots: - First batch: 20 jobs run (2 min) - Second batch: 10 jobs run (2 min) - **Total: 4 minutes** instead of 2 with unlimited concurrency This is where infrastructure becomes the bottleneck, not configuration. --- ## Remote Caching [Turborepo's remote cache](https://turbo.build/repo/docs/core-concepts/remote-caching) shares build artifacts across CI runs. PR #2 doesn't rebuild what PR #1 already built. ### Why It Matters for CI Without remote caching, every CI run starts cold. With it, PRs share work. A team running 50 PRs/day with 30-minute builds can save 20+ hours daily at 80% hit rate. ```yaml jobs: build: runs-on: ubuntu-latest env: TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} TURBO_TEAM: ${{ vars.TURBO_TEAM }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: oven-sh/setup-bun@v2 - run: bun install - run: bunx turbo run build test lint --filter='...[origin/main...HEAD]' ``` The environment variables authenticate with Vercel's remote cache. No additional config needed. ```yaml env: TURBO_API: 'https://your-cache-server.com' TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} TURBO_TEAM: 'your-team' ``` You can self-host with S3, GCS, or other storage backends. --- ## Nx Commands Reference ### Affected vs run-many ```yaml # Affected projects only (use for PR CI) - run: bunx nx affected -t test # All projects (use for nightly/release builds) - run: bunx nx run-many -t test --all # Specific projects - run: bunx nx run-many -t test --projects=app1,app2 ``` The `--parallel` flag controls tasks within a single job (different from matrix parallelism across jobs): ```yaml - run: bunx nx affected -t lint test build --parallel=3 ``` ### Nx Cloud Distributed Execution [Nx Cloud DTE](https://nx.dev/ci/features/distribute-task-execution) automatically distributes tasks across multiple agents: ```yaml jobs: main: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: nrwl/nx-set-shas@v4 - run: bun install - run: bunx nx-cloud start-ci-run --distribute-on="5 linux-medium-js" - run: bunx nx affected -t lint test build agents: runs-on: ubuntu-latest strategy: matrix: agent: [1, 2, 3, 4, 5] steps: - uses: actions/checkout@v4 - run: bun install - run: bunx nx-cloud start-agent ``` For 100+ package monorepos, DTE can reduce CI from hours to minutes. ### Turborepo vs Nx | | Turborepo | Nx | |---|-----------|-----| | **Setup** | Simpler, faster to adopt | More configuration options | | **Cold start** | Faster (~5MB runtime) | Larger (~40MB) | | **Remote cache** | Vercel integration or self-host | Nx Cloud | | **Distributed execution** | Manual with matrix | Built-in with Nx Cloud | | **Polyglot support** | JS/TS focused | Go, Rust, Java, etc. | | **Best for** | Under 50 packages, JS/TS | 100+ packages, polyglot | Both integrate cleanly with GitHub Actions. Choose based on scale and whether you need distributed execution. --- ## Measuring Performance Run these before optimizing to quantify your opportunity: ```bash # How many tasks run today? bunx turbo run test --dry-run | grep "Tasks:" # How many with affected-only? bunx turbo run test --filter='...[origin/main...HEAD]' --dry-run | grep "Tasks:" ``` If full CI runs 45 tasks and affected runs 4, you're doing 10x more work than necessary. ### Key Metrics | Metric | How to measure | Target | |--------|---------------|--------| | **Affected ratio** | Tasks with filter vs without | Under 20% of total | | **Cache hit rate** | Run same build twice, count `FULL TURBO` | Above 80% | | **Queue time** | "Queued" vs "In progress" timestamp | Under 30 sec average | | **Wall-clock vs CI minutes** | Total time vs sum of job times | High wall-clock + low minutes = queue saturation | --- ## When Infrastructure Is the Bottleneck Configuration optimization has limits. At some point, infrastructure is the constraint. ### Signs You've Hit the Limit - [ ] Jobs queue even with optimized configs - [ ] Cache operations take longer than builds - [ ] Matrix strategies don't improve wall-clock time - [ ] Cost scales linearly despite optimizations ### What Moves the Needle 1. **Affected-only execution** — configuration 2. **Remote caching** — configuration + service 3. **Unlimited concurrency** — infrastructure 4. **Faster cache I/O** — infrastructure 5. **Faster runners** — infrastructure [GitHub-hosted runner limits](https://docs.github.com/en/actions/reference/limits) vary by plan: Free (20), Pro (40), Team (60), Enterprise (up to 500). Cache storage has historically been 10GB per repo. WarpBuild removes these constraints. Unlimited concurrency means matrix strategies actually parallelize. 50GB+ cache storage means caches don't evict. Change `runs-on: ubuntu-latest` to `runs-on: warpbuild-ubuntu-22.04-x64-4x` and the infrastructure constraints disappear. --- ## What To Do Next ### Measure your waste ```bash bunx turbo run test --dry-run | grep "Tasks:" bunx turbo run test --filter='...[origin/main...HEAD]' --dry-run | grep "Tasks:" ``` The difference is your optimization opportunity. ### Check cache hit rate Look for `FULL TURBO` (hit) vs `cache miss` in Turborepo output. Below 80% on repeated runs means cache keys or storage need attention. ### Calculate queue time In GitHub Actions, compare "Queued" to "In progress" timestamps. Over 30 seconds average means you're hitting concurrency limits. ### Implement affected-only execution Start with `--filter='...[origin/main...HEAD]'` for Turborepo or `nx affected` for Nx. Pin your base SHA to avoid race conditions. ### Enable remote caching Vercel's Turborepo cache or Nx Cloud. Setup takes 10 minutes. Run the same build twice and watch the second complete in seconds. ### Evaluate infrastructure If you've optimized config and still hit limits, the constraint is infrastructure: unlimited concurrency and faster cache I/O are the next lever. --- *Need unlimited concurrency and faster caching for your monorepo? WarpBuild removes GitHub's infrastructure constraints with a single line change. [Start free →](https://www.warpbuild.com)* --- # GitHub Actions Price Change URL: https://www.warpbuild.com/blog/github-actions-price-change Description: GitHub Actions reduces pricing for GitHub hosted runners and adds a new $0.002/minute cost for self-hosted runners. --- title: "GitHub Actions Price Change" excerpt: "GitHub Actions reduces pricing for GitHub hosted runners and adds a new $0.002/minute cost for self-hosted runners." description: "GitHub Actions reduces pricing for GitHub hosted runners and adds a new $0.002/minute cost for self-hosted runners." date: "2025-12-15" author: surya_oruganti cover: "/images/blog/github-actions-price-change/cover.png" --- GitHub Actions reduces pricing by 15-39% for GitHub hosted runners (from 2026-01-01) and adds a new $0.002/minute cost for self-hosted runners (from 2026-03-01). GitHub [recently wrote](https://github.blog/news-insights/product-news/lets-talk-about-github-actions/) that developers used 11.5 billion GitHub actions minutes in 2025. One can safely assume that a majority of this comes from enterprises, who in turn use self-hosted runners. In the earlier model with free self-hosted runner usage, GitHub had no way to monetize most of the actions usage. This new GitHub actions self-hosted runner tax is a simple way for GitHub to monetize their actions platform and push users to use their own runners. Note: [BitBucket recently announced](https://www.atlassian.com/blog/bitbucket/announcing-v5-self-hosted-runners) that they will be charging for self-hosted runners as well. This is a significant change and we break down what it means. ## GitHub's new tax on self-hosted runners GitHub adds a new $0.002/minute cost for self-hosted runners. This is a new cost charged by GitHub for all users except for GitHub Enterprise Server (GHES) customers. ## Reduced pricing for GitHub hosted runners GitHub has reduced pricing for GitHub hosted runners. The computation is as follows: Smaller runners see a lesser reduction in price, whereas the larger runners see a greater reduction. It's fantastic to see that GitHub is reducing pricing for GitHub hosted runners. However, the magnitude of the reduction is not as significant as one might expect. ## Pricing table | OS | vCPUs | Old Price | New Price | WarpBuild Price | delta | | ---- | ---- | --------- | --------- | --------------- | ----- | | ubuntu | 2 | $0.008 | $0.006 | $0.004 | $0.002 | | ubuntu | 4 | $0.016 | $0.012 | $0.008 | $0.004 | | ubuntu | 8 | $0.032 | $0.022 | $0.016 | $0.006 | | ubuntu | 16 | $0.064 | $0.042 | $0.032 | $0.010 | | ubuntu | 32 | $0.128 | $0.082 | $0.064 | $0.018 | | windows | 2 | $0.016 | $0.010 | $0.008 | $0.002 | | windows | 4 | $0.032 | $0.022 | $0.016 | $0.006 | | windows | 8 | $0.064 | $0.042 | $0.032 | $0.010 | | windows | 16 | $0.128 | $0.082 | $0.064 | $0.018 | | windows | 32 | $0.256 | $0.162 | $0.128 | $0.034 | | macos | 6 | $0.160 | $0.102 | $0.080 | $0.022 | The `delta` column shows the difference between the reduced GitHub hosted runner price and the WarpBuild price. Two important observations: 1. WarpBuild runners are cheaper, even after including the $0.002/minute self-hosted runner tax imposed by GitHub. 2. WarpBuild runners are ~twice as fast, so the observed costs are still significantly lower than the GitHub hosted runners. ## Optimizing for cost Here are the practical implications and considerations to optimize for cost, given the new pricing. These are generic and ensure you think through your workflows and runners before making any changes. ### 1. Self-hosting runners or using WarpBuild runners is still cheaper Despite the $0.002/minute self-hosted runner tax, self-hosting runners on your cloud (aws/gcp/azure/...) or using WarpBuild runners remains the cheaper option. ### 2. Prefer larger runners If your workflow scales with the number of vCPUs, prefer larger runners. That ensures you spend fewer minutes on the runner, which reduces the GitHub self-hosted runner tax. For example, using `actions-runner-controller` with heavy jobs running on 1 vcpu runners is not a good idea. Instead, prefer a 2vcpu runner (say) if it runs the job ~2x faster. ### 3. Prefer faster runners All else being equal, prefer faster runners. That ensures you spend fewer minutes on the runner, which reduces the GitHub self-hosted runner tax. For example, if you're self-hosting on aws and using a `t3g.medium` runner, it's better to use a `t4g.medium` runner since the newer generation is faster, but not much more expensive. WarpBuild runners have higher single core performance than aws/gcp/azure hosted runners. This is coupled with directly attached NVMe disks for fast disk IO. ### 4. Prefer fewer shards If you have a lot of shards for your jobs (example: tests on ~50 shards), consider reducing the number of shards and parallelizing the tests on fewer but larger runners. ### 5. Improve job performance This is not new advice, but it's now more important than ever because of the additional GitHub self-hosted runner tax. ### 6. Use GitHub hosted runners for very short jobs For linters and other very short jobs, it's better to use GitHub hosted runners. ## What's not changing? 1. Public repos generally stand to gain from this change. - Standard runner size (`ubuntu-latest`) is still free. - No $0.002/minute tax for self-hosted runners. 1. GitHub Enterprise Server (GHES) users do not have the $0.002/minute tax. ## 🚀 Try WarpBuild Using WarpBuild runners is cheaper than using GitHub hosted runners, even after including the $0.002/minute self-hosted runner tax. WarpBuild Cloud Runners are baremetal servers with high single core performance and directly attached NVMe disks for fast disk IO. This paired with caching and snapshotting capabilities, WarpBuild runners are a great way to optimize your workflows and save money. --- # A Developer's Guide to Speeding Up GitHub Actions URL: https://www.warpbuild.com/blog/github-actions-speeding-up Description: A Developer's Guide to Speeding Up GitHub Actions --- title: "A Developer's Guide to Speeding Up GitHub Actions" excerpt: "A Developer's Guide to Speeding Up GitHub Actions" description: "A Developer's Guide to Speeding Up GitHub Actions" date: "2023-11-13" author: surya_oruganti cover: "/images/blog/github-actions-speeding-up/thumbnail.png" --- GitHub Actions offer a powerful tool for automating CI/CD pipelines. However, slow runs can be frustrating. This guide provides an exhaustive evaluation of GitHub Actions workflow performance and suggests effective mitigation strategies. Struggling with debugging GitHub actions? Try our free tool, Action Debugger by WarpBuild, which allows real-time debugging via SSH into a running workflow. If you are just starting off on GitHub Actions performance optimization, here are the first 3 things you should do: 1. **Cache Dependencies:** Reduce build times by avoiding repetitive dependency downloads. 2. **Parallelize Jobs:** Accelerate workflows by running jobs concurrently. 3. **Use Powerful Runners:** For intensive tasks, custom runners with high-spec hardware are beneficial. Here is a comprehensive list of factors that can affect GitHub Action performance, along with examples and mitigation strategies. ## Workflow and Script Configuration ### Complex Workflows - **Description**: Workflows with many steps or intricate logic can take longer to execute. - **Example**: A workflow that includes multiple build processes, testing across different environments, and deployment steps can become time-consuming. - **Mitigation**: Simplify workflows by breaking them into smaller, more focused jobs. Use conditional steps to avoid unnecessary runs. ### Inefficient Build Scripts - **Description**: Scripts not optimized for performance can slow down the workflow. - **Example**: A build script that compiles code without leveraging caching or incremental builds. - **Mitigation**: Refactor scripts for efficiency, use caching where possible, and remove redundant operations. ### Misconfigured Workflow Triggers - **Description**: Triggers that initiate workflows unnecessarily or too frequently can cause delays. - **Example**: A workflow set to trigger on every push, including documentation updates, can lead to unneeded builds. - **Mitigation**: Configure triggers carefully, such as triggering workflows only on specific branches or for specific types of changes. ### Poorly Managed Artifacts/Logs - **Description**: Large or numerous build artifacts and logs can slow down operations. - **Example**: Saving extensive logs or large binary files after every build can consume significant storage and bandwidth. - **Mitigation**: Implement log rotation, compress artifacts, and retain only essential artifacts. If using self-hosted runners, the default GitHub cache can be extremely slow. Consider hosting your own cache server and/or artifact registry that is closer to compute. ## Repository and Codebase Factors ### High Repository Size - **Description**: Large repositories with extensive histories or large files take longer to clone and process. - **Example**: A repository with gigabytes of historical data and large binary files will be slow to clone. - **Mitigation**: Use Git LFS for large files, prune old branches, and compact repository history. ### Build Complexity - **Description**: Complex applications with many dependencies and modules require more time to build. - **Example**: A project with dozens of dependencies and a multi-module structure. - **Mitigation**: Optimize build processes, use dependency caching, and modularize the codebase. ### Dependency Management - **Description**: Fetching large or numerous external dependencies can be time-consuming. - **Example**: A build process that downloads hundreds of npm packages or large Docker images. - **Mitigation**: Cache dependencies and consider using a package manager that supports efficient dependency resolution. ## GitHub Hosted Runner Specifications ### Computational Resources - **Description**: Limited CPU and memory on runners can slow down intensive tasks. - **Example**: Compiling a large application on a runner with only 2 CPU cores and limited RAM. - **Mitigation**: Optimize code for resource efficiency or use self-hosted runners with better specs. ### Disk I/O Performance - **Description**: Disk speed and capacity affect tasks involving significant read/write operations. - **Example**: A workflow that involves processing large datasets stored on disk. - **Mitigation**: Optimize disk usage, consider storing less data on disk, or use self-hosted runners with faster disks. ### Network Bandwidth - **Description**: Limited network speed can delay tasks that require data transfer. - **Example**: Uploading large build artifacts or pulling large Docker images from a registry. - **Mitigation**: Compress data before transfer, reduce the size of artifacts, and use Docker layer caching. ## External and Environmental Factors ### External Dependencies - **Description**: Reliance on external services or APIs can introduce delays. - **Example**: A workflow that makes numerous calls to external APIs, which may be slow or rate-limited. - **Mitigation**: Minimize external API calls, implement retry logic with backoff, and use mocking for testing. ### Network Issues - **Description**: General internet connectivity problems or specific network issues can cause delays. - **Example**: Slowdowns due to poor network performance in the runner's region. - **Mitigation**: If persistent, consider using self-hosted runners in a different region with better connectivity. ### Service Outages/Degradation - **Description**: Issues with GitHub or third-party services can impact workflow performance. - **Example**: Delays or failures due to GitHub service outages. - **Mitigation**: Implement error handling and retry mechanisms, stay informed about service statuses. ### Rate Limiting - **Description**: Hitting rate limits on external APIs or services used in workflows. - **Example**: Exceeding the API rate limit of a third-party service used in a build process. - **Mitigation**: Optimize API usage, cache responses where possible, and handle rate limit errors gracefully. ## Resource Management and Optimization Strategies ### Caching Strategies - **Description**: Effective use of caching can significantly reduce build times. - **Example**: Rebuilding dependencies in every run can be time-consuming. Using cached dependencies speeds up the process. - **Mitigation**: Implement caching for dependencies, build outputs, and other reusable data to avoid unnecessary repetition. ### Parallelization - **Description**: Running tasks in parallel can reduce overall workflow duration. - **Example**: Sequential execution of tests can be slow. Running tests in parallel across different runners can speed it up. - **Mitigation**: Break down workflows into parallelizable jobs and use matrix strategies for testing across environments. ### Resource Allocation Policies - **Description**: GitHub's internal resource allocation can affect performance. - **Example**: During peak times, resource contention might slow down workflows. - **Mitigation**: Optimize workflows to run efficiently with available resources and consider off-peak scheduling. ### Use of Self-Hosted Runners - **Description**: Custom hardware specifications can meet specific performance needs. - **Example**: A workflow requiring high CPU and RAM might be slow on GitHub-hosted runners. This is especially true of disk intensive workloads and workflows that require GPUs. - **Mitigation**: Set up self-hosted runners with tailored resources for intensive workflows. ## Platform-Specific Constraints and Policies ### Concurrent Usage Limits - **Description**: Limits on the number of concurrent workflows can delay execution. - **Example**: If multiple workflows are queued, subsequent ones will wait, causing delays. - **Mitigation**: Optimize workflow triggers and durations to minimize queuing delays. ### Resource Throttling Policies - **Description**: GitHub may limit resources to manage platform stability. - **Example**: Throttling can occur during times of high demand, affecting performance. - **Mitigation**: Design workflows to be efficient under varied resource availability conditions. ## Underlying Infrastructure and Platform Changes ### Updates in GitHub's Infrastructure - **Description**: GitHub's infrastructure changes can temporarily affect performance. - **Example**: Upgrades or maintenance activities can slow down or disrupt services. - **Mitigation**: Stay informed about GitHub updates, and plan for alternative strategies during scheduled maintenance. ### Environmental Variables Configuration - **Description**: Management of environment variables affects workflow efficiency. - **Example**: Misconfigured environment variables, like the `CI`, `DEBUG`, and `LOGLEVEL` variables, can lead to errors or inefficiencies. - **Mitigation**: Regularly review and optimize the use of environment variables, ensuring they are used effectively and securely. By addressing these factors, one can effectively manage resources, adapt to platform constraints, and stay responsive to changes in GitHub's infrastructure, all contributing to improved GitHub Action performance. ## A Note on GitHub-hosted Runner Processors The processors used in GitHub Actions runners are not optimized for CI and build workloads. They are server-grade processors designed for high-performance computing and data center workloads. The following table compares the specifications of the processors used in GitHub Actions runners (on 2023-11-13). From an anecdotal sampling of ~100 runs, the AMD EPYC 7763 64-Core Processor appears to be the most common processor used in GitHub Actions runners. | Processor Model | Class | Socket | Clockspeed | Turbo Speed | Cores/Threads | Typical TDP | Cache Size | Avg CPU Mark | Single Thread Rating | | ------------------------------------ | ------ | ----------- | ---------- | ----------- | ------------- | ----------- | ------------------------------------ | ------------ | -------------------- | | AMD EPYC 7763 64-Core Processor | Server | SP3 | 2.5 GHz | 3.5 GHz | 64/128 | 280 W | L1: 8128 KB, L2: 63.5 MB, L3: 512 MB | 86194 | 2577 | | Intel Xeon Platinum 8171M @ 2.60GHz | Server | FCLGA3647 | 2.6 GHz | 3.7 GHz | 26/52 | 165 W | L1: 1664 KB, L2: 26.0 MB, L3: 36 MB | 30632 | 2222 | | Intel Xeon Platinum 8272CL @ 2.60GHz | Server | FCLGA3647 | 2.7 GHz | 4.0 GHz | 26/52 | 205 W | L1: 1664 KB, L2: 26.0 MB, L3: 36 MB | 52386 | 2382 | | Intel Xeon Platinum 8370C @ 2.80GHz | Server | FCLGA4189 | 2.9 GHz | 3.5 GHz | 32/64 | 300 W | - | 55705 | 2479 | | Intel Xeon CPU E5-2673 v4 @ 2.30GHz | Server | FCLGA2011-3 | 2.3 GHz | 3.3 GHz | 20/40 | 135 W | L1: 1280 KB, L2: 5.0 MB, L3: 50 MB | 21576 | 2079 | For comparison, here are the specifications of some popular desktop processors: | Processor Model | Class | Socket | Clockspeed | Turbo Speed | Cores/Threads | Typical TDP | Cache Size | Avg CPU Mark | Single Thread Rating | | --------------------- | --------------- | --------- | ---------- | ----------- | -------------------- | ----------- | ----------------------------------- | ------------ | -------------------- | | Apple M3 8 Core | Desktop, Laptop | | 4.0 GHz | NA | 8 Cores, 8 Threads | | | 19247 | 4822 | | Intel Core i9-14900KF | Desktop | FCLGA1700 | 3.2 GHz | 6.0 GHz | 24 Cores, 32 Threads | 125 W | L1: 2176 KB, L2: 32.0 MB, L3: 36 MB | 61135 | 4798 | | Intel Core i9-13900KS | Desktop | FCLGA1700 | 3.2 GHz | 6.0 GHz | 24 Cores, 32 Threads | 150 W | L1: 2176 KB, L2: 32.0 MB, L3: 36 MB | 61924 | 4764 | | Intel Core i7-14700KF | Desktop | FCLGA1700 | 3.4 GHz | 5.6 GHz | 20 Cores, 28 Threads | 125 W | L1: 1792 KB, L2: 28.0 MB, L3: 33 MB | 54073 | 4541 | | Apple A17 Pro | Mobile/Embedded | | 3.8 GHz | NA | 6 Cores, 6 Threads | | | 12208 | 4515 | Source: [PassMark](https://www.cpubenchmark.net/) Note: ChatGPT was used to scrape processor information and structuring the article. They are not equivalent comparisons however, since desktop and mobile processors can have heterogeneous cores, which are optimized for different workloads. WarpBuild provides runners with high performance processors, which are optimized for CI and build workloads with fast disk IO and [improved caching](/docs/ci/features/caching). You can learn more about our hosted runners [here](/docs/ci/cloud-runners). ## Conclusion Improving the speed of your GitHub Actions isn't just about tweaking a few settings; it's about a holistic approach to workflow management, and resource optimization. By understanding the underlying factors, you'll be well on your way to more efficient, faster GitHub Actions. **Share & Feedback:** Found this guide useful? Share it with fellow engineers. Feedback and additional factors are welcome. I'm surya@warpbuild.com. **Keywords:** - GitHub Actions Performance - CI/CD Pipeline Optimization - Workflow Efficiency in GitHub - GitHub Actions Speed Tips - Developer Guide to GitHub Actions --- # Github Actions runners in your AWS account URL: https://www.warpbuild.com/blog/launch-byoc Description: WarpBuild can now manage Github actions runners on your own AWS account to increase security, customizability, and cut costs by 90% --- title: "Github Actions runners in your AWS account" excerpt: "WarpBuild can now manage Github actions runners on your own AWS account to increase security, customizability, and cut costs by 90%" description: "WarpBuild can now manage Github actions runners on your own AWS account to increase security, customizability, and cut costs by 90%" date: "2024-07-28" author: surya_oruganti cover: "/images/blog/launch-byoc/cover.png" --- ## Maximize Customizability and Cut Costs by 90% We're excited to announce a game-changing feature for WarpBuild: the ability to connect your own AWS cloud account. This integration allows WarpBuild to manage Github actions runners directly within your AWS environment in a VPC that you specify. By leveraging your own cloud resources, you can reduce costs by up to 90% compared to GitHub-hosted runners, while gaining access to WarpBuild's advanced features that streamline your development process.~ This is the most flexible, powerful, and cost effective way to run Github actions on your AWS account. ## BYOC: Advantages of the AWS Integration ### Unmatched Cost Efficiency By using your own AWS account, you take advantage of AWS's flexible pricing and billing, leading to substantial savings. Our benchmarks show cost reductions of up to 90%, allowing you to allocate your budget more effectively. - Leverage spot instances, preferred pricing and reserved instances to further reduce costs. - Choose your region to eliminate data transfer costs (ECR, NAT etc). ### Enhanced Flexibility Every project has unique needs, and WarpBuild's AWS integration offers the flexibility to tailor your infrastructure accordingly. Whether you need specific instance types, custom storage performance, or tailored network configurations, managing your own infrastructure empowers you to optimize resources to meet your exact requirements - securely. ### Fast Colocated Caches One of the standout features of WarpBuild's AWS integration is the implementation of fast colocated caches. By placing caches close to your build runners, we significantly reduce build times, ensuring your team spends less time waiting and more time coding. This proximity speeds up data access, enhances performance, and improves overall efficiency. ### Advanced Debugging Tools Debugging in complex environments can be a headache. With WarpBuild managing your AWS infrastructure, you gain access to sophisticated debugging tools. These tools provide deep insights into your builds, enabling you to quickly identify and resolve issues. Real-time monitoring, detailed logs, and comprehensive analytics are at your fingertips, making troubleshooting faster and more effective. ## Additional Benefits of Hosting Runners on Your AWS Account ### Improved Security - **Network Isolation**: By hosting runners within your own VPC, you can isolate your CI/CD environment from other internet traffic, enhancing security. - **Custom Security Groups**: Define precise security group rules to control inbound and outbound traffic to your runners, minimizing exposure to potential threats. - **IAM Roles and Policies**: Apply custom IAM roles to ensure that runners have only the permissions they need. ### Performance Optimization - **Proximity to Resources**: Running within your own VPC allows for low-latency access to other AWS resources such as servers, databases, storage, and other services, speeding up your CI/CD pipelines. - **Custom Instance Types**: Choose instance types that best match your workload requirements, optimizing for CPU, memory, and I/O performance. ### Compliance and Governance - **Data Residency**: Ensure data compliance by keeping your build data within specific geographic regions, adhering to data residency regulations. - **Audit Logging**: Utilize AWS CloudTrail and other monitoring tools to maintain detailed audit logs of all actions performed within your infrastructure. ### Scalability and Customization - **Auto Scaling**: WarpBuild automatically manages your infrastructure, ensuring that your runners are always available and ready to run your builds with zero wasted resources. - **Custom AMIs**: Use custom Amazon Machine Images (AMIs) to pre-configure runners with specific tools and dependencies, reducing setup time and ensuring consistency across builds. ### Enhanced Monitoring and Alerts - **Resource Tagging**: Apply tags to AWS resources to track usage and costs, enabling more effective budget management and cost allocation. - **CloudWatch Integration** (coming soon): Monitor your runners with Amazon CloudWatch, setting up alerts for key metrics to proactively manage performance and health. - **Detailed Metrics** (coming soon): Collect and analyze detailed metrics on runner performance, helping to identify bottlenecks and optimize build processes. ## How It Works 1. **Connect Your AWS Account**: Sign in to WarpBuild and navigate to the AWS integration section. Follow the simple steps to securely link your AWS account. 2. **Connect Your Infrastructure**: Specify your infrastructure setup. Choose your network, security groups according to your project needs. 3. **Configure Runners**: Choose your runner instance types, disk, and network configurations. WarpBuild managed images are available for use on your account without any changes. 4. **Deploy and Manage**: WarpBuild takes care of deploying and managing the runners within your AWS environment. Enjoy seamless builds with our fast colocated caches and advanced debugging tools. 5. **Monitor and Optimize** (coming soon): Use WarpBuild's intuitive dashboard to monitor your builds, analyze performance, and make data-driven decisions to optimize your infrastructure further. ## Get Started Today Start maximizing your development efficiency with WarpBuild's AWS integration. [Learn more](http://docs.warpbuild.com/ci/byoc) and follow our step-by-step guide to connect your AWS account. WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development and take your projects to the next level. --- Stay tuned for more updates and features coming soon. Happy building! --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). For support and inquiries, contact us at support@warpbuild.com. --- --- # M4Pro powered MacOS Runners for GitHub Actions URL: https://www.warpbuild.com/blog/m4pro-launch Description: New M4Pro powered MacOS runners for GitHub Actions --- title: "M4Pro powered MacOS Runners for GitHub Actions" excerpt: "New M4Pro powered MacOS runners for GitHub Actions" description: "New M4Pro powered MacOS runners for GitHub Actions" date: "2025-03-20" author: surya_oruganti cover: "/images/blog/m4pro-launch/cover.png" --- WarpBuild's new M4Pro powered MacOS runners for GitHub Actions are now available. This is a huge upgrade from the previous M2Pro powered runners and is a step towards providing the best possible experience for MacOS runners on GitHub Actions. ## What's new? The new runners are powered by the latest M4Pro processors and are 30% faster than the previous M2Pro runners in our benchmarks. They are the same price as the previous runners, but also come with a higher 22GB RAM (up from 14GB RAM previously). The PassMark single core CPU benchmark score for the M4Pro processor is 4625, vs 4100 for the M2Pro processor. ## How do I get access? All users have been upgraded to the new runners. When a MacOS runner is requested, the new M4Pro runners will be used. - Add the WarpBuild bot to your organization and provide permissions to the repository. - Change the runner type to `warp-macos-15-arm64-6x` in your GitHub actions workflow. Try out WarpBuild's new MacOS runners powered by the latest M4Pro processors - Documentation. - Get started. --- --- # Fast MacOS runners for GitHub Actions URL: https://www.warpbuild.com/blog/macos-runners Description: WarpBuild provides fast, ephemeral MacOS runners for GitHub actions that are 25% faster and 50% cheaper. --- title: "Fast MacOS runners for GitHub Actions" excerpt: "M2 Pro powered MacOS instances for GitHub Actions" description: "WarpBuild provides fast, ephemeral MacOS runners for GitHub actions that are 25% faster and 50% cheaper." date: "2024-01-28" author: surya_oruganti cover: "/images/blog/macos-runners/cover.png" --- WarpBuild now supports MacOS GitHub Actions runners on M2 Pros with 6vCPU and 14GB memory. On paper, this is comparable to the M1 powered `macos-13-xlarge` runners by GitHub but are 25% faster and 50% cheaper, with the same tools pre-installed. This is interesting for the following reasons: 1. Because managing Mac infra is a hassle. There are no orchestration mechanisms available for managing fleets of Mac instances. 1. Ephemeral runners for clean and reproducible builds are challenging to maintain. 1. GitHub runners are slow and pricey. 1. Build concurrency on MacOS instances is limited. WarpBuild addresses these challenges with the ability to run ephemeral VMs that can process GitHub actions workflows in a fast and secure manner. More details on the MacOS instance configuration is in [the docs here](/docs/ci/cloud-runners#macos-m2-pro-on-arm64). You can get started with using MacOS instances on WarpBuild by changing the runner to `warp-macos-latest-arm64-6x` in the GitHub workflow file. Our customers use WarpBuild MacOS runners for iOS and Mac app builds. They are seeing benefits of 25-70% reduction in build time, resulting in up to 85% reduction in cost per job. We're very excited to make it broadly available for everyone to use. WarpBuild supports `macos-13` and `macos-14` runners. | Runner Tag | CPU | Memory | Storage | Price | Aliases | | -------------------------- | ------ | ------ | -------- | ------------ | ---------------------- | | warp-macos-latest-arm64-6x | 6 vCPU | 14GB | 64GB SSD | $0.08/minute | warp-macos-13-arm64-6x | | warp-macos-14-arm64-6x | 6 vCPU | 14GB | 64GB SSD | $0.08/minute | | We are on a mission to build the world's fastest CI cloud. I'd love your feedback on the product and thoughts on your biggest challenges with CI workflows that you'd like to see addressed. --- # WarpBuild's Observability Architecture URL: https://www.warpbuild.com/blog/observability-architecture Description: How WarpBuild built a zero-maintenance observability system using S3, presigned URLs, and OpenTelemetry - achieving infinite scalability with minimal infrastructure. --- title: "WarpBuild's Observability Architecture" excerpt: "How WarpBuild built a zero-maintenance observability system using S3, presigned URLs, and OpenTelemetry - achieving infinite scalability with minimal infrastructure." description: "How WarpBuild built a zero-maintenance observability system using S3, presigned URLs, and OpenTelemetry - achieving infinite scalability with minimal infrastructure." author: surya_oruganti date: "2025-10-21" cover: "/images/blog/observability-architecture/cover.png" --- Observability is critical for understanding CI/CD performance, but traditional observability stacks are complex, expensive, and require significant operational overhead. WarpBuild took a radically different approach: an S3-first architecture that eliminates maintenance burden while providing infinite scalability. - **Zero maintenance**: No databases, no clusters, no operational burden - **Infinite scalability**: Built on S3's proven durability and scale - **Minimal infrastructure**: Two simple components instead of complex observability stacks - **Cost-effective**: Pay only for S3 storage and data transfer This post walks through the architecture decisions that make this possible and why this approach works uniquely well for CI observability. ## The Textbook Observability Stack Most observability systems follow a familiar pattern: ```mermaid flowchart LR Agent["Agent/Collector
on Runner"] --> Gateway["Gateway/
Aggregator"] Gateway --> Storage["Time-series DB
(Prometheus, InfluxDB)"] Storage --> Query["Query Service
(API Layer)"] Query --> UI["Dashboard UI"] ``` This architecture requires: - Multiple service tiers (collector, gateway, storage, query layer) - Database clusters with replication and backups - Query optimization and indexing strategies - Monitoring for the monitoring system - Capacity planning and scaling - Multi-tenant support in each of the tiers For general-purpose observability, this complexity is necessary. Since WarpBuild is not general purpose observability, it has unique characteristics that allow for a much simpler approach. Not cargo-culting hardcore observability architecture, but building for the specific use case of CI/CD observability has huge advantages in our case. ## WarpBuild's S3-First Architecture ### High-Level Architecture Here's the complete observability flow in WarpBuild: ```mermaid flowchart TB subgraph Runner["Runner"] OTEL["OTEL Collector"] Proxy["Proxy"] end Backend["WarpBuild Backend
(Presigned URL Generator)"] S3["S3 Storage"] UI["WarpBuild UI
(Browser)"] OTEL -->|Metrics & Logs| Proxy Proxy <-->|Request/Get
Presigned URL| Backend Proxy -->|Upload Data| S3 UI <-->|Request/Get
Presigned URL| Backend UI -->|Fetch Data| S3 ``` WarpBuild's observability architecture has two simple paths: ingestion and retrieval. ### Data Ingestion Path When a job runs on a WarpBuild runner, metrics and logs flow directly to S3: ```mermaid sequenceDiagram participant R as Runner participant O as OTEL Collector participant P as Proxy participant B as WarpBuild Backend participant S3 as S3 Bucket Note over R,O: Runner boots R->>O: Start OTEL collector Note over O: Collect metrics & logs Note over R: Job allocated alt Observability Disabled R->>O: Kill collector Note over O: Stop collection else Observability Enabled O->>P: Send metrics/logs P->>B: Request presigned URL B->>P: Return S3 presigned URL P->>S3: Upload data directly end ``` **Key components:** 1. **OpenTelemetry Collector**: Starts automatically when the runner boots, collecting system metrics (CPU, memory, disk, network) and logs. 2. **Conditional Collection**: When a GitHub Actions job is allocated, the system checks if observability is enabled. If disabled, the collector is killed immediately to save resources. 3. **Proxy Service**: A lightweight proxy running on the runner that handles authentication and presigned URL generation. This exists because OTEL collectors don't natively support S3 presigned URLs—they require long-lived credentials. 4. **Direct S3 Upload**: Using presigned URLs, data flows directly from the runner to S3 without passing through intermediate services. OpenTelemetry collectors are designed to work with credential-based authentication (IAM roles, access keys). Since WarpBuild uses presigned URLs for security and simplicity, the proxy translates between OTEL's credential expectations and S3's presigned URL model. The proxy is minimal and handles only URL generation and secure communication with the backend. ### Data Retrieval Path When a user views observability data in the WarpBuild UI, the architecture is even simpler: ```mermaid sequenceDiagram participant Browser participant Backend as WarpBuild Backend participant S3 as S3 Bucket Browser->>Backend: Request job metrics/logs Backend->>Backend: Generate presigned URLs Backend->>Browser: Return presigned URLs Browser->>S3: Fetch data directly Note over Browser: Display metrics & logs ``` The retrieval path has no intermediate query layer, no caching tier, no aggregation service. The browser fetches data directly from S3 and renders it. That's it. ## Why This Architecture Works This simplified architecture is possible because of several unique characteristics of CI/CD observability:
Unlike application monitoring where you need real-time alerting and complex queries, CI observability is primarily for **human consumption**. Developers want to see: - What resources did my job use? - When did the CPU spike? - What errors appeared in the logs? These are simple, single-job queries that don't require sophisticated query engines or real-time aggregation. Each CI job is isolated. Developers rarely need to query across multiple jobs simultaneously based on log contents or metric patterns. When aggregate analysis is needed (e.g., "show me all jobs that failed with X error this week"), AWS Athena can query S3 data directly using SQL without building a dedicated query layer. CI jobs typically generate a few megabytes of metrics and logs. Even heavy jobs rarely exceed tens of megabytes. This means: - S3's latency is acceptable (100-200ms to fetch a job's data) - Transfers are throughput bound, not latency constrained By using S3 as the primary storage and query layer, WarpBuild eliminates: - Database clusters that need monitoring and scaling - Index management and optimization - Backup and disaster recovery processes - Software upgrades and security patches S3 provides 99.999999999% (11 nines) durability and built-in versioning, replication, and lifecycle management.
## Architecture Benefits The entire observability system is two components: 1. OTEL collector with S3 export (via proxy) 2. Presigned URL generation in the backend The most important benefit is that we do not need to manage any infrastructure, while providing extremely fast data retrieval for end users as we do not have throughput bottlenecks with databases. At 1 Million jobs/day, the data volume is ~1TB/day, which quickly gets out of control in databases. Besides, we do not need database features like aggregation, indexing, etc. Traditional observability stacks cost many thousands of dollars per month for database clusters, monitoring infrastructure, not including engineering time. With our architecture at 1 million jobs/day with 1MB data each, the total cost is ~$700/month instead of thousands - a 100x cost reduction with better reliability. This architecture isn't great for: - Aggregate analysis of metrics (p50, p90, p99, deviation from the median, etc.) - Metrics visualization (histogram, scatter plot, etc.) However, this is easily achievable by layering on AWS Athena and other tools. ## Conclusion Context matters. The "textbook" observability stack is necessary for real-time monitoring and complex querying, but our requirements allow for radical simplification. By leveraging S3's durability, scalability, and simplicity, WarpBuild delivers robust observability with: - Zero maintenance burden - Infinite scalability - Two simple components instead of a complex stack, with no scalability concerns This architectural decision embodies WarpBuild's philosophy: **build for scale with minimal people**. As the platform grows, the observability system requires no additional engineering effort - it just works. Our architecture is inspired by the rise of S3-first architectures in the industry including turbopuffer and others. --- ### Learn More - **View job metrics and logs**: [WarpBuild Observability Dashboard](https://app.warpbuild.com/ci/observability) - **Documentation**: [Observability Docs](/docs/ci/features/observability/) - **Get started**: [Quick Start Guide](/docs/ci/quick-start/) Experience zero-maintenance observability alongside the world's fastest CI runners. Get started in minutes: [app.warpbuild.com](https://app.warpbuild.com) ### Call for developers We are looking for developers who are interested in building the future of CI/CD. If you are interested in this, get in touch with us at [hello@warpbuild.com](mailto:hello@warpbuild.com)! --- # Optimizing Dockerfiles for Fast Builds URL: https://www.warpbuild.com/blog/optimizing-docker-builds Description: Optimize Dockerfile definition for speeding up container builds and reducing image sizes --- title: "Optimizing Dockerfiles for Fast Builds" excerpt: "Optimize Dockerfile definition for speeding up container builds and reducing image sizes" description: "Optimize Dockerfile definition for speeding up container builds and reducing image sizes" date: "2023-12-28" author: prajjwal_dimri cover: "/images/blog/optimizing-docker-builds/cover.png" --- In this post, we will create a Dockerfile starting with a naive definition and incrementally improve it with well-established best practices used across the industry for illustrating the optimization that can be achieved in build time, and container size. A container image is a read-only template with instructions for creating a container. To build our own image, we need to create a Dockerfile which is just a series of instructions that describes how the image needs to be built. The project that we are going to build today is a simple backend server written in Go. We need to create a binary of our server. Additionally, the binary requires zstd(z-standard compression algorithm) to be present on the system. The code for the project is available at [https://github.com/WarpBuilds/docker-build-optimization-example-project/blob/main/Dockerfile](https://github.com/WarpBuilds/docker-build-optimization-example-project/blob/main/Dockerfile) The processes and steps described here are not language or framework specific. They can be adapted to any project. ### A note on terminology While container images originated in Docker, the company, they have become a standard way of packaging applications and running them in a portable manner. The specification for generating container images is now maintained by the Open Container Initiative (OCI), which is a part of the Linux Foundation. Writing a Dockerfile is the most common way to build an OCI compliant image. Colloquially, docker images and OCI images are used interchangeably. ## Initial Dockerfile Our first target is to write a Dockerfile that can build our code and get the server up and running. ```dockerfile # The base image. FROM ubuntu:22.04 # Sets the working directory for any instructions that follow it. WORKDIR /build # Copies all the files from the current directory and # adds them to the filesystem of the container. COPY . . # Upgrades all the installed packages using Ubuntu's package manager. RUN apt update -y RUN apt upgrade -y # The default ubuntu image doesn't validate proxy.golang.org as CA, # so we need to manually add it. RUN apt install golang-go ca-certificates openssl -y ARG cert_location=/usr/local/share/ca-certificates RUN openssl s_client -showcerts -connect proxy.golang.org:443 /dev/null|openssl x509 -outform PEM > ${cert_location}/proxy.golang.crt RUN update-ca-certificates # Installs Z-standard RUN apt install zstd -y # Verify Z-standard installation RUN zstd --version # Downloads dependencies of our project RUN go mod download # Builds the go binary ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . # Exposes port used by our backend server EXPOSE 8080 # Runs the backend server RUN chmod +x apiserver ENTRYPOINT ["./apiserver"] ``` ![Initial Docker Build Benchmark](/images/blog/optimizing-docker-builds/initial-benchmark.png) Build Time: `352.9s` Final image size: `1.42GB` An image is built from a Dockerfile using `docker build .` command. Running the build takes our system around `6 minutes` and the final image size is `1.42GB`. All the benchmarks are done on an Macbook Air M1 with 16GB RAM. Waiting `6 minutes` for every build is a really bad experience. Additionally, if the image is not cached, downloading a `1.42GB` image will impact the startup time of our container. So, let's address these issues. First, we will focus on optimizing our build time. Once that is done, we will address the issue of image size. ## Base Image For our first improvement, we can start using the GoLang image as our base image, which already contains GoLang SDK and correct CA certificate configuration. ```dockerfile # Changes to golang image FROM golang:1.21 WORKDIR /build COPY . . RUN apt update -y RUN apt upgrade -y RUN apt install zstd -y RUN zstd --version RUN go mod download ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . ENTRYPOINT ["/apiserver"] ``` ![Base Image Benchmark](/images/blog/optimizing-docker-builds/base-image-benchmark.png) Build Time: `38.5s` Final image size: `1.38GB` As you would have noticed, this has already reduced our build time quite significantly. The image size is reduced by a little bit as well. ## Layer Caching Docker uses the concepts of layers while building images. Each layer contains the filesystem changes to the image for the state before and after the execution an instruction. In our tests above, you would have noticed that the benchmarks deliberately delete all the cache. This is done so that we can notice the difference it makes when we do start using layer caching. Layer caching is enabled by default. If we build the Dockerfile above again, this time with layer caching, we can see that it takes us around `24s` compared to the `38s` it took us before. ![Layer Caching](/images/blog/optimizing-docker-builds/layer-caching.png) ![Layer Caching Benchmark](/images/blog/optimizing-docker-builds/layer-caching-benchmark.png) Build Time: `24.7s` Final image size: `1.38GB` ## Layer Ordering Docker caches every layer it creates. Whenever it encounters a layer that is changed, all the layer caches of the downstream layers are invalidated and built again. In our current Dockerfile, you would notice that every time any file changes, the `COPY . .` layer is invalidated and this causes all of the downstream steps to be built again. Let's first introduce a `.dockerignore` file, so that any changes to env files, .git folder etc. don't invalidate our cache. ``` # Files .dockerignore .editorconfig .gitignore .env.* Dockerfile Makefile LICENSE **/*.md **/*_test.go *.out # Folders .git/ .github/ build/ ``` As we are already aware, that the changes in any layer result in caches being invalidated of all the downstream layers. So, we should always try to order our Dockerfiles from the least changing instructions at the top to the most changing instructions at the bottom. For our project, we can move our dependency installation steps above our copy step. ```dockerfile FROM golang:1.21 WORKDIR /build RUN apt update -y RUN apt upgrade -y RUN apt install zstd -y RUN zstd --version COPY . . RUN go mod download ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . ENTRYPOINT ["/apiserver"] ``` ![Layer Ordering Benchmark](/images/blog/optimizing-docker-builds/layer-ordering-benchmark.png) Build Time: `17.9s` Final image size: `1.38GB` This reduces our cached build time to `18s`. We can optimise this further by only copying files required by dependency installer first i.e. `go.mod` and `go.sum` for Go projects. This will make sure that even if our code changes, our dependency installs are cached. ```dockerfile FROM golang:1.21 WORKDIR /build RUN apt update -y RUN apt upgrade -y RUN apt install zstd -y RUN zstd --version COPY go.mod go.sum ./ RUN go mod download COPY . . ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . ENTRYPOINT ["/apiserver"] ``` ![Dependency Install Benchmark](/images/blog/optimizing-docker-builds/dependency-install-benchmark.png) Build Time: `10.7s` Final image size: `1.38GB` This reduces our build time to `10.7s`. We started with a build time of around 6 minutes and have reached 10 seconds but our image size is still quite huge. Every time our image changes, our container would have to download the new image which will affect its startup time. Let's optimize that as well. ## Image Size First step to reduce our image size is to reduce our layers. Every layer that we introduce to our image increases its size. To reduce layers, we can bunch up our run statements together. ```dockerfile FROM golang:1.21 WORKDIR /build RUN apt update -y && apt upgrade -y && apt install zstd -y && zstd --version COPY go.mod go.sum ./ RUN go mod download COPY . . ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . ENTRYPOINT ["/apiserver"] ``` Although, in our case it will not have a large effect as we didn't have many layers to begin with. ## Multi-Stage Builds We use `golang:1.21` as our base image which is built on top of `debian`. It contains various packages and dependencies which we do not need. GoLang's build process generates a binary which can run on various systems even without GoLang SDKs installed. Let's address this by introducing another important concept in Docker known as Multi Stage Build. ```docker # Build stage FROM golang:1.21 AS builder WORKDIR /build COPY go.mod go.sum ./ RUN go mod download COPY . . ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . # Runtime stage FROM alpine:3.19 COPY --from=builder ["/build/apiserver", "/"] # Uses alpine's package manager to install zstd RUN apk add zstd && zstd --version ENTRYPOINT ["/apiserver"] ``` ![Final Benchmark](/images/blog/optimizing-docker-builds/final-benchmark.png) Build Time: `10.3s` Final image size: `34MB` We have now changed our Dockerfile to contain two stages. In the first build stage, we use `golang:1.21` base image to build our go source code and get a binary as output. We copy the binary to our runtime stage which uses `alpine:3.19` as its base. Alpine is a very lightweight linux distro suitable for creating light weight runtime images. We have also added zstd in our alpine base image as the binary requires it in runtime. The final size of our image is `34MB`. Our build time is also reduced by some milliseconds as Docker tries to run these stages in parallel, until it hits a dependency to output of another stage. Here we are assuming that our binary requires zstd to be installed on the system. If that was not the case, then we could have used the `scratch` base image which would have reduced our final image size to `25.7MB`. ```docker FROM golang:1.21 AS builder WORKDIR /build COPY go.mod go.sum ./ RUN go mod download COPY . . ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64 RUN go build -ldflags="-s -w" -o apiserver . FROM scratch COPY --from=builder ["/build/apiserver", "/"] # RUN apk add zstd && zstd --version ENTRYPOINT ["/apiserver"] ``` ## CI Builds All the concepts that we have talked about here are also applicable to building a docker image on CI systems. Let's see how we can run the docker build on GitHub CI with layer caching enabled. ``` name: Build Docker Image on: push: branches: - "main" jobs: docker: runs-on: ubuntu-latest steps: - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push uses: docker/build-push-action@v5 with: push: false # We are using GitHub's backend as the cache storage here. More info: # https://docs.docker.com/build/ci/github-actions/cache/#github-cache cache-from: type=gha cache-to: type=gha,mode=max ``` It takes us `2m6s` to build this for the first time without using cache. Using cache reduces the build time to `1m38s`. ## 🚀 Use WarpBuild Runners If you want to optimize your build times even further, you can use WarpBuild's runners. The same workflow, on a similar system to `ubuntu-latest`, finishes in `55s`. See the results for yourself here [https://github.com/WarpBuilds/docker-build-optimization-example-project/actions/runs/7326651267/job/19952582967](https://github.com/WarpBuilds/docker-build-optimization-example-project/actions/runs/7326651267/job/19952582967) Using WarpBuild Runners is as easy as replacing a line in your GitHub workflow file. ```diff - runs-on: ubuntu-latest + runs-on: warp-ubuntu-latest-x64-2x ``` ## Build Optimization Reference | Optimization Step | Build Time (seconds) | Image Size (GB) | | ------------------------ | -------------------- | --------------- | | Initial | 352.9 | 1.42 | | Specific Image selection | 38.5 | 1.38 | | Use caching | 24.4 | 1.38 | | Layer ordering | 17.9 | 1.38 | | Order file copying step | 10.7 | 1.38 | | Multi-stage builds | 10.3 | 0.034 (34MB) | ## Conclusion In this post, we have seen how we can optimize our Dockerfiles for faster builds and smaller image sizes. We have also seen how we can use WarpBuild Runners to further optimize our build times. This post focused on optimizing the definition of the Dockerfile and is foundational to optimizing the build times and image sizes. In the future, we will look at optimizing the build process itself through container layer caching in CI systems and alternate build systems like Bazel. --- # Optimizing Self-Hosted GitHub Actions Runner Costs URL: https://www.warpbuild.com/blog/optimizing-self-hosted-runner-costs Description: Checklist of strategies to cut self-hosted GitHub Actions costs with networking, caching, autoscaling, and compliance-friendly patterns. --- title: "Optimizing Self-Hosted GitHub Actions Runner Costs" excerpt: "Checklist of strategies to cut self-hosted GitHub Actions costs with networking, caching, autoscaling, and compliance-friendly patterns." description: "Checklist of strategies to cut self-hosted GitHub Actions costs with networking, caching, autoscaling, and compliance-friendly patterns." author: surya_oruganti cover: "/images/blog/optimizing-self-hosted-runner-costs/cover.png" date: "2025-10-21" --- import { Step, Steps } from 'fumadocs-ui/components/steps'; Running CI is essential, but your self-hosted runner bill doesn't have to be. This guide contains strategies to reduce costs without sacrificing reliability or compliance. We cite primary sources throughout so you can validate assumptions and adapt them to your environment to keep things vendor-neutral. Treat this post as a checklist - going through each item and applying the best practices to your environment will help you reduce costs. Before optimizing, baseline your usage and costs: - GitHub billing and usage: About billing, Viewing usage, Run usage API - Cloud cost explorers: AWS Cost Explorer, GCP Cloud Billing, Azure Cost Management ## Core cost optimization strategies ### Infrastructure optimization - Spot/Preemptible capacity: Typically 60-90% cheaper, but interruptible. Use job retries and checkpointing; isolate long-lived state from runners. - AWS EC2 Spot: capacity-optimized allocation; interruption notices. See EC2 Spot and best practices. - GCP Preemptible/Spot VMs: GCP Preemptible/Spot VMs - Azure Spot VMs: Azure Spot VMs - Autoscaling: Scale-to-zero when queues are empty; scale quickly when demand spikes. Combine queue depth, pending job counts, and target start SLOs. - Right-sizing: Measure CPU, memory, I/O. Choose the knee of the performance-cost curve, not the max spec. - Commitments: Reserved/Committed use discounts work for steady baselines; keep burst on spot. ```mermaid flowchart LR Q["Queued jobs?"] -->|No| Z["Scale to zero"] Q -->|Yes| T{"Target start SLO met?"} T -- No --> Up["Scale up"] T -- Yes --> K["Keep size"] Up --> R{"Budget guardrails?"} R -- Exceeded --> Fan["Reduce fan-out or size"] R -- OK --> Mon["Monitor"] ``` ### Ephemeral vs reusable runners Ephemeral runners (one job, then teardown) provide a guaranteed clean state and stronger isolation. Reusable runners keep state and caches across jobs to cut minutes but need hygiene. - Ephemeral: best for untrusted code, stricter compliance, and multi-tenant orgs. Trade-off: less cache reuse, potentially more minutes but lower security/ops risk. Most importantly, it leads to reproducible builds. This is highly recommended for CI. - Reusable: best for trusted repos and cache-heavy builds. Trade-off: requires cleanup to avoid state bleed; consider periodic reimage. Do this only if you have a good reason to keep the state. ```mermaid flowchart TD A["Repo trust: org-internal?"] -->|No| E["Use ephemeral"] A -->|Yes| C{"Cache hit rate high?"} C -- Yes --> R["Consider reusable"] C -- No --> E R --> H{"Compliance strict?
(PCI/HIPAA)"} H -- Yes --> E H -- No --> O{"High ops maturity
& ok with risk?"} O -- Yes --> RU["Use reusable"] O -- No --> E ``` - GitHub runner `--ephemeral` for one-job-per-runner: docs - actions-runner-controller RunnerScaleSet with ephemeral pods and scale-to-zero: ARC - Terraform AWS GitHub Runner module supports ephemeral, autoscaled runners on AWS: repo ### Caching and storage - Local dependency caches (npm, pip, gradle, cargo, etc.) via GitHub Actions cache. - Docker layer caching: Use Buildx and a registry/cache near compute via Docker Buildx cache. - Artifacts: Upload only what's needed, compress, and reduce retention. Example (Docker Buildx with GitHub cache backend): ```yaml - uses: docker/setup-buildx-action@v3 - uses: docker/build-push-action@v6 with: push: false cache-from: type=gha cache-to: type=gha,mode=max ``` | Strategy | Typical impact | Notes | | --- | --- | --- | | Dependency cache | 20-60% faster | Stable lockfiles help maximize hits | | Docker layer cache | 20-70% faster | Co-locate cache/registry with runners | | Artifact retention 7-14d | 80-90% storage reduction | From GitHub default 90d | | Reusable runners | Up to 40x faster | Depends on the size of the runner and the amount of state kept, requires periodic cleanup | ### Networking optimization Private subnets often require NAT for egress. NAT gateways typically charge hourly + per-GB processed. Heavy egress can dwarf compute savings. Prefer endpoints and keep traffic in-region. Public runners have direct internet egress (cheapest); private require NAT (higher cost but better control). Use hybrid: public for general CI, private for sensitive workloads. Use gateway endpoints (AWS S3, GCP Private Google Access, Azure service endpoints) to bypass NAT and reduce egress costs. Keep runners, registries, caches, and buckets in the same region/AZ to minimize cross-region and cross-AZ transfer charges. Use regional repos; avoid cross-region pulls. ```mermaid flowchart TB subgraph Region subgraph VPC["VPC / VNet"] Runners["Runners
(ASG/VMSS or K8s nodes)"] NAT["NAT
(only if needed)"] Endp["Endpoints:
S3/GCS/Storage,
ECR/AR/ACR"] end Cross-Account[("Cross-Account
Storage and Access")] end Runners --> Endp Runners --> Cross-Account Runners -.-> NAT ``` --- ## Open-source and free tools - actions-runner-controller (ARC): Kubernetes operator for autoscaling GitHub runners. - Terraform AWS GitHub Runner module: Serverless, autoscaling self-hosted runners on AWS. - Infracost: Cost impact in PRs. - AWS Cost Explorer, GCP Cloud Billing, Azure Cost Management. --- ## Cloud-specific optimization Use this accordion for provider details. Keep the rest of this guide cloud-agnostic.

Compute

  • EC2 Spot with capacity-optimized allocation; test multiple instance types. EC2 Spot
  • EKS + ARC for scale-to-zero runners; consider Karpenter for node right-sizing.

Networking

  • Prefer Gateway Endpoints for S3 and DynamoDB to avoid NAT traversal. VPC endpoints
  • Use Interface Endpoints for ECR API and ECR DKR (image pulls) to keep traffic private. ECR endpoints
  • NAT choices: gateway (hourly + per-GB) vs NAT instance for low throughput; place one NAT per AZ to avoid cross-AZ data charges. NAT pricing

Storage/Registry

  • S3 lifecycle policies and storage classes (IA/Glacier) for artifacts. S3 lifecycle
  • ECR repos in the same region; replicate only if needed. ECR

Terraform examples

```hcl resource "aws_vpc_endpoint" "s3" { vpc_id = var.vpc_id service_name = "com.amazonaws.${var.region}.s3" vpc_endpoint_type = "Gateway" route_table_ids = var.route_table_ids } ``` ```hcl resource "aws_vpc_endpoint" "ecr_api" { vpc_id = var.vpc_id service_name = "com.amazonaws.${var.region}.ecr.api" vpc_endpoint_type = "Interface" subnet_ids = var.private_subnet_ids security_group_ids = [aws_security_group.endpoints.id] private_dns_enabled = true } resource "aws_vpc_endpoint" "ecr_dkr" { vpc_id = var.vpc_id service_name = "com.amazonaws.${var.region}.ecr.dkr" vpc_endpoint_type = "Interface" subnet_ids = var.private_subnet_ids security_group_ids = [aws_security_group.endpoints.id] private_dns_enabled = true } ```

References: EC2 pricing, Spot, NAT pricing, VPC endpoints, S3 pricing

Compute

  • Spot/Preemptible VMs in Managed Instance Groups with multiple machine types. docs
  • GKE (Autopilot or Standard) with ARC; right-size node pools.

Networking

  • Enable Private Google Access so private VMs reach GCS/Artifact Registry without public egress. docs
  • Cloud NAT sized appropriately; avoid cross-region pulls. Cloud NAT pricing

Storage/Registry

  • Artifact Registry regional repos in the same region as runners. docs
  • GCS lifecycle rules for artifacts. docs

Examples

```hcl resource "google_compute_subnetwork" "subnet" { name = "ci-private" ip_cidr_range = var.cidr network = var.network region = var.region private_ip_google_access = true } ``` ```hcl resource "google_compute_router" "router" { name = "ci-router" network = var.network region = var.region } resource "google_compute_router_nat" "nat" { name = "ci-nat" router = google_compute_router.router.name region = var.region nat_ip_allocate_option = "AUTO_ONLY" source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" subnetwork { name = google_compute_subnetwork.subnet.name source_ip_ranges_to_nat = ["ALL_IP_RANGES"] } } ```

References: Compute pricing, Spot/Preemptible, Private Google Access, Cloud NAT pricing, Artifact Registry

Compute

  • Spot VMs in VM Scale Sets; consider capacity reservations for stability. docs
  • AKS with ARC; autoscaling node pools and right-sized SKUs.

Networking

Storage/Registry

  • ACR in-region with runners; enable geo-replication only if required. docs
  • Blob Storage lifecycle rules for artifacts. docs

Examples

```hcl resource "azurerm_subnet_service_endpoint_storage_policy" "storage" { name = "allow-storage" resource_group_name = var.rg virtual_network_name = var.vnet subnet_name = var.subnet storage_accounts = [azurerm_storage_account.artifacts.id] } ``` ```hcl resource "azurerm_private_endpoint" "acr" { name = "acr-pe" location = var.location resource_group_name = var.rg subnet_id = azurerm_subnet.private.id private_service_connection { name = "acr" private_connection_resource_id = azurerm_container_registry.acr.id is_manual_connection = false subresource_names = ["registry"] } } ```

References: VM pricing, Spot, NAT pricing, Private Endpoints, ACR

 --- ## Industry-specific considerations ### Financial services - SOC 2 and PCI-DSS drive stricter isolation and auditability. Prefer ephemeral runners for untrusted code; ensure logs are centralized (not as long-lived artifacts). - Use OIDC and short-lived credentials for cloud access; scope IAM roles tightly. - Keep sensitive builds in private subnets behind endpoints; avoid cross-region traffic. References: SOC 2, PCI-DSS ### Healthcare - HIPAA requires administrative, physical, and technical safeguards; do not store PHI in CI logs or artifacts. - Sign a BAA with your cloud provider; choose compliant regions; encrypt at rest and in transit. - Favor ephemeral runners and minimal artifact retention. References: HIPAA Security Rule, provider guidance for HIPAA on AWS, GCP, Azure --- ## Monitoring and cost tracking - Dashboards: minutes, spend, queue time, runner utilization, cache hit rates. - Alerts: budget thresholds, anomaly detection. - APIs: GitHub run usage API, cloud billing exports. ```bash # Org billing summary (requires org admin) gh api -H "Accept: application/vnd.github+json" /orgs/OWNER/settings/billing/actions | jq # Run timing (billable minutes) gh api -H "Accept: application/vnd.github+json" /repos/OWNER/REPO/actions/runs/123456/timing | jq ``` --- ## Advanced optimization strategies ### Ephemeral runners deep dive - CI reproducibility: ephemeral runners lead to reproducible builds. This is extremely important for CI. - Security-first: one job per VM/pod; automatic teardown eliminates drift. - Cost knobs: rely on remote/registry caches and artifact pruning to offset cache losses. - ARC RunnerScaleSet and Terraform AWS GitHub Runner module support ephemeral patterns out-of-the-box. ### Job batching and scheduling - Batching: batch nightly jobs and low-priority tasks in off-peak windows; restrict max-parallel to contain burst costs. - Spot-friendly pipelines: persist caches early, checkpoint long jobs to resume. ```mermaid flowchart TD S["Non-critical job?"] -->|Yes| Off["Schedule off-peak"] S -->|No| Now["Run now"] Off --> Spot["Prefer Spot/Preemptible"] Now --> Guard["Apply concurrency + timeouts"] ``` ### Workflow-level cost controls - Conditional execution (paths/paths-ignore), concurrency cancellation, timeouts, matrix throttling. - Keep storage cheap: compress artifacts, shorten retention, upload minimal logs. --- ## Cost comparison and ROI | Monthly workload | Hosted Linux x64 | Self-hosted on-demand | Self-hosted spot | Notes | | --- | --- | --- | --- | --- | | 10,000 min | $$ | $ | $ | Depends on instance type, cache hits, NAT/egress | | 100,000 min | $$$ | $$ | $-$$ | Maintenance overhead more salient | Exact numbers vary by region, instance type, cache effectiveness, and egress. Use cloud calculators and your actual run data. --- ## Implementation checklist Enable concurrency cancellation and job timeouts Reduce artifact retention to 7-14 days; compress logs Co-locate runners, registry, and artifacts in the same region Add storage/registry endpoints to avoid NAT traversal Introduce spot/preemptible runners with safe retry policies Migrate to ephemeral runners for untrusted code paths Adopt ARC or Terraform AWS GitHub Runner module for autoscaling Right-size instance SKUs based on utilization Implement per-team cost allocation and budgets Consolidate NAT and endpoint topology; reduce cross-AZ traffic Establish image baking with pre-baked caches --- ## References - GitHub Actions billing and usage: billing, usage, run usage API - AWS: EC2 pricing, Spot, NAT pricing, VPC endpoints, S3 pricing, ECR endpoints - GCP: Compute pricing, Spot/Preemptible, Private Google Access, Cloud NAT pricing, Artifact Registry - Azure: VM pricing, Spot, NAT pricing, Private Endpoints, ACR - Compliance: SOC 2, PCI-DSS, HIPAA Security Rule --- This guide is vendor-neutral; if you want managed building blocks that implement many of the above, see WarpBuild docs: [`/docs/ci/`](/docs/ci/). WarpBuild offers a comprehensive solution for self-hosted runners, including support for Linux, Windows, across all major cloud providers built for Enterprises. Get started today with WarpBuild: [`https://app.warpbuild.com/`](https://app.warpbuild.com/). WarpBuild also offers a cloud-hosted solution with high performance runners, that are 10x faster and 90% cheaper than GitHub hosted infrastructure, optimized for peak performance and seamless integration. --- # Rate Limit Cheatsheet for Self-Hosting Github Runners URL: https://www.warpbuild.com/blog/rate-limits-self-hosted-runners Description: Various rate limits to keep in mind when deciding to self-host GitHub Action Runners --- title: "Rate Limit Cheatsheet for Self-Hosting Github Runners" excerpt: "Various rate limits to keep in mind when deciding to self-host GitHub Action Runners" description: "Various rate limits to keep in mind when deciding to self-host GitHub Action Runners" date: "2024-06-12" author: prajjwal_dimri cover: "/images/blog/rate-limits-self-hosted-runners/cover.webp" --- When self-hosting GitHub Actions runners, understanding and managing rate limits across various services is crucial for maintaining efficient and uninterrupted CI/CD workflows. This guide provides an overview of rate limits for major services and some best practices to handle them effectively. This blog post is also accompanied with a handy _cheat-sheet_ which you can download [here](/images/blog/rate-limits-self-hosted-runners/cheatsheet.pdf). ## GitHub APIs GitHub imposes several rate limits to ensure fair usage. These can cause issues when you are trying to pull information from GitHub using their APIs. - **API requests from self-hosted runners**: 1,000 requests per hour across all actions within a repository. - **Primary rate limit for authenticated users**: 5,000 requests per hour. - **Primary rate limit for GitHub App installations**: - Minimum 5,000 requests per hour (can go up to 12,500 depending on the number of repos and users). - 15,000 requests per hour if the installation is on a GitHub Enterprise Cloud Organization. - **Primary rate limit for GITHUB_TOKEN in GitHub Actions**: 1,000 requests per hour per repository. For GitHub Enterprise Cloud Accounts, the limit is 15,000 requests per hour per repo. **Secondary Rate Limits**: Along with the primary limits above, GitHub also imposes secondary rate limits to limit concurrent calls from systems. - No more than 100 concurrent requests allowed. - No more than 900 read requests per minute or 180 write requests per minute to a single REST endpoint. ## Cloud Providers (Provisioning Runners) Keep these limits in mind when provisioning VMs as self-hosted runners on your preferred cloud provider. #### AWS EC2 - **Token Bucket algorithm**: Maximum of 1,000 tokens, with a refill rate of 2 tokens per second. #### Google Cloud Engine - **API Rate Limit**: 1,500 requests per minute per region. #### Microsoft Azure - **API Rate Limit**: 1,200 writes per hour per subscription. #### Hetzner Cloud - **API Rate Limit**: 3600 requests per hour per project. | These limits can be increased by contacting the respective cloud provider's support. ## Docker Hub Docker Hub enforces rate limits on container image pulls. As you can see, the limits are very less and are usually a major issue when using self-hosted runners. - **Anonymous users**: 100 pulls per 6 hours per IP address. - **Authenticated users**: 200 pulls per 6 hour period per account. - **Users with Paid Docker Subscription**: Up to 5,000 pulls per day. Read about how we dealt with this limitation in our runners in our blog post: [Docker registry mirror setup](https://www.warpbuild.com/blog/docker-mirror-setup) ## Image Registries ### Amazon ECR - **Authenticated**: 10 image pulls per second. - **Unauthenticated**: 1 image pull per second. ### Google Artifact Registry - **Rate Limits**: - 1,000 requests per second. - 300 write requests per second. ### Azure Container Registry - **Basic Tier**: - 1,000 read, 100 write operations per minute. - **Standard Tier** - 3000 read, 500 write operations per minute. - **Premium Tier**: - 10,000 read, 2000 write operations per minute. | These limits can be increased by contacting the respective cloud provider's support. ## Package Registries ### RubyGems - **Rate Limit**: 10 requests per second. ## Best Practices - **Monitor Usage**: Regularly check your usage against these quotas using tools provided by the respective cloud providers. - **Optimize API Calls**: Reduce the frequency of API calls where possible, using caching and batch operations. - **Request Increases**: If your usage patterns require higher limits, request quota increases for that service. By managing these rate limits and optimizing your interactions with these services, you can ensure smooth and efficient operations for your self-hosted GitHub runners. ## WarpBuild Runners With WarpBuild, most of the rate limiting cases above (VM provisiong, GitHub APIs, DockerHub APIs) are automatically handled for you. WarpBuild provides performant runners for GitHub Actions for a fraction of the cost. Supercharge your builds and [Go Warp!](https://www.warpbuild.com/) today. ## References: - [GitHub API Rate Limits](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting) - [Docker Hub Rate Limits](https://docs.docker.com/docker-hub/download-rate-limit/) - [EC2 Rate Limits](https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-throttling.html) - [Compute Engine Rate Quotas](https://cloud.google.com/compute/api-quota) - [Azure Throttling](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling) - [Hetzner Cloud Rate Limits](https://docs.hetzner.cloud/#rate-limiting) - [Amazon ECR Service Quotas](https://docs.aws.amazon.com/AmazonECR/latest/userguide/service-quotas.html) - [Google Artifact Registry Quotas](https://cloud.google.com/compute/quotas) - [Azure Container Registry Limits](https://github.com/MicrosoftDocs/azure-docs/blob/main/includes/container-registry-limits.md) - [Ruby Gems Rate Limit](https://guides.rubygems.org/rubygems-org-rate-limits/) --- # RSS feed generator from Markdown files URL: https://www.warpbuild.com/blog/rss-feed-generator Description: Generate RSS feeds from Markdown pages. --- title: "RSS feed generator from Markdown files" excerpt: "Generate RSS feeds from Markdown pages." description: "Generate RSS feeds from Markdown pages." date: "2024-11-11" author: surya_oruganti cover: "/images/blog/rss-feed-generator/cover.png" --- The [WarpBuild documentation site](https://docs.warpbuilds.com) is built with Docusaurus and hosted on Vercel. The documentation is a collection of markdown files stored in a Github repository. Here's a simple script to generate RSS feeds for the documentation pages. I used this script to generate the RSS feed for the [changelog](https://docs.warpbuilds.com/changelog) page so users can subscribe to the changelog via RSS, especially to keep track of breaking changes. This was built heavily leveraging `claude sonnet 3.5 v2` and `cursor`. [Docusaurus](https://docusaurus.io/showcase) is a static site generator with content in markdown and extensive customization options. It is maintained by Meta Open Source and is used by many popular companies including Meta, The Linux Foundation, and Red Hat. While Docusaurus has a great [RSS feed generator](https://docusaurus.io/docs/blog#rss-feed) for blog posts, it does not support RSS feeds for the documentation content page type. Hope you find this useful! ## RSS Feed Generator Usage The `changelog-to-rss.sh` script generates the `changelog.xml` file, which is the RSS feed for the changelog. 1. Keep the `slug` in the frontmatter of the changelog file the same as the filename. 2. The `slug` is used to generate the permalink for the changelog entry. 3. The `updatedAt` field in the frontmatter is used to set the date of the changelog entry. 4. The permalink points to the different sections in the changelog. 5. Sections starting with `###` in the changelog file are used as the title of the RSS item. 6. All the markdown files are in the `docs/changelog` directory, one file per month. The naming convention is `YYYY-monthname.mdx`. Example: `2024-October.mdx`. ## The Script The code for the script is available in the [warpbuilds/docs-rss-feed](https://github.com/warpbuilds/docs-rss-feed) repository. ```bash #!/bin/bash # Configuration FEED_TITLE="WarpBuild Changelog" FEED_DESC="WarpBuild platform updates, improvements, and bug fixes" FEED_LINK="/docs/ci/changelog" DOCS_BASE_URL="https://docs.warpbuild.com" OUTPUT_FILE="static/changelog.xml" CHANGELOG_DIR="docs/changelog" # Create RSS header cat > "$OUTPUT_FILE" << EOF $FEED_TITLE $FEED_DESC $FEED_LINK $(date -R) EOF # Function to convert date format for macOS convert_date() { local input_date="$1" if [ -z "$input_date" ]; then return 1 fi # Convert "Month DD, YYYY" to RFC822 format and strip the time portion date -R -j -f "%B %d, %Y" "$input_date" 2>/dev/null | sed 's/ [0-9][0-9]:[0-9][0-9]:[0-9][0-9] .*//' } # Function to create anchor-friendly string create_anchor() { local input="$1" if [ -z "$input" ]; then return 1 fi echo "$input" | tr '[:upper:]' '[:lower:]' | tr ' ' '-' | tr -d ',' 2>/dev/null } # Function to extract frontmatter value get_frontmatter_value() { local file="$1" local key="$2" awk -v key="$key:" '$1 == key {print substr($0, length(key) + 3)}' "$file" | tr -d '"' } # Function to process markdown content process_markdown() { local content="$1" local processed="$content" # Convert markdown to HTML first processed=$(echo "$processed" | perl -pe 's|\[([^\]]*)\]\(([^\)]*)\)|\1|g') # Properly escape HTML content processed=$(echo "$processed" | sed 's/\\n//g') echo "$processed" } # Process each changelog file in reverse chronological order for file in $(ls -r "$CHANGELOG_DIR"/*.mdx); do # Skip changelog.mdx if [[ $file == *"changelog.mdx" ]]; then continue fi # Get update date from frontmatter updated_at=$(get_frontmatter_value "$file" "updatedAt") title=$(get_frontmatter_value "$file" "title") # Extract the slug from the filename (remove path and extension) SLUG=$(basename "$file" .mdx) CONTENT="" CURRENT_DATE="" while IFS= read -r line; do # Look for changelog entries starting with ### if [[ $line =~ ^###[[:space:]]+(.*,[[:space:]]+[0-9]{4})$ ]]; then # If we have accumulated content, create an item if [ ! -z "$CURRENT_DATE" ] && [ ! -z "$CONTENT" ]; then RFC_DATE=$(convert_date "$CURRENT_DATE") PROCESSED_CONTENT=$(process_markdown "$CONTENT") # Create anchor-friendly date string with error checking ANCHOR_DATE=$(create_anchor "$CURRENT_DATE") if [ ! -z "$ANCHOR_DATE" ]; then cat >> "$OUTPUT_FILE" << EOF WarpBuild Updates - $CURRENT_DATE $FEED_LINK/$SLUG#$ANCHOR_DATE $FEED_LINK/$SLUG#$ANCHOR_DATE $RFC_DATE EOF fi fi CURRENT_DATE="${BASH_REMATCH[1]}" CONTENT="" elif [[ -n $line && ! $line =~ ^--- && ! $line =~ ^$ ]]; then CONTENT+="$line\n" fi done < "$file" # Process the last entry in the file if [ ! -z "$CURRENT_DATE" ] && [ ! -z "$CONTENT" ]; then RFC_DATE=$(convert_date "$CURRENT_DATE") echo "RFC_DATE: $RFC_DATE" PROCESSED_CONTENT=$(process_markdown "$CONTENT") ANCHOR_DATE=$(create_anchor "$CURRENT_DATE") if [ ! -z "$ANCHOR_DATE" ]; then cat >> "$OUTPUT_FILE" << EOF WarpBuild Updates - $CURRENT_DATE $FEED_LINK/$SLUG#$ANCHOR_DATE $FEED_LINK/$SLUG#$ANCHOR_DATE $RFC_DATE EOF fi fi done # Close RSS feed cat >> "$OUTPUT_FILE" << EOF EOF echo "RSS feed generated at $OUTPUT_FILE" ``` ## Example Markdown File Here's a snippet of the markdown file for the changelog: ```mdx --- title: "October 2024" slug: "2024-October" description: "List of updates in 2024-October" sidebar_position: -9 createdAt: "2024-10-04" updatedAt: "2024-10-29" --- ### October 29, 2024 - `Feature`: Custom VM images are now supported for GCP BYOC runners. ### October 21, 2024 - `Feature`: Ubuntu 24.04 arm64 runners are now supported natively as cloud runners as well as with AWS and GCP custom runners. These runners are compatible with GitHub's Ubuntu 24.04 arm64. Refer to [cloud runner labels](/cloud-runners#linux-arm64) for the full list of available labels. Refer to [this link](https://github.com/actions/partner-runner-images/blob/main/images/arm-ubuntu-24-image.md) for the details on the packaged tools. ### October 17, 2024 - `Enhancement`: The image for `macos-14` (https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20241007.259) has been updated. This fixes the issue with iOS 18 SDK and simulator not being available. ### October 15, 2024 - `Feature`: Docker Layer Caching is now available for GCP BYOC runners. - `Enhancement`: The images for `ubuntu-2204` for [x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20241006.1) for `arm64` architecture have been updated. - `Enhancement`: [ubuntu-2404 for x86-64](https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20241006.1) image has been updated. ### October 14, 2024 - `Enhancement`: BYOC features do not require a payment method to be added, by default. Credits can be used for BYOC runners. ### October 11, 2024 - `Pricing`: Cost for cache operations has been **reduced** from $0.001 to $0.0001 per operation. ### October 09, 2024 - `Feature`: GCP BYOC is now generally available. Read more here: [BYOC on GCP](/byoc/gcp). ### October 08, 2024 - `Enhancement`: The runner start times are now much faster, with a 90%ile of the start times being under 20 seconds. This is a a significant improvement over the previous 90%ile of 45 seconds. --- ``` ## Next steps It would be fantastic to have this as a Docusaurus plugin so it can be reused for other markdown pages. If you are interested in this, please let me know! The full script is available as a [GitHub Gist](https://gist.github.com/suryaoruganti/8f520335f3c9c9a705687ac6d3c47b9f). Example markdown file is available [here](https://gist.github.com/suryaoruganti/792b444fc1f2e1d12831712daf68de69). --- Use WarpBuild for blazing fast GitHub actions runners with superior job start times, caching backed by object storage, unlimited concurrency, and easy to use dashboards. Save 50-90% on your GitHub Actions costs while getting 10x the performance. Book a call or get started today! --- # A Complete Guide to Self-hosting GitHub Actions Runners URL: https://www.warpbuild.com/blog/self-hosting-github-actions Description: Comprehensive guide to self-hosting GitHub Actions runners on AWS --- title: "A Complete Guide to Self-hosting GitHub Actions Runners" excerpt: "A Complete Guide to Self-hosting GitHub Actions Runners" description: "Comprehensive guide to self-hosting GitHub Actions runners on AWS" date: "2024-04-29" author: surya_oruganti cover: "/images/blog/self-hosting-github-actions/cover.webp" --- # Self-Hosting GitHub Actions Runners on AWS: A Comprehensive Guide GitHub Actions has rapidly become a favourite tool for CI/CD, thanks to its seamless integration with GitHub repositories and its extensive marketplace of pre-built actions. However, in cases where you need more control over the environment, security, or costs, self-hosting your runners can be a beneficial strategy. AWS provides robust and scalable infrastructure that can be tailored to host self-managed GitHub Actions runners. In this blog post, we will explore various methods to deploy these runners on AWS, detailing the steps involved and discussing the pros and cons of each approach. ## Method 1: Using EC2 Instances One straightforward way to host GitHub Actions runners is by using Amazon EC2 instances. This method gives you full control over the compute environment. ### Steps #### 1. **Set Up an EC2 Instance** Start by launching an EC2 instance from the AWS Management Console or AWS CLI. An instance with 2 vCPUs and 4GB RAM (e.g., `t3.medium`) is a good starting point. Ensure the security group allows outbound connections to access GitHub and any other needed resources. Attach an EBS volume for persistent storage if required. 100GB is a good root volume size for most use cases. In this guide, we will use Ubuntu 22.04 as the base OS for the EC2 instance. #### 2. **Install GitHub Actions Runner** - Go to your GitHub organization's settings and then go to `Actions` `Runners`. Click on `New runner` and choose `New self-hosted runner`. Choose Linux as the OS and x64 as the architecture. ![alt text](/images/blog/self-hosting-github-actions/image.png) > You can directly go to the following URL (after replacing `ORG` with your GitHub organisation name) to get to the runner setup page along with the OS and architecture pre-selected: > `https://github.com/organizations/ORG/settings/actions/runners/new?arch=x64&os=linux` The configuration should look like this: ![GitHub new runner configuration screenshot](/images/blog/self-hosting-github-actions/image-1.png) [!NOTE] If you want to create a runner only for a specific repository, you can do so by going to the repository's settings and following the same steps. The direct link looks like this: > `https://github.com/ORG/REPO/settings/actions/runners/new?arch=x64&os=linux` - Follow the instructions on that page to download, configure and start the runner on your EC2 instance. [!TIP] Instead of starting the runner with `./run.sh`, you can run it as a service to ensure it starts automatically on boot and restarts if the app or the host machine crashes. After successfully configuring with the `config.sh` script, you get a `svc.sh` script that can be used to install the runner as a service: > ```sh sudo ./svc.sh install && sudo ./svc.sh start ``` > Learn more about running it as a service [here](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/configuring-the-self-hosted-runner-application-as-a-service?platform=linux). ### Pros - **Full Control**: Customize the OS, installed software, and hardware specifications as needed. - **Cost-Effective**: Particularly with spot instances or reserved instances for long-term use. ### Cons - **Maintenance Overhead**: Requires regular updates for said software and monitoring. - **Scalability Issues**: Manually managing multiple runners can be cumbersome. ### References - **AWS EC2**: https://aws.amazon.com/ec2/ - **Adding self-hosted GitHub Actions Runner**: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners ## Method 2: Using ECS (Elastic Container Service) ECS allows you to run containers directly and can be an efficient way to manage GitHub Actions runners, especially if you prefer using Docker containers. ### Steps #### 1. **Create a Docker Image** - **Dockerfile**: Create a Dockerfile that installs the GitHub Actions runner. The following Dockerfile installs the runner and its dependencies on an Ubuntu 22.04 base image. On container start, it registers a new runner with GitHub and starts the runner. ```dockerfile FROM amd64/ubuntu:22.04 RUN apt-get update && apt-get install -y curl sudo jq ADD https://github.com/actions/runner/releases/download/v2.316.0/actions-runner-linux-x64-2.316.0.tar.gz runner.tar.gz RUN newuser=runner && \ adduser --disabled-password --gecos "" $newuser && \ usermod -aG sudo $newuser && \ echo "$newuser ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers USER runner WORKDIR /home/runner RUN sudo mv /runner.tar.gz ./runner.tar.gz && \ sudo chown runner:runner ./runner.tar.gz && \ mkdir runner && \ tar xzf runner.tar.gz -C runner && \ rm runner.tar.gz WORKDIR /home/runner/runner RUN sudo ./bin/installdependencies.sh COPY start.sh start.sh ENTRYPOINT ["./start.sh"] ``` The above Dockerfile assumes that the following `start.sh` script is present in the same directory as the Dockerfile. ```bash #!/bin/bash set -euo pipefail check_env() { if [ -z "${GITHUB_PAT:-}" ]; then echo "Env variable GITHUB_PAT is required but not set" exit 1 fi if [ -z "${GITHUB_ORG:-}" ]; then echo "Env variable GITHUB_ORG is required but not set" exit 1 fi } register_runner() { local github_token=$(curl -sL \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_PAT" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/$GITHUB_ORG/actions/runners/registration-token | jq -r .token) ./config.sh --unattended --url https://github.com/$GITHUB_ORG --token $github_token } check_env register_runner ./run.sh ``` You can configure the runner name and labels by passing additional arguments to the `config.sh` script. For example, to set the runner name, use `--name RUNNER_NAME`. Use `./config.sh --help` to see all available options. Options are attached below for your reference: **Configuration Options** ```sh $ ./config.sh --help Commands: ./config.sh Configures the runner ./config.sh remove Unconfigures the runner ./run.sh Runs the runner interactively. Does not require any options. Options: --help Prints the help for each command --version Prints the runner version --commit Prints the runner commit --check Check the runner's network connectivity with GitHub server Config Options: --unattended Disable interactive prompts for missing arguments. Defaults will be used for missing options --url string Repository to add the runner to. Required if unattended --token string Registration token. Required if unattended --name string Name of the runner to configure (default mac) --runnergroup string Name of the runner group to add this runner to (defaults to the default runner group) --labels string Custom labels that will be added to the runner. This option is mandatory if --no-default-labels is used. --no-default-labels Disables adding the default labels: 'self-hosted,OSX,Arm64' --local Removes the runner config files from your local machine. Used as an option to the remove command --work string Relative runner work directory (default \_work) --replace Replace any existing runner with the same name (default false) --pat GitHub personal access token with repo scope. Used for checking network connectivity when executing `./run.sh --check` --disableupdate Disable self-hosted runner automatic update to the latest released version` --ephemeral Configure the runner to only take one job and then let the service un-configure the runner after the job finishes (default false) Examples: Check GitHub server network connectivity: ./run.sh --check --url Configure a runner non-interactively: ./config.sh --unattended --url Configure a runner non-interactively, replacing any existing runner with the same name: ./config.sh --unattended --url ] Configure a runner non-interactively with three extra labels: ./config.sh --unattended --url - Build the Docker image with an appropriate tag. ```sh docker build -t github-runner . ``` #### 2. **Push to ECR (Elastic Container Registry)** - **Create Repository**: Create a new repository in ECR from AWS Console or AWS CLI. - **Authenticate Docker**: Authenticate your Docker client to your default registry. ```sh aws ecr get-login-password --region YOUR_REGION | docker login --username AWS --password-stdin YOUR_ECR_REPOSITORY_URL ``` - **Tag and Push**: Tag your Docker image and push it to ECR. ```sh docker tag github-runner:latest YOUR_ECR_REPOSITORY_URL:YOUR_TAG docker push YOUR_ECR_REPOSITORY_URL:YOUR_TAG ``` #### 3. **Deploy on ECS** - **Create Cluster**: Set up an ECS cluster from the AWS Management Console or AWS CLI which uses `t3.medium` instances. Your infrastructure should look like this: ![ECS EC2 cluster configuration](/images/blog/self-hosting-github-actions/image-2.png) - Create a secret using AWS Secret Manager to store the GitHub PAT: ```sh aws secretsmanager create-secret --region us-east-2 --name github_runner_ecs_secrets --secret-string '{ "github_pat": "" }' ``` You can also store the GitHub organization name in the same secret or use it as an environment variable in the ECS task definition. - Create an ECS Task Execution role. The `executionRoleArn` field is required for tasks to interact with other AWS services. You can create a new role with the necessary permissions or use an existing one. Learn about the role and how to create it here: [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html#create-task-execution-role). You will also need to [create an inline policy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html#secrets-envvar-secrets-manager-iam) to allow the container to access the secret. - **Task Definition**: Create a new task definition in ECS that uses the Docker image pushed to ECR and the secret in the previous steps. Make sure to replace the placeholders with your actual values. ```json { "family": "github-runner", "executionRoleArn": "", "containerDefinitions": [ { "name": "github-runner", "image": ":", "memory": 4096, "cpu": 2048, "secrets": [ { "name": "GITHUB_PAT", "valueFrom": ":github_pat::" } ], "environment": [ { "name": "GITHUB_ORG", "value": "" } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-create-group": "true", "awslogs-group": "/ecs/github-runners", "awslogs-region": "", "awslogs-stream-prefix": "ecs" } } } ] } ``` - **Run Task**: Go to the task definition and select the first (or latest) revision. Click on `Deploy` and then `Create Service`. Choose the cluster you created earlier and select the cluster default capacity provider strategy. In the deployment configuration section give the service a name e.g., `github-runner-service` and choose an appropriate number of desired tasks (e.g., 3). Click on `Create Service` to deploy the tasks. ### Pros - **Scalability**: Easily scale out by adjusting the service's desired count. - **Isolation**: Runners operate in isolated environments, improving security. ### Cons - **Complexity**: Requires familiarity with Docker and AWS ECS. - **Costs**: Potentially higher costs depending on the ECS configuration and usage pattern. - **Runner Management**: Manually managing multiple runners can be cumbersome. ### References - **AWS ECS**: https://aws.amazon.com/ecs/ - **Docker Basics**: https://www.docker.com/101-tutorial - **AWS ECR**: https://aws.amazon.com/ecr/ - **Task Definitions in ECS**: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html ## Method 3: Using AWS Fargate AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). It abstracts the server and cluster management and provides a straightforward way to run containers. ### Steps ### 1. **Create and Push Docker Image** Follow the same initial steps as for ECS to create and push a Docker image. #### 2. **Configure Fargate Task** - **Fargate Task Definition**: Similar to ECS but select Fargate as the launch type. ```json { "requiresCompatibilities": ["FARGATE"], "executionRoleArn": "", "networkMode": "awsvpc", "cpu": "2048", "family": "github-runners", "memory": "4096", "containerDefinitions": [ { "name": "github-runner", "image": ":", "essential": true, "portMappings": [ { "containerPort": 80, "hostPort": 80 } ], "secrets": [ { "name": "GITHUB_PAT", "valueFrom": ":github_pat::" } ], "environment": [ { "name": "GITHUB_ORG", "value": "" } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-create-group": "true", "awslogs-group": "/ecs/github-runners", "awslogs-region": "", "awslogs-stream-prefix": "ecs" } } } ] } ``` #### 3. Deploy on Fargate - **Create Cluster**: Set up an ECS cluster with the Fargate launch type. - Create a service using the task definition created in the previous step. ### Pros - **Serverless**: No need to manage servers or clusters. - **Scalable and Isolated**: Automatically scales and provides high isolation. ### Cons - **Cost**: Can be expensive for high compute usage. - **Networking Limitations**: Requires good understanding of AWS VPC, subnets, and security groups. ### References - **AWS Fargate**: https://aws.amazon.com/fargate - **AWS ECS on Fargate**: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html # Advanced Methods for Self-Hosting GitHub Actions Runners on AWS Following up on our previous exploration of basic methods like using EC2, ECS, and AWS Fargate for hosting GitHub Actions runners, we now get into more sophisticated strategies. These involve Kubernetes solutions and Terraform modules, which can significantly streamline and enhance the management of GitHub runners at scale. ## Method 4: Using `actions-runner-controller` on EKS `actions-runner-controller` is a Kubernetes operator designed to automate the deployment, scaling, and management of GitHub Actions self-hosted runners within a Kubernetes cluster. It supports features like automatic scaling based on the number of queued jobs, which makes it highly efficient for dynamic CI/CD environments. ### Steps #### 1. **Set Up a Kubernetes Cluster** - Deploy a Kubernetes cluster using Amazon EKS. - Create a Node group with the desired instance type and capacity. As stated before, `t3.medium` instances are good enough for most use cases. ```sh eksctl create cluster \ --name You can adjust the `--nodes`, `--nodes-min`, and `--nodes-max` values based on your workload and scaling requirements. - Configure `kubectl` to communicate with your cluster: ```sh aws eks --region ``` #### 2. **Install `actions-runner-controller`** - Install and setup the controller using Helm: ```sh NAMESPACE="arc-systems" helm install arc \ --namespace "${NAMESPACE}" \ --create-namespace \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller ``` #### 3. Setup a runner scale set - Create a separate Kubernetes namespace for the runner pods: ```sh kubectl create namespace arc-runners ``` - Create a GitHub App that will be used to authenticate the runners. Install the app in your organization. - From the app's dashboard, generate a private key file (`*.pem`) and get the App ID. Get the installation ID from the app installation page's URL which is of the form: `https://github.com/organizations/ORGANIZATION/settings/installations/INSTALLATION_ID` For detailed instructions about the above two steps, follow the official documentation: [Authenticating ARC with a GitHub App](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api#authenticating-arc-with-a-github-app). - Store the app ID, installation ID and the private key in a Kubernetes secret: ```sh kubectl create secret generic github-secrets \ --namespace=arc-runners \ --from-literal=github_app_id=123456 \ --from-literal=github_app_installation_id=654321 \ --from-file=github_app_private_key=YOUR_APP_NAME.DATE.private-key.pem ``` - Configure a scale set for your organization or repo: ```sh INSTALLATION_NAME="arc-runner-set" NAMESPACE="arc-runners" GITHUB_ORG="YOUR_ORG" GITHUB_REPO="" # If you want to use a org-level runner, leave this empty helm upgrade --install "${INSTALLATION_NAME}" \ --namespace "${NAMESPACE}" \ --set githubConfigUrl="https://github.com/$GITHUB_ORG/$GITHUB_REPO" \ --set githubConfigSecret=github-secrets \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set ``` ### Pros - **Auto-Scaling**: The controller automatically adjusts the number of runners based on the workload. - **Efficiency**: Reduces costs by scaling down to zero when no jobs are queued. - **Security**: Uses GitHub App authentication for secure communication with least number of privileges. ### Cons - **Setup Complexity**: Requires a moderate understanding of Kubernetes and Helm. - **Overhead**: More Kubernetes resources to manage. - **GitHub App Configuration**: Setting up the GitHub App can be a bit involved. ### References - **actions-runner-controller GitHub**: https://github.com/actions/actions-runner-controller - **Helm Installation**: https://helm.sh/docs/intro/install - **GitHub Apps**: https://docs.github.com/en/apps ## Method 5: Philips Terraform Module The Philips software team has developed a Terraform module specifically for deploying self-hosted GitHub Actions runners on AWS. ### Steps #### 1. **Set Up Terraform** - Ensure Terraform is installed and configured to manage your AWS resources. #### 2. **Use the Philips Module** - **Write Configuration**: Define your Terraform configuration using the Philips module. ```hcl module "github-runner" { source = "philips-labs/github-runner/aws" version = "REPLACE_WITH_VERSION" aws_region = "eu-west-1" vpc_id = "vpc-123" subnet_ids = ["subnet-123", "subnet-456"] prefix = "gh-ci" github_app = { key_base64 = "base64string" id = "1" webhook_secret = "webhook_secret" } webhook_lambda_zip = "lambdas-download/webhook.zip" runner_binaries_syncer_lambda_zip = "lambdas-download/runner-binaries-syncer.zip" runners_lambda_zip = "lambdas-download/runners.zip" enable_organization_runners = true } ``` - **Initialize and Apply**: Initialize Terraform and apply the configuration to set up the runners. ```sh terraform init terraform apply ``` ### Pros - **Infrastructure as Code**: Easy versioning, auditing, and replication of infrastructure. - **Scalable and Flexible**: Easily adjust settings and scale resources through code. ### Cons - **Initial Learning Curve**: Requires understanding of Terraform and AWS. - **Terraform Management**: Need to manage Terraform state and possibly costs associated with state storage. ### References - **Philips Labs GitHub Runner Module**: https://github.com/philips-labs/terraform-aws-github-runner - **Terraform AWS Provider**: https://registry.terraform.io/providers/hashicorp/aws/latest/docs ## Method 6: Self-Hosting on Kubernetes Deploying directly on a Kubernetes cluster gives you full control over the environment and may reduce costs compared to using Fargate. ### Steps #### 1. **Prepare the Kubernetes Cluster** - Set up a Kubernetes cluster on AWS, either through EKS or manually with EC2 instances. #### 2. **Deploy Runner Manually** - **Create Docker Image**: Build and push the Docker image just as you did [when setting up ECS](#method-1-using-ec2-instances). - **Add Secrets**: Store the GitHub PAT in a Kubernetes secret: ``` kubectl create secret generic github-secrets --from-literal=github_pat= ``` - **Deploy Pods**: Write Kubernetes deployment manifests to specify the pods that will run the GitHub runners. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: github-runner spec: replicas: 2 selector: matchLabels: app: github-runner template: metadata: labels: app: github-runner spec: containers: - name: runner image: env: - name: GITHUB_PAT valueFrom: secretKeyRef: name: github-secrets key: github_pat - name: GITHUB_ORG value: ``` ### Pros - **Complete Control**: Full control over the Kubernetes cluster and how it scales. - **Cost-Effective**: Potentially lower costs by managing the underlying resources yourself. ### Cons - **Complex Configuration**: Requires detailed knowledge of Kubernetes. - **Maintenance**: You are responsible for all updates, scaling, and health monitoring. # Conclusion Self-hosting GitHub Actions runners on AWS provides flexibility, control, and potential cost savings, especially for complex workflows that require specific configurations. By choosing the appropriate AWS service-be it EC2, ECS, or Fargate-you can optimize your CI/CD pipeline according to your project's needs. Each method has its trade-offs in terms of complexity, cost, and scalability. Therefore, it's crucial to evaluate your requirements and expertise in AWS services when deciding the best approach for self-hosting GitHub Actions runners. WarpBuild provides runners with high performance processors, which are optimized for CI and build workloads with fast disk IO and improved caching. [Get started](https://app.warpbuild.com) today. --- # Self-host GitHub Actions runners with Actions Runner Controller (ARC) on AWS URL: https://www.warpbuild.com/blog/setup-actions-runner-controller Description: Self-host GitHub Actions runners with Actions Runner Controller (ARC) on AWS. Includes terraform code, and production ready configurations for `arc` and `karpenter`. --- title: "Self-host GitHub Actions runners with Actions Runner Controller (ARC) on AWS" excerpt: "Self-host GitHub Actions runners with Actions Runner Controller (ARC) on AWS. Includes terraform code, and production ready configurations for `arc` and `karpenter`." description: "Self-host GitHub Actions runners with Actions Runner Controller (ARC) on AWS. Includes terraform code, and production ready configurations for `arc` and `karpenter`." date: "2024-11-06" author: surya_oruganti cover: "/images/blog/setup-actions-runner-controller/cover.png" --- This post details setting up GitHub Actions Runners using ARC (Actions Runner Controller) on AWS using EKS. This includes terraform code for provisioning the infrastructure and a custom runner image for runners. It also includes optimizations for cost and performance using Karpenter for autoscaling and other best practices. ## Setup We setup Karpenter v1.0.2 and EKS using Terraform to provision the infrastructure. Complete setup code is available here: [https://github.com/WarpBuilds/github-arc-setup](https://github.com/WarpBuilds/github-arc-setup) ### EKS Cluster Setup The EKS cluster was provisioned using Terraform and runs on Kubernetes v1.30. A key aspect of our setup was using a dedicated node group for essential add-ons, keeping them isolated from other workloads. The `default-ng` node group utilizes `t3.xlarge` instance types, with taints to ensure that only critical workloads, such as Networking, DNS management, Node management, ARC controllers etc. can be scheduled on these nodes. ```hcl module "eks" { source = "terraform-aws-modules/eks/aws" cluster_name = local.cluster_name cluster_version = "1.30" cluster_endpoint_public_access = true cluster_addons = { coredns = {} eks-pod-identity-agent = {} kube-proxy = {} vpc-cni = {} } subnet_ids = var.private_subnet_ids vpc_id = var.vpc_id eks_managed_node_groups = { default-ng = { desired_capacity = 2 max_capacity = 5 min_capacity = 1 instance_types = ["t3.xlarge"] subnet_ids = var.private_subnet_ids taints = { addons = { key = "CriticalAddonsOnly" value = "true" effect = "NO_SCHEDULE" } } } } node_security_group_tags = merge(local.tags, { "karpenter.sh/discovery" = local.cluster_name }) enable_cluster_creator_admin_permissions = true tags = local.tags } ``` #### Private Subnets and NAT Gateway The EKS nodes are in private subnets, allowing them to communicate with external resources through a NAT Gateway. This configuration ensures node connectivity without exposing them directly to external traffic. ### Karpenter for Autoscaling Karpenter provides fast and flexible autoscaling of the nodes to optimize cost and resource efficiency. We explore a few variations of configuration to reduce over-provisioning and unnecessary costs. - [**Karpenter v1.0.2**](https://karpenter.sh/): We chose the latest version of karpenter at the time of writing. - **Amazon Linux 2023 (AL2023)**: The default NodeClass provisions nodes with AL2023, and each node is configured with 300GiB of EBS storage. This additional storage is crucial for workloads that require high disk usage, such as CI/CD runners, preventing out-of-disk errors commonly encountered with default node storage (17GiB). This needs to be increased based on the number of jobs expected to run on a node in parallel. - **Private Subnet Selection**: The NodeClass is configured to use the private subnets created earlier. This ensures that nodes are spun up in a secure, isolated environment, consistent with the EKS cluster's network setup. - [**m7a Node Families**](https://aws.amazon.com/ec2/instance-types/m7a/): Using the NodePool resource, we restricted node provisioning to the m7a instance family. These instances were chosen for their performance-to-cost efficiency and are only provisioned in the us-east-1a and us-east-1b Availability Zones. - **On-demand Instances**: While Karpenter supports Spot Instances for cost savings, we opted for on-demand instances for an equivalent cost comparison. - **Consolidation Policy**: We configured a 5-minute consolidation delay, preventing premature node terminations that could disrupt workflows. Karpenter will only consolidate nodes once they are underutilized for at least 5 minutes, ensuring stable operations during peak workloads. ```hcl module "karpenter" { source = "terraform-aws-modules/eks/aws//modules/karpenter" cluster_name = module.eks.cluster_name enable_pod_identity = true create_pod_identity_association = true create_instance_profile = true node_iam_role_additional_policies = { AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } tags = local.tags } resource "helm_release" "karpenter-crd" { namespace = "karpenter" create_namespace = true name = "karpenter-crd" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter-crd" version = "1.0.2" wait = true values = [] } resource "helm_release" "karpenter" { depends_on = [helm_release.karpenter-crd] namespace = "karpenter" create_namespace = true name = "karpenter" repository = "oci://public.ecr.aws/karpenter" chart = "karpenter" version = "1.0.2" wait = true skip_crds = true values = [ <<-EOT serviceAccount: name: ${module.karpenter.service_account} settings: clusterName: ${module.eks.cluster_name} clusterEndpoint: ${module.eks.cluster_endpoint} EOT ] } resource "kubectl_manifest" "karpenter_node_class" { yaml_body = <<-YAML apiVersion: karpenter.k8s.aws/v1beta1 kind: EC2NodeClass metadata: name: default spec: amiFamily: AL2023 detailedMonitoring: true blockDeviceMappings: - deviceName: /dev/xvda ebs: volumeSize: 300Gi volumeType: gp3 deleteOnTermination: true iops: 5000 throughput: 500 instanceProfile: ${module.karpenter.instance_profile_name} subnetSelectorTerms: - tags: karpenter.sh/discovery: ${module.eks.cluster_name} securityGroupSelectorTerms: - tags: karpenter.sh/discovery: ${module.eks.cluster_name} tags: karpenter.sh/discovery: ${module.eks.cluster_name} Project: arc-test-praj YAML depends_on = [ helm_release.karpenter, helm_release.karpenter-crd ] } resource "kubectl_manifest" "karpenter_node_pool" { yaml_body = <<-YAML apiVersion: karpenter.sh/v1beta1 kind: NodePool metadata: name: default spec: template: spec: tags: Project: arc-test-praj nodeClassRef: name: default requirements: - key: "karpenter.k8s.aws/instance-category" operator: In values: ["m"] - key: "karpenter.k8s.aws/instance-family" operator: In values: ["m7a"] - key: "karpenter.k8s.aws/instance-cpu" operator: In values: ["4", "8", "16", "32", "64"] - key: "karpenter.k8s.aws/instance-generation" operator: Gt values: ["2"] - key: "topology.kubernetes.io/zone" operator: In values: ["us-east-1a", "us-east-1b"] - key: "kubernetes.io/arch" operator: In values: ["amd64"] - key: "karpenter.sh/capacity-type" operator: In values: ["on-demand"] limits: cpu: 1000 disruption: consolidationPolicy: WhenEmpty consolidateAfter: 5m YAML depends_on = [ kubectl_manifest.karpenter_node_class ] } ``` **Variant #2:** We also ran another setup with a single job per node to compare the performance and cost implications of running multiple jobs on a single node. ```diff - key: "karpenter.k8s.aws/instance-cpu" - operator: In - values: ["4", "8", "16", "32", "64"] + key: "karpenter.k8s.aws/instance-cpu" + operator: In + values: ["8"] ``` ### Actions Runner Controller and Runner Scale Set Once Karpenter was configured, we proceeded to set up the GitHub Actions Runner Controller (ARC) and the Runner Scale Set using Helm. The ARC setup was deployed with Helm using the following command and values: ```bash helm upgrade arc \ --namespace "${NAMESPACE}" \ oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set-controller \ --values runner-set-values.yaml --install ``` ```yaml tolerations: - key: "CriticalAddonsOnly" operator: "Equal" value: "true" effect: "NoSchedule" ``` This configuration applies tolerations to the controller, enabling it to run on nodes with the `CriticalAddonsOnly` taint i.e. `default-ng` nodegroup, ensuring it doesn't interfere with other runner workloads. Next, we set up the Runner Scale Set using another Helm command: ```bash helm upgrade warp-praj-arc-test oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set --namespace ${NAMESPACE} --values values.yaml --install ``` The key points for our Runner Scale Set configuration: - **GitHub App Integration**: We connected our runners to GitHub via a GitHub App, enabling the runners to operate at the organization level. - **Listener Tolerations**: Like the controller, the listener template also included tolerations to allow it to run on the `default-ng` node group. - **Custom Image for Runners**: We used a custom Docker image for the runner pods (detailed in the next section). - **Resource Requirements**: To simulate high-performance runners, the runner pods were configured to require 8 CPU cores and 32 GiB of RAM, which aligns with the performance of an 8x runner used in the workflows. ```yaml githubConfigUrl: "https://github.com/Warpbuilds" githubConfigSecret: github_app_id: "" github_app_installation_id: "" github_app_private_key: | -----BEGIN RSA PRIVATE KEY----- [your-private-key-contents] -----END RSA PRIVATE KEY----- github_token: "" listenerTemplate: spec: containers: - name: listener securityContext: runAsUser: 1000 tolerations: - key: "CriticalAddonsOnly" operator: "Equal" value: "true" effect: "NoSchedule" template: spec: containers: - name: runner image: command: ["/home/runner/run.sh"] resources: requests: cpu: "4" memory: "16Gi" limits: cpu: "8" memory: "32Gi" controllerServiceAccount: namespace: arc-systems name: arc-gha-rs-controller ``` ### Custom Image for Runner Pods By default, the Runner Scale Sets use GitHub's official `actions-runner` image. However, this image doesn't include essential utilities such as wget, curl, and git, which are required by various workflows. To address this, we created a custom Docker image based on GitHub's runner image, adding the necessary tools. This image was hosted in a public ECR repository and was used by the runner pods during our tests. The custom image allowed us to run workflows without missing dependencies and ensured smooth execution. ```dockerfile FROM ghcr.io/actions/actions-runner:2.319.1 RUN sudo apt-get update && sudo apt-get install -y wget curl unzip git RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/* ``` This approach ensures that our runners were always equipped with the required utilities, preventing errors and reducing friction during the workflow runs. ### Tagging Infrastructure for Cost Tracking In order to track costs effectively during the ARC setup, the infra resources created with this process are tagged, along with collecting hourly data. AWS Cost Explorer allows us to monitor and attribute costs to specific resources based on these tags. This was essential for calculating the true cost of running ARC, with all costs like EC2, EBS, VPC, S3, NAT Gateway, data ingress/egress etc. included. ## Running workflows We use `PostHog` OSS as an example repo to demonstrate the cost comparison on real world use cases over 960 jobs. The duty cycle is a representative 2 hour period, where there is a continuous load of commits, each triggering a job every few minutes. ### PostHog's Frontend CI Workflow To simulate real-world use-case, we leveraged PostHog's Frontend CI workflow. This workflow is designed to run a series of frontend checks, followed by two sets of jobs: one for code quality checks and another for executing a matrix of Jest tests. You can view the workflow file here: [PostHog Frontend CI Workflow](https://github.com/WarpBuilds/posthog/blob/master/.github/workflows/ci-frontend.yml) ### Auto-Commit Simulation Script To ensure continuous triggering of the Frontend CI workflow, we developed an automated commit script in JavaScript. This script generates commits every minute on the forked PostHog repository, which in turn triggers the CI workflow. The script is designed to run for two hours, ensuring a consistent workload over an extended period for accurate cost measurement. The results were then analyzed to compare the costs of using ARC versus WarpBuild's BYOC runners. Commit simulation script: ```javascript const { exec } = require("child_process"); const fs = require("fs"); const path = require("path"); const repoPath = "arc-setup/posthog"; const frontendDir = path.join(repoPath, "frontend"); const intervalTime = 1 * 60 * 1000; // Every Minute const maxRunTime = 2 * 60 * 60 * 1000; // 2 hours const setupGitConfig = () => { exec('git config user.name "Auto Commit Script"', { cwd: repoPath }); exec('git config user.email "auto-commit@example.com"', { cwd: repoPath }); }; const makeCommit = () => { const logFilePath = path.join(frontendDir, "commit_log.txt"); // Create the frontend directory if it doesn't exist if (!fs.existsSync(frontendDir)) { fs.mkdirSync(frontendDir); } // Write to commit_log.txt in the frontend directory fs.appendFileSync( logFilePath, `Auto commit in frontend at ${new Date().toISOString()}\n`, ); // Add, commit, and push changes exec(`git add ${logFilePath}`, { cwd: repoPath }, (err) => { if (err) return console.error("Error adding file:", err); exec( `git commit -m "Auto commit at ${new Date().toISOString()}"`, { cwd: repoPath }, (err) => { if (err) return console.error("Error committing changes:", err); exec("git push origin master", { cwd: repoPath }, (err) => { if (err) return console.error("Error pushing changes:", err); console.log("Changes pushed successfully"); }); }, ); }); }; setupGitConfig(); const interval = setInterval(makeCommit, intervalTime); // Stop the script after 2 hours setTimeout(() => { clearInterval(interval); console.log("Script completed after 2 hours"); }, maxRunTime); ``` ## Results ### Performance and Scalability The following metrics showcase the average time taken by ARC Runners for jobs in the Frontend-CI workflow. All the jobs are run on the same underlying CPU family (m7a) and request the same amount of resources (vcpu and memory). | **Test** | **ARC (Varied Node Sizes)** | **ARC (1 Job Per Node)** | | ----------------------- | --------------------------- | ------------------------ | | **Code Quality Checks** | ~9 minutes 30 seconds | ~7 minutes | | **Jest Test (FOSS)** | ~2 minutes 10 seconds | ~1 minute 30 seconds | | **Jest Test (EE)** | ~1 minute 35 seconds | ~1 minute 25 seconds | ARC runners with varied node sizes exhibited slower performance primarily because multiple runners shared disk and network resources on the same node, causing bottlenecks despite larger node sizes. To address these bottlenecks, we tested a **1 Job Per Node** configuration with ARC, where each job ran on its own node. This approach significantly improved performance. However, it introduced higher job start delays due to the time required to provision new nodes. > Note: Job start delays are directly influenced by the time needed to provision a new node and pull the container image. Larger image sizes increase pull times, leading to longer delays. If the image size is reduced, additional tools would need to be installed during the action run, increasing the overall workflow run time. > > Node spin up and image pull takes ~45s to 1.5m for `arc` runners. This is a significant overhead for workflows that run multiple jobs. Using ### Cost Comparison | **Category** | **ARC (Varied Node Sizes)** | **ARC (1 Job Per Node)** | | ------------------ | --------------------------- | ------------------------ | | **Total Jobs Ran** | 960 | 960 | | Node Type | m7a (varied vCPUs) | m7a.2xlarge | | Max K8s Nodes | 8 | 27 | | Storage | 300GiB per node | 150GiB per node | | IOPS | 5000 per node | 5000 per node | | Throughput | 500Mbps per node | 500Mbps per node | | Compute | $27.20 | $22.98 | | EC2-Other | $18.45 | $19.39 | | VPC | $0.23 | $0.23 | | S3 | $0.001 | $0.001 | | **Total Cost** | **$45.88** | **$42.60** | The cost comparison shows that ARC with 1 job per node is more cost effective than ARC with varied node sizes. This is also the more performant setup. ## Conclusion ARC provides a flexible and scalable solution for running GitHub Actions workflows. It is important to configure it correctly to avoid performance bottlenecks and optimize costs. However, it comes with operational overhead (kubernetes cluster management, terraform, etc.) and continuous maintenance for maintenance at scale and keeping the runner binaries updated. Despite these challenges, ARC is a powerful tool for running GitHub Actions workflows at scale being 10x cheaper than the default Github Actions runners. --- WarpBuild provides the same flexibility as actions-runner-controller but with none of the operational complexity. WarpBuild runners are also more cost effective than ARC runners, with a ~41% cost saving. > Get started with WarpBuild in ~3 minutes for faster job start times, caching backed by object storage, and easy to use dashboards. [Book a call](https://cal.com/suryao/start) or [get started](https://app.warpbuilds.com) today! --- # Supercharge your CI with Snapshot Runners URL: https://www.warpbuild.com/blog/snapshot-runners Description: WarpBuild introduces new Snapshot Runners --- title: "Supercharge your CI with Snapshot Runners" excerpt: "Snapshot Runners for GitHub Actions" description: "WarpBuild introduces new Snapshot Runners" date: "2024-09-12" author: prajjwal_dimri cover: "/images/blog/snapshot-runners/cover.webp" --- ## Why Local Builds and Tests Are Faster than CI Developers often experience faster builds locally compared to their CI systems, largely because their local machine has cached dependencies, libraries, and other artifacts. Every CI runner starts fresh, losing this advantage. This disparity in build times can cause frustration and delay continuous integration and deployment workflows. ## Caching in CI Runners CI builds can be sped up by caching dependencies, Docker layers, and other artifacts. However, traditional CI caching mechanisms can't fully replicate the performance of local builds due to the limitations of what can be cached. ## Enter Snapshot Runners Snapshot Runners offer a more powerful caching approach. Instead of relying on external caches, Snapshot Runners capture a complete snapshot of the VM runner just before it exits. This snapshot includes all dependencies, build caches, and system-level optimizations, allowing subsequent runners to start with a fully primed environment. This drastically reduces initialization time and improves overall build performance. ## Seamlessly Integrate Snapshot Runners into Your CI Pipelines Integrating Snapshot Runners into your existing workflows is easy. Simply change the warp runner in `runs-on` to have a `snapshot.key` parameter. This key is used to identify the snapshot and load it into the runner. ```diff - runs-on: "warp-ubuntu-latest-x64-4x" + runs-on: "warp-ubuntu-latest-x64-4x;snapshot.key=pocketbase-snp-warp" ``` Also, add the [`WarpBuilds/snapshot-save@v1`](https://github.com/WarpBuilds/snapshot-save) action at the end of your workflow or at the point where you want to create the snapshot. > It is recommended to clean up all credentials and sensitive information before creating a snapshot. Here's an example workflow which we modified to use snapshot runners. This is the basebuild action for Pocketbase, a popular open-source project. ```yaml name: basebuild on: pull_request: push: jobs: goreleaser: runs-on: "warp-ubuntu-latest-x64-4x;snapshot.key=pocketbase-snp-warp" steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Log GitHub context uses: actions/github-script@v7 with: script: | console.log('GitHub context:', context); core.debug('Full GitHub context object:'); core.debug(JSON.stringify(context, null, 2)); - name: Set up Node.js uses: WarpBuilds/setup-node@v4 with: node-version: 20.11.0 - name: Ensure GCC is installed run: | if ! command -v gcc &> /dev/null then echo "GCC could not be found, installing..." sudo apt-get update sudo apt-get install -y gcc else echo "GCC is already installed" fi - name: Set up Go uses: WarpBuilds/setup-go@v5 with: go-version: ">=1.22.5" cache: false - name: Build Admin dashboard UI run: npm --prefix=./ui ci && npm --prefix=./ui run build - name: Run tests run: go test ./... - name: Run GoReleaser uses: goreleaser/goreleaser-action@v3 with: distribution: goreleaser version: latest args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create snapshot if: github.event_name == 'push' uses: WarpBuilds/snapshot-save@v1 with: wait-timeout-minutes: 30 fail-on-error: "false" alias: "pocketbase-snp-warp" ``` ## Benchmarks We modified some popular CI workflows to use Snapshot Runners. Here are the results: | Workflow | GitHub Time | Snapshot Runner Time | | ------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Pocketbase Build | 7 to 8 minutes | 3m19s (includes 1m1s snapshot creation) | | Supabase Playwright Tests | 5m25s | 4m56s (includes 1 minute of snapshot creation) | | Flux Build and Test | 20m23s | 14m28s | ## Common Pitfalls and Best Practices ### Network attached disks Currently, snapshot runners use a network attached disk which might perform worse than Warpbuild's [cache action](https://github.com/WarpBuilds/cache) in case of large number of files. For large directories like node_modules, it may be better to use cache action instead of relying on files in snapshot. Combine both of these approaches based on your use case. ### Refreshing Snapshots While Snapshot Runners can store everything from previous builds, it is a good idea to refresh the base snapshot periodically to prevent outdated or unnecessary artifacts from accumulating. The snapshot can be refreshed by using the `snapshot-save` action with the same key. ### Runner Compatibility Snapshot runners are a WarpBuild exclusive feature and works only with WarpBuild Runners. Get Started with [WarpBuild](https://warpbuild.com). --- # WarpBuild's SOC 2 Certification URL: https://www.warpbuild.com/blog/soc2 Description: Another step in our commitment to security and trust. This post details our learnings from the SOC 2 certification process. --- title: "WarpBuild's SOC 2 Certification" excerpt: "WarpBuild's SOC 2 Certification" description: "Another step in our commitment to security and trust. This post details our learnings from the SOC 2 certification process." date: "2024-09-26" author: surya_oruganti cover: "/images/blog/soc2/cover.png" --- SOC 2 Type II certification is a significant milestone for WarpBuild, demonstrating our commitment to security and trust. It is especially important for us as we continue to onboard new customers of all sizes, many requiring SOC 2 certification. ## What is SOC 2 Certification? SOC 2 certification is a widely recognized standard for evaluating the security and controls of a company's information systems. It is a voluntary process that requires a company to undergo an audit by an independent third-party auditor. The audit evaluates the company's controls over security, availability, processing integrity, confidentiality, and privacy of customer data. ### Who certifies this? The American Institute of Certified Public Accountants (AICPA) is the organization that oversees the SOC 2 certification process. The AICPA has developed the SOC 2 standard, which is used by auditors to evaluate the security and controls of a company's information systems. ### Types of SOC 2 certifications There are two types of SOC 2 certifications: - SOC 2 Type I: Focuses on the design of controls at a specific point in time. This is a one-time audit that evaluates the company's controls over a specific period of time. This is typically used for organizations that are just starting to implement security controls and want to demonstrate that they have a basic level of security in place. - SOC 2 Type II: Evaluates the operating effectiveness of controls over a period (typically 3-12 months). This is a more comprehensive audit that evaluates the company's controls over a longer period of time, typically 3 months to one year. This is typically used for organizations that have been in operation for a while and want to demonstrate that they have a more comprehensive level of security in place. ### Security questionnaire as a stop-gap solution Many companies use a security questionnaire to assess the security of a company's information systems. This is a more informal process than SOC 2 certification but could unblock the procurement process. Some companies can send a security questionnaire from their compliance tool. I've found that a standard questionnaire like this is a good option for minimizing effort: 1. [Whistic](https://www.whistic.com/) can help centralize security questionnaires and posture reports. IMO, it is overkill for a stop-gap solution. 1. [CAIQ Lite v4](https://cloudsecurityalliance.org/artifacts/ccm-lite-and-caiq-lite-v4/) is a fantastic option in a spreadsheet format. ## Who is this for? Most B2B companies require SOC 2 certification as a part of the procurement process. Financial institutions, healthcare providers, and other organizations that are subject to regulatory requirements usually have additional compliance requirements such as HIPAA and PCI DSS, apart from SOC 2 certification. ### Do you really, really need SOC 2 certification? The founder of a SOC 2 audit company advised me to not do SOC 2 certification until we had a few customers who refuse to sign up without the certification. If you are targeting SMB customers exclusively or your customers are not regulated, evaluate if you can skip SOC 2 certification. Evaluate if a standard security questionnaire will suffice instead. This can be a good option as a short-term solution while you are in the process of getting SOC 2 certification. ### General thoughts 1. Once you decide SOC 2 is mandatory, start immediately - Start the SOC 2 certification process as early as possible. It gets more complex as the company grows - both in terms of the number of users and the number of services. - The $ cost and the effort required, both increase as the company grows. 1. SOC 2 certification is not going to get you new customers. - It will only help resolve some blockers during the procurement process. 1. SOC 2 Type I certification is useful if you desperately need to onboard a customer. It's a waste of time and money in most cases. ## Evaluating compliance automation tools I spoke to a few compliance automation companies. Here are the dimensions that matter: 1. **Product**: The tool should be able to automate the evidence collection along with the flexibility to adapt to your internal processes. Most tools will cite 80-95% automation. - There is always a manual effort involved in the certification process, so good support is a must. IMO, support >> product automation. - Integration with AWS, Azure, and GCP is a must, along with Github, and other common tools. Existence of these common integrations is table stakes. However, the quality of the integrations is not obvious before sign-up. - I was not very impressed with the quality of integrations with Sprinto but they made up for that with a good support team. 1. **Cost**: Most companies are flexible on their pricing, especially if you get into multi--year contracts. A good hack is to start the process at the end of the quarter so that you can get a discount. - Generally, the cost order is: Drata ~ Oneleet > Secureframe > Vanta > Sprinto 1. **Documentation**: Guides and documentation on how to use the tool are useful in saving time. 1. **Auditor Network**: A company that has a network of auditors that they already work with makes the transfer of evidence from tool to auditor seamless. This generally is not an issue. - Sprinto gets an extra point because they have auditors who can support a wider budget range than the others. 1. **Support and Responsiveness**: There are a LOT of back and forths during the setup, evidence collection, and audit processes. This is a big deal. It could add weeks to the process if the support folks are not responsive. - Sprinto was upfront about having very hands-on support. This was a very good thing in hindsight. - Support was on Slack Connect and ready to hop on a call quickly for unblocking issues. - Evaluating this is only possible after signing up. I spoke to users of other products and generally found that most companies have mediocre support, with the exception of Oneleet. Here's my evaluation matrix: | Criterion // Company | Secureframe | Vanta | Drata | Sprinto | Oneleet | | -------------------------- | ----------- | ---------- | -------- | ---------- | -------- | | Cost | ⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | | Product and Integrations | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐ | ❓ | | Documentation | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ❓ | | Auditor Network | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | | Support and Responsiveness | ❓ | ❓ | ❓ | ⭐⭐⭐⭐⭐ | ❓ | ❓ = Not evaluated ### Other considerations 1. The auditor reputation supposedly matters, for certain customers. Pick an auditor that has a good reputation. 1. Some companies charge extra for enabling a Trust Center. 1. Oneleet is rather unique: - They are much smaller than the other companies and the founders are very involved. This leads to generally better support. - They claim to actually help your team implement a good security program and improve the security posture of the company. This **should** be obvious table stakes for any compliance automation company. That it is a differentiator for Oneleet speaks to the general state of the industry. ## Our choice: Sprinto and Prescient I chose Sprinto because of their hands on support and they were the cheapest option. Prescient were our auditors. They have a good reputation from what I could find from other founders. ## Process This section is specific to our experience with Sprinto. For context, we are a small team of 5 people. Our infrastructure is multi-cloud, with AWS hosting most of our infra and some spread across GCP, Azure, and Mac Stadium. This could change in the future. ### Audit Readiness: Evidence Collection We are an engineering focused team and we have a lot of the best practices in place. That helped us quite a bit. Here are the interesting things about the certification process that stood out to me: 1. It requires at least 2 people to be involved in the process, as a part of some checks. 1. A pen-test is recommended but not mandatory for the SOC 2 Type II certification. This comes at an additional cost for most providers. 1. We did not have a tool in place for MDM (Mobile Device Management) before the audit and needed to get that sorted. 1. It is important for the production environments and customer data to be kept secure. We had most of these in place, so it was relatively easy. - Tag all infra with the environment details. - Having fewer environments makes this process much simpler. - We do not have a requirement to replicate data across environments. This made our data posture much simpler. - Ensure all prod DBs and data are in private VPCs and not publicly accessible. 1. We set up Cloudflare for WAF. The paid plan comes with default protection rules which are quite valuable. This was a good option given we are multi-cloud. The DDoS protection is very helpful, and free. 1. Setting up an Intrusion Detection System (IDS) was tricky - there is a non-trivial cost associated with this. We decided to use the cloud specific options because of ease of setup. We will revisit this later. 1. This was a forcing function for formalizing the incident response process and exercises for backup-restore. 1. Github Team plan is the minimum required. We were on the Enterprise plan with most of the checks already in place. ### Sprinto: Product Review ⭐⭐ The Sprinto product is quite basic, but it works well when coupled with responsive support. A lot of actions are much easier to do in the backend by support than in the UI. Here are some observations: 1. The UI is dated, and laggy. There are lots of modals, drawers, and popups. Contents do not update after an action and need page refreshes. This was very frustrating. 1. The integrations with AWS, GCP, Azure, and Cloudflare are basic. The refresh intervals are slow (~once a day) and can be slow to update. 1. Github integration was pretty poor. Repo rules set at the org level were not reflected. - Bulk updates are not possible. - Automated commits by a bot for GitOps were being flagged as commits without review. Our current process is that support bulk updates it in the backend once a week. 1. The Trust Center design could be better, but it comes at no additional cost. 1. The documentation is passable. The fact that we has a Slack Connect with support and could offload a bunch of tasks to them was a huge plus. ### Cost You can expect to spend ~$8-10k for the first year, split half and half between Sprinto and the auditor. Some of the product and auditor combinations go up to $15k. You're being ripped off if you spend more than that as a company of less than 50 people. Getting a SOC 2 Type I certification costs ~$2-4k more. ### Timeline | Date | Event | Notes | | ------------------ | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | | March 21-28 | Calls with various compliance automation companies. | Sales teams across the board are really responsive. | | March 29 | Signed up with Sprinto | - | | April 02 | Got access to Sprinto dashboard | - | | April 02 | Call with Onboarding Manager | My onboarding manager was fantastic - super knowledgeable and responsive. | | April 03 to May 13 | Getting the compliance checklists in-place | This could have been ~2 weeks faster, but we were occupied with product releases. | | May 13 to Aug 13 | Evidence collection period | Found multiple rough edges with the product integrations that were annoying, but support helped resolve things quickly. | | Aug 20 | Auditors got access to Sprinto evidence | This was entirely avoidable. | | Aug 20-28 | Auditor evidence review: Testing | Initial review and questions. The timeline given was 4-6 weeks after the testing period. | | Aug 28 - Sep 18 | Auditor evidence review: Finalization | Following up every 2-3 days and lots more back and forth with auditors about the evidence. | | Sep 19 - Sep 23 | Draft SOC 2 Type II report review | I reviewed it thoroughly and corrected errors in the draft report. | | Sep 24 | WarpBuild is SOC 2 Type II Certified | The final report was e-signed and issued. | | Sep 25 | WarpBuild Trust Center Setup | The trust center was set up and the SOC 2 Type II report was published. SOC 2 logo is updated on the website. | 1. Connect the Sprinto POCs to the audit team. It helps getting people aligned. 1. 1-2 weeks before the end of the evidence collection window, send a reminder email to Sprinto POCs and the audit team. Auditors could be busy with other engagements, so the heads up will help. ## Final thoughts The overall process took ~6months. In the best case, it could have been ~4.5 months, practically. We had to spend ~7 days of engineering time to get the compliance checklists in place. It was a conscious effort to ensure that the team is not burdened with the compliance process and I went through every policy document in detail to ensure that. We took this opportunity to ensure we had lightweight processes for best practices that we didn't previously have. WarpBuild is now SOC 2 Type II certified, with unqualified opinion attestation (that's a good thing). --- WarpBuild provides Github actions runner infrastructure for optimized CI with fast disk IO and improved caching. You can run this in our cloud or your own cloud account with our Bring Your Own Cloud (BYOC) option, and get 10x cheaper runners while improving performance. Get started today. --- --- # Ubicloud vs WarpBuild Comparison URL: https://www.warpbuild.com/blog/ubicloud-warpbuild-comparison Description: Ubicloud features, performance, and why WarpBuild is a better Github Actions runner alternative. --- title: "Ubicloud vs WarpBuild Comparison" excerpt: "Ubicloud features, performance, and why WarpBuild is a better Github Actions runner alternative." description: "Ubicloud features, performance, and why WarpBuild is a better Github Actions runner alternative." date: "2024-08-22" author: surya_oruganti cover: "/images/blog/ubicloud-warpbuild-comparison/cover.png" --- Ubicloud is an OSS cloud provider that can be run on any physical infrastructure. They also have a Github actions runner product, likely as a test bed for features being built, and seeding usage. Ubicloud provides Github Actions runners that you can start using by just changing one line in the Github actions workflow file. This post provides a detailed description of the features of Ubicloud, and see how it compares to WarpBuild. ## Ubicloud Features ### `x86-64` and `arm64` Runners Ubicloud supports both x86-64 and arm64 architectures. This allows you to build your projects on both platforms, without emulation. This can speed up your arm64 builds 2-5x. WarpBuild Advantage: WarpBuild supports x86-64 and arm64 instances. WarpBuild arm64 instances are ~40% more powerful for faster raw performance but Ubicloud's x86-64 instances are ~10% faster. WarpBuild has faster job start times and better platform uptime. ### Concurrency Ubicloud supports up to 128 concurrent vCPUs for builds. This can be increased at an additional cost by reaching out to Ubicloud support. WarpBuild Advantage: WarpBuild supports truly unlimited concurrency at no additional cost out of the box for x86-64 and arm64 instances. ### OS and Images Ubicloud supports Ubuntu 22.04 only, compatible with Github actions runner images. WarpBuild Advantage: WarpBuild supports ubuntu 22.04 and the latest 24.04 ubuntu image as well, and is 100% compatible with Github actions runner images. Users can use the app to setup any number of custom base images directly. > WarpBuild also supports MacOS runners powered by M2 Pros for blazing fast MacOS builds on MacOS 13 and 14. ### Caching Ubicloud provides 10GB of cache per repo, free. Any additional usage evicts the oldest cache entries. WarpBuild Advantage: WarpBuild provides unlimited cache storage with a 7-day retention policy from last access. The cache performance is blazing fast even for workflows having 100+ concurrent jobs. This is a major advantage for larger customers, especially when there are large artifacts, monorepos, or container builds with large layers. > WarpBuild supports container large layer caching, which Ubicloud does not support. ![WarpBuild Cache](/images/blog/ubicloud-warpbuild-comparison/warpbuild-cache.png) ### Hosting Provider Ubicloud runners are hosted on Hetzner, with most of the compute in the EU region. WarpBuild Advantage: WarpBuild runs compute on AWS, GCP, and Azure and users can choose which region to run their builds in. This has enormous advantages for customers to minimize inter-region data transfer costs and improve performance. ### Dashboard and Analytics Ubicloud has a very basic page that lists the available runners. WarpBuild Advantage: WarpBuild supports a rich dashboard for runners, cache usage, and builds. There are also analytics and insights for the entire repository, including build times, build failure rates, runtime trends, activity heatmaps and more. ![WarpBuild Analytics](/images/blog/ubicloud-warpbuild-comparison/warpbuild-analytics.png) ![Ubicloud Dashboard](/images/blog/ubicloud-warpbuild-comparison/ubicloud-dashboard.png) ### Security Ubicloud runners are ephemeral VMs, running on bare-metal. This is potentially subject to noisy neighbors and performance degradation. WarpBuild Advantage: WarpBuild runners are ephemeral VMs as well, with the virtualization and isolation handled by the underlying cloud provider (AWS, GCP, Azure) and strong performance guarantees. This allows WarpBuild to be more secure and compliant with the most stringent security standards. ### Enterprise Compliance Ubicloud is not SOC2 compliant. Data residency regions are not handled. WarpBuild Advantage: WarpBuild is in the process of getting SOC2 Type2 compliance certification. The documentation will be available for free, on request. ### Static IPs Ubicloud supports public IPs for the runner instances at an additional cost. However, these are not guaranteed to be static. WarpBuild Advantage: WarpBuild offers static IPs for runners (on BYOC only) at no additional cost. ### Runner Pricing Ubicloud's pricing is 10% of the cost of a Github Actions runners for x86-64 and ~16% the cost of arm64 runners. WarpBuild Advantage: WarpBuild runners offer ~20% higher performance for x86-64 instances and ~20% higher performance for arm64 instances. Ubicloud runners are way cheaper than the WarpBuild cloud pricing but comparable to the overall WarpBuild BYOC pricing at a job level because of performance improvements. ## Missing Features Ubicloud is missing a lot of features essential for robust CI. These features are usually deal breakers for large and fast growing teams. WarpBuild supports all of these features. ![WarpBuild Dashboard](/images/blog/buildjet-warpbuild-comparison/warpbuild-dashboard.png) ### Snapshots WarpBuild supports saving and restoring state from a runner instance for persistence and incremental builds is essential for large codebases. WarpBuild users see a 10x improvement in build times, due to this feature. Snapshots are very useful because the time in a CI workflow spent installing dependencies is eliminated and snapshots enable incremental builds. ### Bring Your Own Cloud (BYOC) WarpBuild supports BYOC, with a cloud-hosted control plane and the runners spawned in the user's cloud account. This provides the best of both worlds with maximum flexibility and zero management overhead. This is a major advantage for larger customers and is 10x cheaper than Ubicloud. Users can leverage preferential pricing agreements with their cloud providers for even more value. ### Regions WarpBuild supports over 29 regions globally. This is huge for minimizing data transfer costs and improving performance. It is essential for some customers with sensitive workloads and data residency regulations. ### Disk Configurations Ubicloud only supports 64GB of disk storage. WarpBuild supports configurable disk sizes, iops, and throughput. This is useful for ML/AI workloads, large container builds, monorepos, game developers, and mobile app development. ### Roadmap Ubicloud's Github actions product is a "use-case" but not core to their overall vision. In contrast, WarpBuild is already the most capable product in this space and has been adding new features and capabilities to its platform rapidly since launch less than a year ago. ## Conclusion Ubicloud is a basic provider of Github Actions runners. WarpBuild is superior to Ubicloud in every way, but is way cheaper. It's good for teams that are on a very tight budget and don't particularly care about performance. Large or fast growing teams use WarpBuild for their CI/CD needs at scale for 10x faster builds with snapshots, better security, and even cheaper with BYOC. ## Get Started Today WarpBuild is committed to providing you with the tools you need to build faster, smarter, and more cost-effectively. Join us in this new era of development. --- Stay tuned for more updates and features coming soon. Happy building! --- For detailed technical documentation, visit [WarpBuild Docs](http://docs.warpbuild.com). Contact us at support@warpbuild.com. --- --- # Observability at WarpBuild: Designing for Uptime and Reliability URL: https://www.warpbuild.com/blog/uptime-reliability Description: Observability at WarpBuild: Designing for Uptime and Reliability --- title: "Observability at WarpBuild: Designing for Uptime and Reliability" excerpt: "Observability at WarpBuild: Designing for Uptime and Reliability" description: "Observability at WarpBuild: Designing for Uptime and Reliability" author: surya_oruganti date: "2025-11-05" cover: "/images/blog/uptime-reliability/cover.png" --- Uptime and reliability are critical for any platform, but especially for WarpBuild as CI is critical to our customer workflows. Poor uptime can block hotfixes and releases causing significant business impact. At WarpBuild, our goal is to have a system that our customers can set and forget, so that it just works. In the last two months, we overhauled our internal observability stack for better alerting and visibility. This post discusses how we architect for uptime and reliability at WarpBuild through three key pillars: intelligent automation, multi-cloud redundancy, and comprehensive observability. But first, let's understand the infrastructure landscape that makes this all possible. [In the previous post](/blog/observability-architecture), we discussed how we built a zero-maintenance observability system using S3, presigned URLs, and OpenTelemetry for our users to view their job metrics and logs. This post focuses on the internal infrastructure that we use to ensure that all our customers' workloads always run regardless of infrastructure issues, capacity constraints, or unexpected demand spikes. ## Infrastructure Overview ### Compute Layer At WarpBuild, we run GitHub Actions runners across multiple infrastructure stacks, optimizing for both performance and user experience. **Bare Metal Servers**: Most Linux and macOS runners run on bare metal servers. This gives us maximum performance and control, which is critical for compute intensive CI workloads. **Hyperscalers**: Windows runners, ARM64 Linux runners, and Docker builders run on hyperscalers due to licensing (for Windows) and performance related constraints (ARM64 instances on AWS and Azure are vastly superior to Ampere servers). When we need to rely on hyperscaler infrastructure, we primarily use AWS with passive backup stacks on GCP and Azure for redundancy and failover. ### Persistence and Backend Services Persistence layers - including S3, databases, Redis, and SQS - are primarily hosted on AWS. Our backend services also run on AWS, but in a separate region isolated from the GitHub Actions runners. This isolation ensures that customer workloads don't impact our control plane and vice versa. Critically, our backend services are infrastructure aware. They maintain real-time visibility into the state of our compute infrastructure and communicate bidirectionally with our orchestrators. ### Orchestration We use both Kubernetes and Nomad as orchestrators, depending on the workload characteristics. These orchestrators handle the placement of virtual machines and containers, but they don't make decisions in isolation. They're part of a closed-loop system with our backend services, continuously providing real-time information about the state of the underlying infrastructure. ## Three Pillars Building reliable infrastructure isn't about a single magic solution. At WarpBuild, we approach reliability through three interconnected pillars that work together to ensure uptime and robust performance. ### Pillar 1: Intelligent Automation The foundation of our reliability is automation that continuously monitors infrastructure state and makes intelligent scheduling decisions on the fly. Our backend services are the brain of this operation. They're infrastructure aware and make dynamic decisions about where compute needs to be scheduled, optimizing for both queue times and performance. This isn't static configuration - it's realtime decision making based on current conditions. The system works as a closed loop: 1. Our orchestrators (Kubernetes or Nomad) continuously provide realtime information about the state of the underlying infrastructure to our backend services 2. The backend services analyze this data alongside incoming workload requests 3. Based on capacity, performance characteristics, and current state, the backend commands the orchestrator for optimal VM placement 4. The orchestrator executes the placement and feeds updated state back to the backend This closed-loop system enables automatic failover management. When the backend detects that scheduling isn't feasible on the preferred infrastructure - whether due to capacity constraints or infrastructure issues - it automatically triggers failover to alternative compute resources. ### Pillar 2: Multi-cloud Redundancy with Intelligent Failover While automation handles the decision making, multi-cloud redundancy provides the infrastructure options that make seamless failover possible. **Primary Infrastructure**: We prioritize bare metal servers for runners whenever possible. Bare metal delivers the best performance for CPU-intensive CI workloads, and our customers benefit from faster build times. **Automatic Fallback**: When bare metal capacity is insufficient or when there are issues with our bare metal hosting provider, the system automatically falls back to hyperscalers. This isn't a manual process - our infrastructure-aware backend services detect capacity or availability issues and seamlessly redirect workloads to hyperscaler infrastructure. **Multi-cloud Backup**: Beyond the bare metal to hyperscaler failover, we maintain backup stacks on GCP and Azure in addition to our primary AWS infrastructure. This provides an additional layer of redundancy for hyperscaler workloads. The result is a seamless customer experience. Whether a job runs on bare metal or gets automatically failed over to a hyperscaler, customer workloads are always running. The complexity is hidden from users - they simply see their CI jobs complete successfully. ### Pillar 3: Observability and Alerting While automation and redundancy handle most reliability scenarios, observability provides visibility and enables quick response to everything else. **Tools and Stack**: We use a comprehensive observability stack including OpenTelemetry for instrumentation, Prometheus for metrics collection, Grafana for visualization, and Datadog and Signoz for unified monitoring and alerting. This gives us deep visibility into logs, metrics, alerts, and dashboards across all our systems. **Persistence Layer Strategy**: Unlike our compute layer which has automated failover, our persistence layers (databases, Redis, SQS) rely on observability and rapid response rather than automated failover. **Recent Improvements**: The observability stack overhaul we completed in the last two months significantly improved our alert quality and visibility. We now have better signal-to-noise ratio in alerts, more comprehensive dashboards for infrastructure health, and generally more surface area for observability. ## How It All Works Together These three pillars aren't independent - they work in concert to deliver the reliability our customers depend on. **Automation** handles dynamic workload placement and failover, continuously optimizing where jobs run based on realtime infrastructure state. **Multi-cloud redundancy** provides the infrastructure options - bare metal, multiple hyperscalers, multiple regions - that make intelligent failover possible. **Observability** ensures we have visibility into every layer of the stack and can quickly respond to any issues that automation doesn't handle. The result is the "set and forget" reliability that we promised. Our customers configure their CI once, and from that point forward, WarpBuild handles the complexity of ensuring their workloads always run regardless of infrastructure issues, capacity constraints, or unexpected demand spikes. This setup also helps protect against dreaded `us-east-1` failures and other outages. ## Conclusion Reliability at scale requires more than just redundant infrastructure - it requires intelligent systems that can make realtime decisions, seamless failover mechanisms, and comprehensive observability to catch what automation misses. At WarpBuild, these three pillars - intelligent automation, multi-cloud redundancy, and observability - work together to deliver the uptime and reliability that modern development teams require. As we continue to grow and evolve our infrastructure, these principles guide how we approach every architectural decision. ### Call for Developers We are looking for developers who are interested in building the future of CI/CD. If you are interested in working on these kinds of infrastructure challenges, get in touch with us at [hello@warpbuild.com](mailto:hello@warpbuild.com)! ---