Custom Labels Configuration for Dependabot Jobs with GitHub Actions Runners

Allison outlines the new ability for Dependabot jobs to use custom labels on self-hosted and larger GitHub-hosted Actions runners, enabling granular workload management for organizations and improved supply chain security.

Custom Labels Configuration for Dependabot Jobs with GitHub Actions Runners

Dependabot update jobs on GitHub can now target specific self-hosted and larger GitHub-hosted Actions runners using custom labels. Previously, all jobs required the fixed dependabot label, which introduced governance limitations in environments with restricted label usage, such as Kubernetes-based runner controllers.

Key Enhancements

• Custom Labels for Routing: Organizations can now define any custom label for runners at the organization level, enabling precise targeting for Dependabot jobs.
• Runner Group Scoping: Optionally, jobs can be scoped by runner group name, adding an extra layer of granularity and control.
• Operational Flexibility: Reduces friction for setups that formerly needed a dedicated runner with only the dependabot label. Workloads can now be segmented according to security or performance needs.
• Backward Compatibility: Existing workflows using the dependabot label remain unchanged. The default label is still supported for backwards compatibility.

Implications for Operations and Security

• Granular Governance: Custom labels allow finer workload segmentation and more secure or performant job routing, supporting complex organizational requirements.
• Supply Chain Security: Improved management of automation runners helps tighten control over dependency workflows, contributing to overall software supply chain security.
• Configuration Best Practices: If a specified label has no available runner online, Dependabot will queue the job until a matching runner becomes available. Be sure labels are spelled correctly to avoid configuration errors and job delays.

Resources

• Using custom labels with self-hosted runners
• Managing Dependabot on self-hosted runners
• GitHub Community announcements

Summary

With this feature, GitHub enables better runner utilization, control, and security for organizations managing their CI/CD pipelines with Dependabot and self-hosted runners.

This post appeared first on “The GitHub Blog”. Read the entire article here