Update configure-self-hosted-runners.md

Author: Chukslord1

learn-pr/github/manage-github-actions-enterprise/includes/configure-self-hosted-runners.md

@@ -5,18 +5,18 @@ In the previous unit, you explored how to choose and manage GitHub-hosted and se
 - Monitoring runner health and performance
 - Configuring secure access using labels and IP allowlists
 
-## Configure Self-Hosted Runners for Enterprise Use  
+## Configure self-hosted runners for enterprise use  
 
 Self-hosted runners in GitHub Actions provide greater flexibility and control for enterprises that require **customized environments, network access, and security hardening**. This guide covers best practices for configuring self-hosted runners, including **proxies, labels, and networking** considerations.  
 
-### 1. Setting Up a Self-Hosted Runner 
+### 1. Setting up a self-hosted runner 
 
-#### Step 1: Create and Register a Self-Hosted Runner
+#### Step 1: Create and register a self-hosted runner
 1. Navigate to **GitHub Enterprise → Settings → Actions → Runners**.  
 2. Click **New Runner** and select the desired OS (**Linux, Windows, or macOS**).  
 3. Follow the provided commands to install and configure the runner on your machine.  
 
-#### Step 2: Install & Start the Runner  
+#### Step 2: Install & start the runner  
 Run the following commands based on your OS:  
 
 **Linux/macOS**
@@ -31,10 +31,10 @@ Run the following commands based on your OS:
 .\run.cmd
 ```
 
-### 2. Configuring Proxies for Self-Hosted Runners
+### 2. Configuring proxies for self-hosted runners
 Enterprises often operate behind corporate firewalls and proxies that restrict internet access. To allow self-hosted runners to communicate with GitHub, configure proxy settings as follows:
 
-##### Linux/macOS: Configure Proxy
+##### Linux/macOS: Configure proxy
 Edit the environment file to define proxy settings:
 ```
 export http_proxy=http://proxy.company.com:8080
@@ -46,29 +46,29 @@ Apply the settings:
 ```
 source ~/.bashrc
 ```
-#### Windows: Configure Proxy
+#### Windows: Configure proxy
 
 Use the following PowerShell commands:
 
 ```
 [System.Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://proxy.company.com:8080", "Machine")
 [System.Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://proxy.company.com:8080", "Machine")
 ```
-### 3.Using Labels for Runner Management
+### 3.Using Labels for runner management
 
 Labels help organize and route jobs to specific self-hosted runners based on OS, hardware, or project requirements.
 
 ![alt text](image-6.png)
 
-#### Assigning Labels to a Runner
+#### Assigning labels to a runner
 
 When configuring a runner, you can assign custom labels:
 
 ```
 ./config.sh --url https://github.com/<org-name> --token <generated-token> --labels "high-memory,gpu"
 ```
 
-#### Targeting a Specific Runner in a Workflow
+#### Targeting a specific runner in a workflow
 To run a job on a specific runner with labels, update the workflow .yml:
 ```
 jobs:
@@ -79,7 +79,7 @@ jobs:
         uses: actions/checkout@v3
 ```
 
-### 4.Networking Considerations
+### 4.Networking considerations
 #### Allowlist GitHub IPs
 
 GitHub-hosted runners operate on dynamic IPs, but self-hosted runners need firewall rules to allow access. Retrieve the latest GitHub IP ranges:
@@ -88,33 +88,33 @@ curl -s https://api.github.com/meta | jq .actions
 ```
 Whitelist these IPs in your firewall settings to ensure connectivity.
 
-#### Private Network & VPN Access
+#### Private network & VPN access
 For enterprise workloads requiring access to private systems, configure the runner to connect via VPN or an internal network.
 
-### 5. Security Best Practices for Enterprise Runners
+### 5. Security best practices for enterprise runners
 Restrict runners to trusted workflows: Prevent untrusted code from executing on self-hosted runners.  
 Use ephemeral runners: Automatically remove runners after jobs to prevent persistent threats.  
 Monitor runner activity: Log all runner actions and audit access.  
 Apply OS security patches: Regularly update and secure the runner machine.   
 
-### Manage Self-Hosted Runners Using Groups  
+### Manage self-hosted runners using groups  
 Runner groups allow organizations to **manage access, control workload distribution, and enforce security policies** for self-hosted runners in GitHub Actions. This guide covers how to **create, manage, and move runners between groups** effectively.
 
-### 1. Understanding Runner Groups  
+### 1. Understanding runner groups  
 Runner groups help **organize and control** self-hosted runners within a **GitHub Enterprise or Organization**. They allow:  
 - Restricting which repositories can use specific runners.  
 - Controlling runner availability for different teams or workloads.  
 - Managing permissions for **specific branches, workflows, or environments**.
 
-#### Runner Group Availability  
+#### Runner group availability  
 | GitHub Plan | Runner Groups Available? |  
 |-------------|--------------------------|  
 | GitHub Free | ❌ Not Available |  
 | GitHub Pro | ❌ Not Available |  
 | GitHub Team | ✅ Available |  
 | GitHub Enterprise | ✅ Available |  
 
-### 2. Creating a Runner Group 
+### 2. Creating a runner group 
 
 1. Go to **GitHub → Organization Settings → Actions → Runners**.  
 2. Click **"New group"** under **Self-Hosted Runners**.  
@@ -127,27 +127,27 @@ Runner groups help **organize and control** self-hosted runners within a **GitHu
 ### 3. Adding Runners to a Group 
 Once the group is created, you can **add runners manually or during registration**.
 
-##### Option 1: Assign During Registration 
+##### Option 1: Assign during registration 
 When configuring a new runner, specify the group:  
 ```sh
 ./config.sh --url https://github.com/<org-name> --token <generated-token> --runnergroup "Linux-Runners"
 ```
-#### Option 2: Move an Existing Runner
+#### Option 2: Move an existing runner
 1. Navigate to **GitHub → Organization Settings → Actions → Runners.** 
 2. Locate the **runner** and click **Edit.** 
 3. Select a **new runner group** and save changes. 
 
-### 4. Managing Access and Permissions
-#### Restricting Runner Group Access
+### 4. Managing access and permissions
+#### Restricting runner group access
 **Organization-level runners:** Restrict usage to specific repositories. 
 **Repository-level runners:** Only selected workflows can access the runner.
 
-Example: Restrict Access to a Specific Repository
+Example: Restrict access to a specific repository
 1. Navigate to **Runner Group Settings.**
 2. Under **Repository Access**, select **"Only select repositories".**
 3. Add the repositories that are allowed to use the runner group.
 
-### 5. Moving Runners Between Groups
+### 5. Moving runners between groups
 To **reassign a runner** from one group to another:
 
 1. Go to **GitHub → Organization Settings → Actions → Runners.**
@@ -166,20 +166,20 @@ Alternatively, unregister and re-register the runner in a different group:
 - Regularly audit and update runner groups based on team requirements.  
 - Monitor runner usage and performance to optimize CI/CD workloads.
 
-## Monitor, Troubleshoot, and Update Self-Hosted Runners**  
+## Monitor, troubleshoot, and update self-hosted runners**  
 Managing self-hosted runners effectively requires **continuous monitoring, proactive troubleshooting, and regular updates**. This guide covers best practices and GitHub-recommended methods for ensuring **high availability, security, and performance** of self-hosted runners.
 
-### 1. Monitoring Self-Hosted Runners 
+### 1. Monitoring self-hosted runners 
 
-#### Checking Runner Status
+#### Checking runner status
 To monitor runner availability:  
 1. Navigate to **GitHub → Organization Settings → Actions → Runners**.  
 2. Review the status:  
    - ✅ **Idle** → Ready for workflows.  
    - 🔄 **Active** → Currently running a job.  
    - ❌ **Offline** → Runner is down or disconnected.  
 
-#### Using GitHub API to Fetch Runner Status
+#### Using GitHub API to fetch runner status
 You can programmatically check the status of self-hosted runners:  
 ```sh
 curl -H "Authorization: token <your_github_token>" \
@@ -204,15 +204,15 @@ Response example:
   ]
 }
 ```
-### Logging and Metrics
+### Logging and metrics
 
 - **System Logs:** Check logs in the `_diag/` directory within the runner installation folder.
 - **GitHub Actions Workflow Logs:** Navigate to Actions → Workflow Run → Logs to see runner execution details.
 - **Monitoring via Prometheus/Grafana:** Configure Prometheus exporters to track CPU, memory, and job execution time.
 
-### 2. Troubleshooting Self-Hosted Runners
+### 2. Troubleshooting self-hosted runners
 
-#### Common Issues and Fixes
+#### Common issues and fixes
 
 | Issue                        | Possible Cause                        | Fix                                      |
 |------------------------------|---------------------------------------|------------------------------------------|
@@ -221,7 +221,7 @@ Response example:
 | Job fails with permission errors | Incorrect runner permissions           | Ensure runner has the correct access     |
 | Workflow execution is slow   | High CPU/memory usage                 | Monitor system metrics & scale runners   |
 
-#### Restarting a Runner
+#### Restarting a runner
 If a runner is stuck or not responding, restart it:
 
 ```sh
@@ -232,11 +232,11 @@ For systemd-based Linux runners:
 ```
 sudo systemctl restart actions.runner.<org-name>.<runner-name>.service
 ```
-#### Checking Logs for Errors
+#### Checking logs for errors
 **Runner logs:** `<runner_dir>/_diag/Runner_<timestamp>.log`
 **GitHub Actions logs:** Check workflow execution logs in the GitHub UI.
 
-### 3. Updating Self-Hosted Runners
+### 3. Updating self-hosted runners
 #### Checking for Runner Updates
 GitHub periodically updates runner binaries. To check for updates:
 
@@ -250,8 +250,8 @@ curl -H "Authorization: token <your_github_token>" \
      -H "Accept: application/vnd.github.v3+json" \
      https://api.github.com/repos/actions/runner/releases/latest
 ```
-#### Updating the Runner
-**1. Manual Update**
+#### Updating the runner
+**1. Manual update**
 Stop the runner
 ```
 ./svc.sh stop
@@ -269,7 +269,7 @@ tar xzf ./actions-runner-linux-x64.tar.gz
 ./svc.sh start
 ```
 
-#### Automated Updates with GitHub Actions
+#### Automated updates with GitHub actions
 To automatically check for and update runners:
 ```
 name: Update Runners