Enabling Actions with MinIO storage

You can enable Actions on Enterprise Server and use MinIO storage to store data generated by workflow runs.

Who can use this feature?

Site administrators can enable Actions and configure enterprise settings.

In this article

About external storage for Actions

Actions uses external blob storage to store data generated by workflow runs. Stored data includes workflow logs, caches, and user-uploaded build artifacts. For more information, see Getting started with Actions for Enterprise Server.

Prerequisites

Before enabling Actions, make sure you have completed the following steps:

  • Create your MinIO bucket for storing data generated by workflow runs. For more information about installing and configuring MinIO, see MinIO High Performance Object Storage and mc mb in the MinIO documentation.

    To avoid resource contention on the appliance, we recommend that MinIO be hosted separately from your Enterprise Server instance.

    Actions requires the following permissions for the access key that will access the bucket:

    • s3:PutObject
    • s3:GetObject
    • s3:ListBucketMultipartUploads
    • s3:ListMultipartUploadParts
    • s3:AbortMultipartUpload
    • s3:DeleteObject
    • s3:ListBucket
    • kms:GenerateDataKey (if Key Management Service (KMS) encryption has been enabled)
    • kms:Decrypt (if Key Management Service (KMS) encryption has been enabled)

  • Review the hardware requirements for Actions. For more information, see Getting started with Actions for Enterprise Server.

  • TLS must be configured for Enterprise Server's domain. For more information, see Configuring TLS.

    Note

    We strongly recommend that you configure TLS on Enterprise Server with a certificate signed by a trusted authority. Although a self-signed certificate can work, extra configuration is required for your self-hosted runners, and it is not recommended for production environments.

  • If you have an HTTP Proxy Server configured on :

  • You must add .localhost, 127.0.0.1, and ::1 to the HTTP Proxy Exclusion list (in this order).

  • If your external storage location is not routable, then you must also add your external storage URL to the exclusion list.

For more information on changing your proxy settings, see Configuring an outbound web proxy server.

Enabling Actions with MinIO storage

  1. From an administrative account on Enterprise Server, in the upper-right corner of any page, click .

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

  3. In the " Site admin" sidebar, click Management Console.

  4. In the "Settings"" sidebar, click Actions.

  5. Under " Actions", select Enable Actions.

  6. Under "Artifact & Log Storage", next to "Amazon S3", click Setup.

  7. Under "Authentication", select Credentials-based, and enter your storage bucket's details:

    Note

    For MinIO, you cannot use OpenID Connect (OIDC) authentication. You must use credentials-based authentication.

    • AWS Service URL: The URL to your MinIO service. For example, https://my-minio.example:9000.
    • AWS S3 Bucket: The name of your S3 bucket.
    • AWS S3 Access Key and AWS S3 Secret Key: The MINIO_ACCESS_KEY and MINIO_SECRET_KEY used for your MinIO instance.

  8. Under "Artifact & Log Storage", select Force path style.

  9. Click the Test storage settings button to validate your storage settings.

    If there are any errors validating the storage settings, check the settings with your storage provider and try again.

  10. Under the "Settings" sidebar, click Save settings.

    Note

    Saving settings in the Management Console restarts system services, which could result in user-visible downtime.

  11. Wait for the configuration run to complete.

Next steps

After the configuration run has successfully completed, Actions will be enabled on . For your next steps, such as managing Actions access permissions and adding self-hosted runners, return to Getting started with Actions for Enterprise Server.