Whether it’s building, testing, or deploying code, automating manual processes is key to improving developer experience and achieving a successful DevOps strategy.

On GitHub, you can use GitHub Actions to not only implement your CI/CD pipeline, but also automate other processes both on and off GitHub. When you are adopting GitHub Actions on GitHub Enterprise Cloud, you can choose between GitHub-hosted runners and self-hosted runners to run your workloads, and each has its pros and cons.

In this post, we’ll compare GitHub-hosted runners with self-hosted runners across five areas to help you determine which type best fits your GitHub Actions adoption strategy.

What are GitHub-hosted runners and self-hosted runners?

GitHub-hosted runners and self-hosted runners are based on the same open-source software and both support macOS, Windows, and Linux. But they have many differences.

GitHub-hosted runners are fully managed on GitHub’s infrastructure using pre-configured Windows, Linux, and macOS virtual machines. In addition to offering standard runners for typical workloads, hosted runners offer larger runners with more resources (memory, CPU, and storage), custom images, static IP ranges, and Azure Virtual Network integration for enhanced security control.

Self-hosted runners operate on your own infrastructure, whether on-premises or in the cloud. You manage all aspects—configuration, security, and scaling. They also allow you to operate runners in places you couldn’t otherwise—for example, on GitHub Enterprise Server or on custom hardware. They can also be the only way to implement certain compliance requirements, especially when working with highly secured systems.

Both options offer distinct advantages depending on your specific needs and resources. Let’s explore when GitHub-hosted runners may be the right choice for your projects, and when it may be better to use self-hosted runners.

Fully managed or self-managed?

A key distinction between these two options is where they’re hosted, as we’ve pointed out. But that choice comes with several implications.

GitHub-hosted runners provide managed infrastructure with pools of on-demand virtual machines (VMs) that are automatically secured and updated. The environments are ephemeral, with the disks reimaged after each job, preventing files from previous jobs from affecting subsequent runs. The VMs are optimized for GitHub Actions, with pre-installed software and tools, including the latest versions of GitHub CLI, Docker, and common development platforms to ensure fast start times and avoid rate limits.

With GitHub-hosted runners, you can jump right in and start building workflows. There’s nothing to configure or secure before you start, making them ideal when you want to get started quickly. And we all prefer to spend more time on code than infrastructure, right?

Self-hosted runners offer you complete flexibility in defining your solution, but also means you are responsible for managing the infrastructure, images, caches, and security, and monitoring availability and usage against GitHub’s rate limits. This requires expertise in GitHub Actions architecture, VM and container image building, and network and infrastructure management. If your core business offering is scalable infrastructure solutions or Kubernetes, self-hosted runners may make sense.

Let’s take a closer look.

Scalability

To remain productive, it’s important to have highly-available resources available on demand, especially for CI/CD workloads, where waiting for a job to run may mean you’re blocked from working on other tasks. In fact, a single wasted hour each week can cost a company over $4,000 a year per developer!

But scaling highly available, on-demand resources is hard. Even with a well-designed cloud infrastructure, it takes time to provision new virtual machines. You need systems in multiple regions to maintain up time, with 20-25% spare capacity to scale quickly and handle unexpected system failures.

GitHub-hosted runners take advantage of Microsoft’s deep data center and cloud expertise and have dedicated teams to meet our service level agreement (SLA) of 99.9% availability. And that’s without any expertise on your part. In fact, many teams consider self-hosted runners in hopes of beating this availability, but it turns out that’s not even technically possible, as all runnings depend on the same services and control plane. That said, there are conditions where self-hosted runners may work for you.

Self-hosted runners may meet your needs if you need a fixed number of servers, are primarily focused on deployment to non-cloud resources, and don’t need to scale on demand. Just remember that the instances are not natively ephemeral, so you’ll need to have a strategy to keep the instances free from artifacts created by earlier runs. Self-hosted runners also lack automatic scaling capabilities; they require a scaling solution to be able to support large teams or create new instances dynamically.

GitHub’s Actions Runner Controller (ARC) offers a solution, but it has limitations as it requires Kubernetes expertise and only supports Linux runners. Kubernetes relies on containers instead of VMs, which can require you to troubleshoot resource contention and scaling issues. ARC can also offer high availability by having multiple clusters. As we noted before, if your primary business is hosting and managing Kubernetes clusters, then ARC may be the right approach.

ARC does not support macOS or Windows workloads, and both environments present a number of limitations. For example, on macOS, you are required to use Apple hardware, you are limited to two VMs per machine, and containerizing the Apple runtime is not supported. For Windows, virtual machines are supported, but you need a custom orchestrator for scaling the instances. While you can create Windows containers and manage them with Kubernetes, the containers have slow startup times and may not support some of the necessary development and testing tools.

In short, we recommend GitHub-hosted runners for both macOS and Windows workloads.

Security

Security is critical for CI/CD processes, since they may require access to internal or production resources, and builds often use third-party libraries, runtimes, and tools, which can create a large attack surface if not properly secured.

GitHub-hosted runners provide built-in security through a defense-in-depth, zero-trust approach. VMs provide network isolation, preventing exposure to other runners and corporate resources. In fact, access to corporate or cloud resources requires elevating privileges (we recommend OIDC). Their ephemeral nature eliminates code persistence and prevents application execution after job completion, reducing unauthorized access risks.

Storage disks for hosted runners are encrypted at rest, ensuring the code is protected on the disk. All communications are encrypted to GitHub, and deployments to Microsoft Azure are routed through the Azure backbone, minimizing transits through the public internet. We provide regular security updates to both operating systems and runner software. The minimized attack surface and reduced risk of security breaches are key factors in the Department of Defense DevSecOps Reference Design’s recommendation to prefer GitHub-hosted runners for workloads up to Impact Level 5.

Self-hosted runners shift security responsibility entirely to you, requiring management of network, infrastructure, images, containers, and caches—that’s a lot of work. You also need to keep everything up to date, as runners connected to GitHub Enterprise Cloud will not be able to connect if they are more than 30 days behind the current release.

Not to mention, if you operate runners within your network environment with access to corporate resources and production environments, you’ll want to implement a zero-trust, defense-in-depth strategy with time-limited resource access, which demands a high level of network security expertise.

Finally, you’ll need to implement and keep updated both a tool cache and an Actions archive cache. Otherwise, you’re likely to encounter our rate limits as you scale up.

Troubleshooting

Keeping you productive means that problems with workflows or jobs—lack of resources, network issues, outages—need to be solved quickly. As a result, it’s important to have a support strategy.

GitHub-hosted runners come with 24/7 support across all time zones, with premium plans offering dedicated reliability engineers and rapid 30-minute response times for critical issues. This eliminates the need for infrastructure troubleshooting on your part. GitHub handles all runner environment issues, from performance problems to queue times, letting you focus on development while we roll up our sleeves, figure out the problems, and get them fixed.

Self-hosted runners, however, shift first-level support responsibility to you, which means someone will have to troubleshoot performance, network, or queueing issues when they happen, leaving less time for the fun coding stuff. 🙁

Not only that, but GitHub can only assist with the Actions service itself; we cannot assist with your infrastructure, Kubernetes clusters, or custom orchestration solutions. So if they figure out the issue is with your system, you’ll be on your own to solve it. Without sufficient planning, you can spend a lot of time waiting for a solution that lets you get back to writing and deploying code. That can be a big price to pay for self-hosted runners.

Cost management

Finally, there’s the issue of cost. If you are offering Kubernetes or infrastructure management solutions, self-hosted runners may have some advantages. If not, then GitHub-hosted runners are likely the answer here too.

GitHub-hosted runners operate on a pay-as-you-go model with no upfront costs or commitments. Teams optimize expenses through workflow improvements and appropriate runner selection. In addition, there are built-in cost savings. For example, GitHub doesn’t charge network egress fees—a significant advantage when working with large container images on cloud platforms. GitHub also has a partnership with Docker that allows unlimited image pulls from Docker Hub by GitHub-hosted runners, which often eliminates the need to create a pass-through registry or purchase business licenses for your CI/CD processes. Maintaining, supporting, and securing the environment is handled by GitHub, avoiding additional staff and service expenses. Finally, Enterprise accounts benefit from 50,000 free monthly minutes for standard runners.

Self-hosted runners, as in other areas, means organizations assume responsibility for all infrastructure, network, storage, security, and support costs. This gives you a lot of flexibility in defining the environment, right-sizing your resources, and customizing the networking. While per-minute virtual machine expenses might initially seem lower, the total ownership cost can (and often does) exceed GitHub-hosted solutions when accounting for these additional support costs.

Which runner is best for you?

Choosing the right runner depends on your specific needs. Self-hosted runners are most suitable when using GitHub Enterprise Server (which lacks hosted runners), if your core business involves managing infrastructure or Kubernetes, or when you have compliance requirements not met by GitHub Enterprise Cloud with data residency. Scaling and ephemerality challenges make self-hosting less ideal for Windows and macOS workloads. If self-hosting is necessary, consider a hybrid approach and use self-hosted runners just for the specific workloads where they are needed.

For most developers and the vast majority of scenarios, unless you have very unique requirements or are willing to deeply invest in infrastructure to keep your CI/CD system humming, GitHub-hosted runners are likely your best option. They’re especially beneficial for those new to GitHub Actions and they let you spend your time focused on business value, new ideas, and writing code—instead of managing runners.

The post When to choose GitHub-Hosted runners or self-hosted runners with GitHub Actions appeared first on The GitHub Blog.

The first, most obvious thing is the introduction of the Container Tools extension to broaden our focus and open new extensibility opportunities. The existing extension code (and MIT license) will be migrated to the Container Tools extension, and the Docker extension will become an extension pack that includes the Docker DX and Container Tools extensions. For you, this means the ability to customize the tooling to meet your needs - choose your preferred container runtime and only the functionality that you need in the extension settings.

This major update marks a significant step forward in enhancing the development experience when working with containers. Please comment here with any questions or feedback and stay tuned to experiment with the new features!

 

tl;dr 

• The Docker extension is becoming the Container Tools extension
• Still free and open source
• Podman support is coming
• No action is required

---

Hello Windows Insiders, today we’re releasing Windows 11 Build 22631.5261 (KB5055629) to Insiders in the Release Preview Channel on Windows 11, version 23H2 (Build 22631).   Below is a summary of the new features and improvements included as part of this update separated into two sections: gradual rollout and normal rollout. The bold text within the brackets indicates the item or area of the change we are documenting.

Gradual rollout

The following features and improvements might not be available to all users because they will roll out gradually. Text bolded in brackets indicate the area of the change being documented.

• [Narrator] New! Keep track of what Narrator has spoken and access it for quick reference. With speech recap, you can quickly access spoken content, follow along with live transcription, and copy what Narrator last said—all with simple keyboard shortcuts.
• [Phone Link] New! You can do even more with your Windows PC and your mobile devices with direct access to cross-device features from the Start menu. For example, you can make phone calls, send SMS messages, access your photos, or share content between your mobile devices and PC.
• [Widgets] New! Web developers can use their existing content to create interactive widgets that can be added to multiple widgets surfaces.
• [File Explorer]
  • New! Pivot-based curated views on File Explorer Home that support ease of access of Microsoft 365 content on Windows. Be more productive and get highly relevant content at your fingertips on File Explorer Home.
  • Fixed: Improved the performance of extracting zipped files, particularly in the case where you’re unzipping a large number of small files.
• [Windows Share] New! Make last-minute edits such as cropping, rotating, and adding filters to images shared through the Windows Share window.
• [Start]
  • Fixed: You can’t use touch gestures to view the list of apps pinned in the Start menu.
  • Fixed: The Sign out and More options in the Start menu account manager might not be visible with increased text size.

• [Taskbar] Fixed: If you use the arrow keys after pressing the Windows key + T, the arrows move in the wrong direction for Arabic and Hebrew display languages.

Normal rollout

This update includes the following features and improvements that are rolling out as part of this update. Text bolded in brackets indicates the area of the change being documented.

• [Sign-In Impact] Fixed: This update addresses an issue affecting the USBxHCI controller and all devices that connect using a USB port on PCs based on Intel's newest CPU architecture. The built-in USB camera won't work with Windows Hello sign-in unless you manually disable Enhanced Sign-in Security (ESS). To turn off ESS, go to Settings > Accounts > Sign-in options > Additional settings > Sign in with an external camera or fingerprint reader > toggle switch ON. If you create a Windows Hello container while using the Windows 11, version 23H2, it might prevent you from using ESS after you upgrade to Windows 11, version 24H2. 

• [Server Message Block (SMB)] Fixed: An issue where an Excel file, hosted on a SMB file share with Access Based Enumeration enabled, containing links to multiple other files hosted on network shares, might take longer to open.
• [Xbox] ​​​​​​​
  • Fixed: This update addresses an issue affecting Xbox Elite Wireless Controllers with certain firmware versions, where the keyboard might not function and displays an error indicator in the device manager
  • Fixed: The driver verifier stops responding during gamepad controller driver certification, affecting Windows Hardware Quality Labs testing.​​​​​​​
• [Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)] Fixed: This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

Thanks, Windows Insider Program Team

PowerShell Universal v5.5 PowerShell Universal v5.5 is now available. This release includes a number of new features and improvements. Below you’ll find some highlighted features as well as a roadmap for the next couple of releases. You can download the latest version of PowerShell Universal our download page. For a full list of changes, please visit our changelog page. As always, we recommend testing this version in a development environment before upgrading your production environment.

The countdown to Microsoft Build 2025 is on! Calling all .NET developers: prepare for an exciting lineup of .NET and C# content. Whether you’re a seasoned pro or just starting out, there’s something for everyone to dive into and enjoy. Don’t miss out on this opportunity to learn and connect with the rest of the .NET and Microsoft community.

Join us either in-person in Seattle or from the comfort of your own home on May 19-22.

Dive into .NET Sessions

Microsoft Build is packed with .NET content this year, so make sure to check out all the .NET sessions and add them to your profile’s agenda – this includes the .NET Breakout sessions, .NET Labs, and .NET Demos.

There are over 75 amazing .NET sessions at Microsoft Build this year, here’s just a small sampling of some of the top sessions you won’t want to miss:

Elevating Development with .NET Aspire: AI, Cloud, and Beyond

Let’s delve into the latest advancements in .NET Aspire and offer a sneak peek at the exciting features coming in version 9.3. This session will highlight how to leverage AI within .NET Aspire to enhance your development process, streamline workflows, and build intelligent applications. We’ll cover key updates, demonstrate practical applications, and provide insights into delivering your application systems.

The Future of .NET App Modernization Streamlined with AI

GitHub Copilot and Agents are transforming how developers modernize their applications and get them cloud ready. Come see how GitHub Copilot Upgrade for .NET helps you upgrade your .NET applications directly from Visual Studio. From project and dependency analysis, plan execution, automatic self-healing, detailed reporting, and more. Hear from industry experts who are transforming their .NET app modernization with GitHub Copilot.

Yet “Another Highly Technical Talk” with Hanselman and Toub

Following their “Highly Technical Talk” at Build 2024, join Scott Hanselman and partner software engineer Stephen Toub for another 100% LIVE demo—no slides, just real-time code fixes. In this “highly technical talk” on the internals of .NET, they’ll look for performance issues and fix them live on stage. In this talk, you’ll learn debugging, performance, and optimization skills. If you are super advanced, level up, and let’s see how deep you can go!

Python Meets .NET: Building AI Solutions with Combined Strengths

.NET is the ideal platform for building fast, scalable, Enterprise-ready apps that run anywhere. Python is the ideal platform for doing data-science, analytics, and machine-learning. .NET runs some of the biggest applications on the planet and Python has been used for some of the biggest scientific discoveries of the past 20 years. In this session, Scott Hanselman and Anthony Shaw will discuss and demo how to spice-up your .NET applications with Python.

What’s Next in C#

Join Mads and Dustin on a demo-filled tour through upcoming features in C# 14 and beyond. Dictionary expressions, new kinds of extension members and field access in auto-properties are some of the ways that C# keeps making your code clearer, cleaner and more expressive.

Build the next generation of AI apps with .NET: Models, Data, Agents, & Beyond

.NET is transforming how developers build AI native applications and agents. With deep integrations throughout the AI ecosystem, a streamlined development process with Microsoft.Extension.AI, templates to jumpstart development, and the ability to leverage and build the latest in Model Context Protocol (MCP) and Agents, .NET is the go to for AI development. Come see how all of this works together and how we are evolving .NET for developers to build interactive agents that communicate silently and at lightning speed. Tell the front-end agent to book travel to the Build conference, and your calendar invites and expense report confirmations start appearing. Agents are transforming business processes and this session explores how .NET and AI can optimize workflows and integrate agents into applications. Learn to use familiar tools to build and manage intelligent agents, enhancing productivity and communication within organizations.

AI infused mobile & desktop app development with .NET MAUI

.NET MAUI helps you build apps that work everywhere – iOS, Android, macOS, and Windows. We’ll show you how GitHub Copilot and Visual Studio’s AI features can speed up your coding, and how .NET Aspire fits into your development workflow. You’ll see real examples of how these tools work together to help you build better native and hybrid apps with less effort.

The future of web development with ASP.NET Core & Blazor

Come check out what’s next for ASP.NET Core & Blazor! We’ll demo how to build web apps that use AI capabilities, implement modern security with WebAuthn & Passkeys, and get better insights with improved diagnostics. We’ll also peek at upcoming Blazor features, OpenAPI improvements, and how .NET Aspire makes deployment and monitoring simpler.

Hands-on Labs

Roll up your sleeves and actually build something! Our hands-on labs give you a chance to work with these technologies directly while experts are available to answer your questions.

Build an Intelligent App with .NET, Azure OpenAI, and Semantic Kernel

Build your own AI-powered app using .NET, Azure OpenAI, and Semantic Kernel. You’ll code a solution that connects to large language models, craft effective prompts, add memory to keep context in conversations, and implement planning for complex tasks. Best of all, you’ll do it all with familiar .NET patterns and tools.

Building GenAI Apps in C#: AI Templates, GitHub, Azure OpenAI & More

Get up to speed quickly with AI app building in .NET! Explore the new .NET AI project templates integrated with Microsoft.Extensions.AI, GitHub Models, and vector data stores. Learn how to take advantage of free GitHub Models in development, then deploy with global scale and enterprise support using Azure OpenAI. Gain hands-on experience building cutting-edge intelligent solutions with state-of-the-art frameworks and best practices.

Deploy and Monitor Cloud Applications with .NET Aspire

Get your hands dirty with .NET Aspire by building and deploying a real cloud application. You’ll create a multi-service app, wire up all the connections between services, add monitoring so you can see what’s happening, and deploy it to Azure. By the end, you’ll understand how .NET Aspire removes a lot of the cloud infrastructure headaches so you can focus on writing your application code.

Connect and Learn

Meet the Experts

Grab some time with the people who actually build .NET. Our team members will be available to chat about the latest features, help troubleshoot your specific problems, and hear your feedback directly.

Live Demos

Witness the power of .NET in action at our live demonstration area. Discover new tools, features, and capabilities through practical examples and real-world applications.

Join the Conversation

Connect with fellow developers and the broader .NET community. Share your experiences, exchange ideas, and forge connections that extend beyond the event.

Get a quick overview of the .NET sessions at Microsoft Build

James Montemagno’s got you covered with a 5-minute overview of the .NET sessions at Microsoft Build here:

Register Now and Join Us

Whether you’re attending in-person or online, we’re excited to welcome you to our .NET developer community. Microsoft Build 2025 promises to be an unforgettable experience with opportunities to:

• Learn about the latest .NET innovations directly from the product teams
• Network with fellow developers and Microsoft engineers
• Get hands-on experience with new technologies in interactive lab sessions
• Shape the future of .NET through feedback sessions and community discussions

See you in Seattle or online this May!

The post Join the .NET & C# Teams at Microsoft Build 2025 appeared first on .NET Blog.