Self-Hosted Workers
A self-hosted worker is a lightweight agent that you can run on your own machine on Windows, Linux, or macOS. The self-hosted worker connects to Space Automation, gets jobs and the project source code, runs the jobs, and reports results back to Space.
Self-hosted workers let you perform CI/CD workflows that are not possible with containers. For example:
Building full .NET Framework applications on Windows.
Using specific hardware. For example, building iOS and macOS applications on Apple hardware, running ML tasks on GPUs, and so on.
Using more powerful hardware configurations than those provided by Space Cloud.
How does it work
The self-hosted worker agent is a Java application that is distributed either as a
.zip
archive or as a part of a specially-prepared Docker image. Learn moreAfter you register a self-hosted worker in Space, you should run the agent on the host machine. The running agent will regularly send its status to Space.
The agent uses pull communication with Space: The agent initiates the communication, and Space only responds to incoming requests. This means that no specific network configuration is required on the agent side. The only requirement is access to your Space instance.
To run a job on the self-hosted worker, you should use the
host
blocks for job steps:job("Hello from self-hosted worker") { host("Run echo") { shellScript { content = """ echo "Hello World!" """ } } }Important: In order Space could route this job to a self-hosted worker, this job must be assigned to the Self-Hosted Workers worker pool. This could be done either with the help of the Default worker pool parameter or explicitly with the job's
requirements
block. For example:job("Hello from self-hosted worker") { requirements { workerPool = WorkerPools.SELF_HOSTED } host("Run echo") { // ... } }When a job with at least one
host
step is triggered, Automation will randomly choose a worker suitable for the job. After the suitable worker is found, Automation initiates job run.The worker agent:
creates a temporary directory on the host machine,
downloads the project source code including the Automation script,
and runs the job.
Once the job is finished, the agent reports results to Automation and deletes the temporary directory.
Self-hosted workers are billed for each minute of work based on your Space subscription plan. Learn more
Requirements to a host machine
The host machine which you want to use as a self-hosted worker must meet the following requirements:
Installed software:
Git: any version.
Docker, Docker Compose 1.27.0 or later: only if you want to run
container
steps.JRE 11 or later: only if you want to run Kotlin code using the
kotlinScript
blocks.
Important: The paths to Git, Docker, and Java must be specified in the system
PATH
.The outbound connections to
*.jetbrains.space
anddownload.jetbrains.com
must be allowed for the host machine.
Directory structure and working directory
Automation stores project data inside a temporary directory on this worker.
In more detail:
{system-temp-dir}/jetbrains/space/automation/worker/data
is the default parent directory for step data.To change the default path, use the
--dataDir
agent argument.To get this path in a
shellScript
orkotlinScript
, use theJB_SPACE_STEP_DATA_PATH
environment variable..../work/{git-repo-name}
is the default location of the project sources. Here{git-repo-name}
stands for the project's Git repository name. For details on how to check out additional project repositories, refer to Check out Source Code.To get this path in a
shellScript
orkotlinScript
, use theJB_SPACE_WORK_DIR_PATH
environment variable..../share
is the external storage used for file sharing.To get this path in a
shellScript
orkotlinScript
, use theJB_SPACE_FILE_SHARE_PATH
environment variable.After the job is finished, the step data directory is deleted.
What can you run in a self-hosted worker
As well as containers, self-hosted workers let you run shell scripts (shellScript
) and arbitrary Kotlin code (kotlinScript
).
Note that unlike container
, host
lets you run both shellScript
and kotlinScript
in one block. For example:
Add self-hosted workers
In Administration, open the Automation page.
Click Add worker.
Specify worker Name and other options:
Tags: route jobs to specific workers. Automation will run jobs marked with a specific tag only on workers with the same tag. Learn more
Projects:
All projects: the worker will be available to all projects in the organization. To choose this option, you must have the Create organization automation workers permission.
Specific projects: the worker will be available only to the selected projects. You are able to select only the projects where you have the Project Admin role.
After you click Add worker, you will be navigated to the worker settings page. The settings include info about the assigned tags, OS, available resources, and an authorization token. Copy the token to the safe place (the token is shown only once right after the worker is created).
Your next task is to run the worker agent on a host machine. Before it happens the worker will be in not initialized state. The instructions on how to do it are provided on the worker settings page under Worker installation instructions: select a worker type and follow the instructions:
Docker for Windows / Linux / macOS: the worker runs inside a Docker container running on a host machine.
For example, to run the worker in a container on a Linux host machine:
docker run \ --log-opt max-size=10m \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp/jetbrains/space/automation/worker:/tmp/jetbrains/space/automation/worker \ -e SPACE_WORKER_SERVERURL=https://mycompany.jetbrains.space \ -e SPACE_WORKER_TOKEN=abc1234 \ public.registry.jetbrains.space/p/space/containers/space-automation-worker:139318- Change working directory in a container
When running inside a container, the worker's working directory is a directory on the host machine mounted inside this container (see the second
-v
argument):docker run \ --log-opt max-size=10m \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp/jetbrains/space/automation/worker:/tmp/jetbrains/space/automation/worker \ -e SPACE_WORKER_SERVERURL=https://mycompany.jetbrains.space \ -e SPACE_WORKER_TOKEN=abc1234 \ public.registry.jetbrains.space/p/space/containers/space-automation-worker:139318If you want to change the path to the working directory in the container, you must also use the same path for the mounted directory on the host machine. It's also required to inform the worker about the new path using the
SPACE_WORKER_DATADIR
environment variable. For example:docker run \ --log-opt max-size=10m \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp/newdir/worker:/tmp/newdir/worker \ -e SPACE_WORKER_DATADIR=/tmp/newdir/worker \ -e SPACE_WORKER_SERVERURL=https://mycompany.jetbrains.space \ -e SPACE_WORKER_TOKEN=abc1234 \ public.registry.jetbrains.space/p/space/containers/space-automation-worker:139318
Binary for Windows / Linux / macOS: the worker runs on a virtual or hardware machine.
For example, to run the worker on a Linux host machine:
unzip ./space-automation-worker.zip && \ chmod +x ./worker.sh && \ ./worker.sh start \ --serverUrl https://mycompany.jetbrains.space \ --token abc1234- Verify worker binary
You can verify the authenticity of the downloaded binary by checking a file checksum and a checksum signature.
Prerequisites
gpg
(version 2.x) is installed on the machine. You can download the tool from https://gnupg.org/download/The path to
gpg
must be in the systemPATH
.
Instructions
Download the checksum and signature files using the links on the worker's page. Save the files in the same directory with the worker
.zip
file. The directory must contain the following files:space-automation-worker-windows.zip
: the archive with the worker.space-automation-worker-windows.zip.sha256
: a SHA256 checksum of the archive file.space-automation-worker-windows.zip.sha256.asc
: a signature for the checksum file.
Download the
KEYS
public key file from https://download.jetbrains.com/KEYS and run:gpg --import KEYSIf you haven't done this before, the output will look similar to this:
gpg: key 1F7A8F87B9D8F501: 1 signature not checked due to a missing key gpg: /Users/you/.gnupg/trustdb.gpg: trustdb created gpg: key 1F7A8F87B9D8F501: public key "Download <download@jetbrains.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys foundMake sure the key ID in the output is
1F7A8F87B9D8F501
.Verify the signature by running:
gpg --verify space-automation-worker-windows.zip.sha256.asc space-automation-worker-windows.zip.sha256Make sure the output contains
Good signature from "Download <download@jetbrains.com>"
Check that the ID of the public key is
33FD4BFD33554634053D73C0C2148900BCD3C2AF
by running:gpg --keyid-format long --list-keys --with-fingerprint 0x33FD4BFD33554634053D73C0C2148900BCD3C2AFMake sure the key ID in the output is
1F7A8F87B9D8F501
. This guarantees that the downloadedsha256
file is valid.Verify the checksum of the
.zip
archive using thesha256
file:certUtil -hashfile space-automation-worker-windows.zip SHA256The output must look similar to this:
SHA256 hash of space-automation-worker-windows.zip: cd5b12d9a8c74accade22f808e5ea18b2a018706d4112d649e1adfdd26187c7d CertUtil: -hashfile command completed successfully.Make sure the hash value in the output is equal to the value in the
space-automation-worker-windows.zip.sha256
file.
Prerequisites
sha256sum
andgpg
(version 2.x) are installed on the machine. To install the tools, runDebian-based distributions:
apt install coreutils gpg
RedHat-based distributions:
yum install coreutils gpg
ordnf install coreutils gpg
Instructions
Download the checksum and signature files using the links on the worker's page. Save the files in the same directory with the worker
.zip
file. The directory must contain the following files:space-automation-worker-linux.zip
: the archive with the worker.space-automation-worker-linux.zip.sha256
: a SHA256 checksum of the archive file.space-automation-worker-linux.zip.sha256.asc
: a signature for the checksum file.
Download the
KEYS
public key file from https://download.jetbrains.com/KEYS and run:LANG=C gpg --import KEYSIf you haven't done this before, the output will look similar to this:
gpg: key 1F7A8F87B9D8F501: 1 signature not checked due to a missing key gpg: /Users/you/.gnupg/trustdb.gpg: trustdb created gpg: key 1F7A8F87B9D8F501: public key "Download <download@jetbrains.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys foundMake sure the key ID in the output is
1F7A8F87B9D8F501
.Verify the signature by running:
LANG=C gpg --verify space-automation-worker-linux.zip.sha256.asc space-automation-worker-linux.zip.sha256Make sure the output contains
Good signature from "Download <download@jetbrains.com>"
Check that the ID of the public key is
33FD4BFD33554634053D73C0C2148900BCD3C2AF
by running:gpg --keyid-format long --list-keys --with-fingerprint 0x33FD4BFD33554634053D73C0C2148900BCD3C2AFMake sure the key ID in the output is
1F7A8F87B9D8F501
. This guarantees that the downloadedsha256
file is valid.Verify the checksum of the
.zip
archive using thesha256
file:sha256sum -c space-automation-worker-linux.zip.sha256The output must look as follows:
space-automation-worker-linux.zip: OK
Prerequisites
sha256sum
andgpg
(version 2.x) are installed on the machine. You can install the tools, for example, with Homebrew:brew install coreutils gpg
Instructions
Download the checksum and signature files using the links on the worker's page. Save the files in the same directory with the worker
.zip
file. The directory must contain the following files:space-automation-worker-mac.zip
: the archive with the worker.space-automation-worker-mac.zip.sha256
: a SHA256 checksum of the archive file.space-automation-worker-mac.zip.sha256.asc
: a signature for the checksum file.
Download the
KEYS
public key file from https://download.jetbrains.com/KEYS and run:LANG=C gpg --import KEYSIf you haven't done this before, the output will look similar to this:
gpg: key 1F7A8F87B9D8F501: 1 signature not checked due to a missing key gpg: /Users/you/.gnupg/trustdb.gpg: trustdb created gpg: key 1F7A8F87B9D8F501: public key "Download <download@jetbrains.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys foundMake sure the key ID in the output is
1F7A8F87B9D8F501
.Verify the signature by running:
LANG=C gpg --verify space-automation-worker-mac.zip.sha256.asc space-automation-worker-mac.zip.sha256Make sure the output contains
Good signature from "Download <download@jetbrains.com>"
Check that the ID of the public key is
33FD4BFD33554634053D73C0C2148900BCD3C2AF
by running:gpg --keyid-format long --list-keys --with-fingerprint 0x33FD4BFD33554634053D73C0C2148900BCD3C2AFMake sure the key ID in the output is
1F7A8F87B9D8F501
. This guarantees that the downloadedsha256
file is valid.Verify the checksum of the
.zip
archive using thesha256
file:sha256sum -c space-automation-worker-mac.zip.sha256The output must look as follows:
space-automation-worker-mac.zip: OK
Available worker script arguments (note that you can set/get them also as environment variables):
Argument
Env variable
Description
--serverUrl
SPACE_WORKER_SERVERURL
A URL of your Space instance.
--token
SPACE_WORKER_TOKEN
An authorization token issued to the worker. The token is shown only once during the worker registration. If you lose it, you will have to generate a new one.
--dataDir
SPACE_WORKER_DATADIR
Sets the path to the directory where the script will download all required data: project sources, file share, and Automation-specific data.
--hostname
SPACE_WORKER_HOSTNAME
Specifies a host name of the self-hosted worker. It is used mostly for troubleshooting purposes to help you distinguish a worker by its host name.
--cpu
,--mem
SPACE_WORKER_CPU
,SPACE_WORKER_MEM
Specifies how much CPU and RAM are available on the host machine. These parameters do not anyhow limit how many resources the agent is allowed to consume. They are used only to help Automation select a suitable worker for a job based on the amount of available resources. Learn more
After you start a worker, its status must change to healthy:
Use self-hosted workers to run steps
In order for Automation to run a job on a worker, the job must contain at least one host
step.
Inside the host
step you can use almost the same DSL elements as inside the container
step. The main difference is that inside host
, you can also:
Use the
requirements
block that lets you specify requirements for the worker where the job must run. Learn moreUse a number of
shellScript
elements. Each of the scripts will be shown separately in the job logs.Use both
shellScript
andkotlinScript
in onehost
block.Access a number of worker-specific environment variables.
Choose specific workers for a job
You have a number of ways to route specific jobs to specific workers: by tags, by operating system, and by available system resources. To specify the routing condition, use the requirements
block inside host
. You can specify all three conditions inside requirements
.
If Automation cannot find a suitable worker for a job, the job will switch to the Blocked state.
Route jobs by tags
Tagging is one of the ways to route a job to a specific worker: Both the worker and the job must be marked with the same tag. See the details below.
In Administration | Automation, choose the required worker.
Click Edit.
In Tags, specify a unique tag name.
Open the required
.space.kts
file and specify the same tag in therequirements
block of a particularhost
. For example:job("Hello from host") { host("Run echo") { shellScript { content = """ echo Hello World! """ } requirements { workerTags("Pool1") } } }
Route jobs by operating system
The worker agent automatically reports the operating system of its host machine to Space. To choose the suitable worker based on the operating systems, specify the required OS in the script:
Route jobs by available resources
The worker agent automatically reports the system resources (CPU cores and RAM) of its host machine to Space. To choose the suitable worker based on host machine resources, specify the required resources in the script:
Note that the worker agent does not guarantee that all these resources will be available to the job: It knows nothing about how the resources are consumed by other processes running on the host machine.
You can manually set the available system resources for a particular worker. This might help, for example, if you don't want to run "heavy" jobs on a particular worker. To set the available resources, run the worker agent with --cpu
(set in mCPU) and --mem
(set in MB) arguments. For example:
In the example above, regardless of real system resources, the worker will report to Space that the system has 2 CPU cores and 8GB RAM available: if a host
in a job requires more resources, the worker will be considered as not suitable for this job. Note that these values do not anyhow prevent the worker agent from consuming more resources on the machine: They just help Space to choose the most suitable worker for a job.
Run container steps in self-hosted workers
Self-hosted workers let you run not only host
steps but container
steps as well. To be able to run container
steps, a worker must have Docker and Docker Compose installed.
Automation will try to run a job with container
steps on a self-hosted worker in one of the following cases:
A job has both
container
andhost
steps.A
container
step has therequirements
section. Note that you can routecontainer
steps to particular workers only by usingworkerTags
.A
job
has onlycontainer
steps (with norequirements
) and the Default worker pool parameter is set to Self-Hosted Workers.
For example:
Suspend a worker
You can temporarily suspend a worker: The worker agent keeps running on the host machine, but Automation will not route jobs to the suspended worker. If the worker still has running jobs, it will first finish the jobs and only then switch to the suspended state.
To suspend a worker
Find the required worker in Administration | Automation.
In the worker settings, click Suspend.
To activate the worker back
Find the required worker in Administration | Automation.
In the worker settings, click Activate.
Delete a worker
Find the required worker in Administration | Automation.
In the worker settings, click Delete.
Note that deleting a worker is an instant operation: If the worker still has running jobs, the jobs will be terminated.
View the history of executed steps
All steps executed by a particular self-hosted worker are saved in the worker history.
Find the required worker in Administration | Automation.
In the worker settings, open the Activity tab.
Worker states
State | Description |
---|---|
not initialized | The worker has never connected to Space before: This is the initial worker state after you register it in Space |
healthy | The worker is up and running |
unhealthy | The worker is low on disk space: Automation will not route jobs to this worker |
suspended | The worker was manually suspended |
graceful shutdown | The worker is finishing the currently running jobs, then the worker agent process will be terminated. This happens when you terminate the agent process with SIGTERM (for example, when you |
disconnected | Automation has no connection with the worker. This might happen, for example, if the worker agent is not running on the host machine, the machine is turned off or has no Internet connection |