
Jenkins to GitHub Actions Migration Guide
GitHub is pulling the trigger on minimum version enforcement for self-hosted Actions runners. The first brownout hits June 29, 2026, with full enforcement following on July 31 for GHEC Data Residency customers and September 25 for standard GHEC. If you're running self-hosted runners on anything older than v2.329.0, you've got about two weeks to fix it before your CI starts breaking intermittently.
This isn't new. GitHub initially announced the minimum version requirement back in February 2026 with a March enforcement date, then paused it. Now they've published a detailed enforcement timeline with brownout dates, and this time there's no ambiguity about what happens or when.
GitHub has been rebuilding the core backend of Actions since early 2024. The rearchitected platform now handles over 120 million jobs per day (three times the pre-migration volume) and lets enterprises start seven times more jobs per minute. Older runner versions aren't compatible with the new infrastructure, and continuing to support them holds back the migration.
Version 2.329.0 (released October 15, 2025) is the minimum required for a runner to register with the new backend. But registration is only half the story.
The enforcement has two separate teeth, and the second one is the one most teams will miss:
This means a runner pinned at v2.329.0 with auto-update disabled will register successfully but stop picking up jobs within a month. The effective minimum version for job execution rolls forward continuously. If you've got --disableupdate set (common in containerized and ARC deployments), you'll need a rebuild/redeploy cadence that keeps pace with runner releases.
There's also a fast path for critical security updates. When GitHub publishes a security release, the Actions service pauses job queuing to the affected runner immediately, outside the normal 30-day window. No brownout, no grace period.
All brownouts run from 11:00 AM to 3:00 PM ET on their scheduled dates. The escalation pattern is deliberate: it starts with registration blocks only ("Config"), then adds job execution blocks ("Config + Runtime") in later weeks.
The Config-only brownouts in weeks one and two are your early warning. If your runners fail to register during those windows, that's your signal to upgrade before the Runtime blocks start and actual jobs stop running.
Note: GitHub Enterprise Server is not affected by this enforcement timeline.
If you're on GitHub Enterprise Cloud (standard or Data Residency), you can identify which runner versions are registering through the audit log REST API. Three event types include the runner version in their payload:
org.register_self_hosted_runner — org-scoped registrationsrepo.register_self_hosted_runner — repo-scoped registrationsenterprise.register_self_hosted_runner — enterprise-scoped registrationsFor large fleets, GitHub recommends querying via the REST API rather than the audit log UI. Filter for events where the runner version is below 2.329.0 to get your list of affected runners.
One caveat: audit log events are recorded at registration time. They show you runners that are actively registering, not a complete inventory of every connected runner. If you have runners that registered months ago and haven't re-registered since, they won't show up in recent logs.
GitHub also plans to surface runtime job annotations when workflows run on outdated runners, so you'll see warnings directly in your workflow logs before enforcement kicks in.
The fix itself is straightforward. The operational overhead of keeping it fixed is the real cost.
Auto-update sounds like the obvious answer, but it comes with its own tradeoffs for teams that manage runner infrastructure carefully.
Runners with auto-update enabled will pull new versions automatically, which satisfies the 30-day window. But this also means runner versions can change without your knowledge, and a bad runner release could break builds before you've had a chance to test it. Some teams disabled auto-update for exactly this reason.
Those teams now face a choice: re-enable auto-update and accept the risk, or build a manual update pipeline with enough cadence to stay within the 30-day window. Neither is free.
All of this, the version auditing, the update cadence, the container rebuilds, the brownout monitoring, is operational work that exists solely because you're managing runner infrastructure yourself. With Tenki's managed runners, version patching and compatibility with the new Actions platform architecture are Tenki's responsibility. You change one line in your workflow YAML and your builds run on bare-metal infrastructure that's always current.
Tenki runners are also 30% faster and up to 60% cheaper than GitHub-hosted equivalents, running on ephemeral VMs on Tenki-owned bare metal. So the version enforcement deadline is actually a reasonable moment to reconsider whether maintaining self-hosted runner infrastructure is worth the operational cost when a managed alternative exists.
Brownouts start June 29. If your runners are current, you've got nothing to worry about. If you're not sure, now's the time to check.
Tags
Recommended for you
What's next in your stack.