Support self-hosted organisation runners without granting complete admin permissions

[dm3ch]

What would you like added?

I would like to have the ability to run runners for a whole organization without granting a token with organization admin rights to the controller.

A clear and concise description of what you want to happen.

Note: Feature requests to integrate vendor specific cloud tools (e.g. awscli, gcloud-sdk, azure-cli) will likely be rejected as the Runner image aims to be vendor agnostic.

Why is this needed?

It would allow minimizing potential consequences of token leakage and reduce security risks. A clear and concise description of any alternative solutions or features you've considered.

Additional context

As far as I understood, it seems that right now it's not yet supported in runner itself - https://github.com/actions/runner/issues/443#issuecomment-663168938

Unfortunately, I haven't found a disccussion/issue for adding support to run organisation level runners without granting an admin token.

Add any other context or screenshots about the feature request here.

[github-actions[bot]]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[nebuk89]

@dm3ch has the recent granular org level roles solved this for you? 👀 https://github.blog/changelog/2024-03-06-actions-fine-grained-permissions/