Runnerly control plane GitHub Actions runner operations

Self-hosted runners, without guesswork.

Runnerly is a control room for the runner layer GitHub does not manage for you: fleet readiness, repository policy, tokenized enrollment, and CI audit trails.

Request access See how it works

Status Operational Boundary GitHub Actions runners Evidence Jobs, labels, and audit events

runnerly.caelicode.com/fleet updated 5s ago

Fleet Repositories 4 Jobs 12 Audit

Runner operations Healthy

Online 2 runners

In policy 4 repos

Median pickup 8m

Runner Labels Status Current job

caelicode-runner-01 linux · arm64 · uptime 14d self-hostedarm64linux Online build-image #2491

caelicode-runner-02 linux · arm64 · uptime 6d self-hostedarm64linux Online idle · waiting

workflow_job · queued github-user-management -> onboarding.yml self-hostedarm64 Queued awaiting runner pickup

workflow_job -> runner -> repository short-lived registration tokens

What it is

A control plane for the runner layer GitHub does not manage for you.

Runnerly sits beside GitHub Actions and turns self-hosted runners into an observable, governed fleet instead of a set of machines people hope are still alive.

Fleet readiness

Heartbeats, labels, architecture, status, runner scope, and recent checks from managed agents and GitHub events.

# GET /api/runners
{
  "name": "caelicode-runner-01",
  "labels": ["self-hosted", "linux", "arm64"],
  "status": "online",
  "heartbeat": "18s ago",
  "checks": { "actions_runner": "ok" }
}

Repository policy

Allowed repositories, required labels, and online runner coverage checked before the workflow gets stranded.

repositorygithub-user-management

requires[self-hosted, arm64]

online matchcaelicode-runner-01

decisionready · 2 candidates

Tokenized enrollment

Short-lived registration tokens minted through a GitHub App, scoped to a repository and issued only when needed.

sudo GITHUB_OWNER=caelicode \
  GITHUB_REPO=runnerly \
  RUNNER_LABELS=linux,arm64 \
  bash install-github-runner.sh

Job evidence

Every workflow job links back to its repository, runner labels, webhook delivery, and operator events.

jobbuild-image #2491

workflowonboarding.yml

runnercaelicode-runner-01

auditworkflow_job.completed

Architecture

GitHub schedules the work. Runnerly owns the runner boundary.

The control plane receives workflow events, keeps a system of record, coordinates runner agents through authenticated API calls, and gives operators a private dashboard for readiness and audit trails.

External GitHub Actions scheduler · workflow_job events · webhooks

Runnerly Control plane webhook intake · policy store · token issuer · ops dashboard

Fleet Runner agents heartbeats · checks · labels · job pickup

InboundSigned workflow events arrive from GitHub and become policy decisions.

System of recordRepository rules, runner state, jobs, and operator events are queryable.

OutboundRunner enrollment uses short-lived registration tokens and authenticated API calls.

Guardrails

Useful now. Honest about what comes next.

Runnerly is an operations product running against real runner fleets. It makes runner ownership clearer while the broader product surface expands.

Now

What it does today.

Private labs and small-team runner fleets
Repository onboarding with label matching
Runner health and workflow_job evidence
Operator runbooks and on-call dashboard views

Hardened identity and safer enrollment flows
Richer lifecycle checks and drain windows
Queue-depth and per-repository SLO telemetry
Cleaner external access paths

Not yet

What we are not claiming.

Multi-tenant SaaS or public sign-up
Billing or metered usage
Public dashboard exposure
Compliance certification claims

First run

One repo, one runner, one clean operating loop.

Pick a repository, register a runner with the required labels, watch a workflow job land, then decide whether the operating model deserves a wider rollout.

01Install the GitHub App

Scope it to the repositories Runnerly is allowed to observe and manage.

02Add the first repository

Declare required labels and confirm that the fleet can satisfy them.

03Enroll a runner

Use a short-lived registration token and the generated install command.

04Trigger a workflow

Watch queue, pickup, runner identity, and audit evidence in the dashboard.

$ curl /api/onboarding
[ok] repository policy loaded
[ok] matching runner found

$ bash install-github-runner.sh
[ok] runner registered
[ok] heartbeat received

$ gh workflow run onboarding.yml
[ok] workflow_job queued
[ok] runner matched
[ok] audit event recorded

Questions we hear most

The boring answers, up front.

Is Runnerly a replacement for GitHub Actions?

No. GitHub still schedules the work. Runnerly sits beside Actions and owns runner readiness, policy, enrollment, and evidence.

Is Runnerly only a preview?

No. Runnerly is live for real runner operations, with access still controlled while the broader product surface matures.

Does Runnerly host my runners?

No. Your runners stay in your environment. Runnerly talks to them through authenticated API calls and GitHub events.

How does enrollment avoid long-lived tokens?

Runner registration tokens are minted through a GitHub App, scoped to the target repository, and short-lived by design.

Where does the audit log live?

In the Runnerly deployment you operate. The dashboard and API expose runner, repository, job, webhook, and operator events.

Live control plane

Bring discipline to the runners already carrying your CI.

Start with one repository and one self-hosted runner. Prove the operating model, then decide how far Runnerly should go.

Start with Runnerly DevOps services