Add GitHub runner groups and org/repo runner collection

src/openhound_github/kinds/edges.py

@@ -13,6 +13,7 @@
 
 # Access and capability edges
 CAN_ACCESS = "GH_CanAccess"
+CAN_USE_RUNNER = "GH_CanUseRunner"
 CAN_CREATE_BRANCH = "GH_CanCreateBranch"
 CAN_EDIT_PROTECTION = "GH_CanEditProtection"
 CAN_WRITE_BRANCH = "GH_CanWriteBranch"

src/openhound_github/kinds/nodes.py

@@ -30,9 +30,15 @@
 REPO_ROLE = "GH_RepoRole"
 REPO_SECRET = "GH_RepoSecret"
 REPO_VARIABLE = "GH_RepoVariable"
+REPO_RUNNER = "GH_RepoRunner"
 
 DEFAULT_ROLE = "GH_RepoRole"
 
+# Runner nodes
+RUNNER = "GH_Runner"
+RUNNER_GROUP = "GH_RunnerGroup"
+ORG_RUNNER = "GH_OrgRunner"
+
 # Security nodes
 SECRET_SCANNING_ALERT = "GH_SecretScanningAlert"
 

src/openhound_github/models/__init__.py

@@ -23,6 +23,7 @@
 from .repository_role import BaseRepoRole, RepoRole
 from .repository_secret import RepoSecret
 from .repository_variable import RepoVariable
+from .runner import OrgRunner, OrgRunnerGroupMembership, RepoRunner, RunnerGroup
 from .saml_provider import SamlProvider
 from .scim_user import ScimResource
 from .secret_scanning_alert import SecretScanningAlert
@@ -60,6 +61,10 @@
     "SelectedOrgVariable",
     "RepoSecret",
     "RepoVariable",
+    "RunnerGroup",
+    "OrgRunner",
+    "OrgRunnerGroupMembership",
+    "RepoRunner",
     "SecretScanningAlert",
     "AppInstallation",
     "BaseRepoRole",

src/openhound_github/models/org.py

@@ -264,6 +264,12 @@ class GHOrganizationProperties(GHNodeProperties):
         default=None,
         metadata={"description": "Whether SHA pinning is required for GitHub Actions."},
     )
+    self_hosted_runners_enabled_repositories: str | None = field(
+        default=None,
+        metadata={
+            "description": "Which repositories may use self-hosted runners: `all`, `selected`, or `none`."
+        },
+    )
     default_workflow_permissions: str | None = None
     can_approve_pull_request_reviews: bool | None = None
     query_organization_roles: str = ""
@@ -345,6 +351,7 @@ class Organization(BaseAsset):
     actions_enabled_repositories: str | None = None
     actions_allowed_actions: str | None = None
     actions_sha_pinning_required: bool | None = None
+    self_hosted_runners_enabled_repositories: str | None = None
     default_workflow_permissions: str | None = None
     can_approve_pull_request_reviews: bool | None = None
 
@@ -415,6 +422,7 @@ def as_node(self) -> GHNode:
                 actions_enabled_repositories=self.actions_enabled_repositories,
                 actions_allowed_actions=self.actions_allowed_actions,
                 actions_sha_pinning_required=self.actions_sha_pinning_required,
+                self_hosted_runners_enabled_repositories=self.self_hosted_runners_enabled_repositories,
                 default_workflow_permissions=self.default_workflow_permissions,
                 can_approve_pull_request_reviews=self.can_approve_pull_request_reviews,
                 query_organization_roles=f"MATCH (:GH_Organization {{node_id:'{oid}'}})-[:GH_Contains]->(n:GH_OrgRole) RETURN n",

src/openhound_github/models/repository.py

@@ -93,6 +93,12 @@ class GHRepositoryProperties(GHNodeProperties):
             "description": "Whether GitHub Actions is enabled for this repository."
         },
     )
+    self_hosted_runners_enabled: bool | None = field(
+        default=None,
+        metadata={
+            "description": "Whether the repository may use self-hosted runners."
+        },
+    )
     secret_scanning: str | None = field(
         default=None,
         metadata={
@@ -105,6 +111,7 @@ class GHRepositoryProperties(GHNodeProperties):
     query_roles: str = ""
     query_teams: str = ""
     query_workflows: str = ""
+    query_runners: str = ""
     query_environments: str = ""
     query_secrets: str = ""
     query_variables: str = ""
@@ -206,6 +213,8 @@ class Repository(BaseAsset):
     forks: int | None = None
     open_issues: int | None = None
     watchers: int | None = None
+    actions_enabled: bool | None = None
+    self_hosted_runners_enabled: bool | None = None
 
     @property
     def owner_id(self) -> str:
@@ -245,14 +254,16 @@ def as_node(self) -> GHNode:
                 owner_id=self.owner_id or "",
                 environment_name=self._lookup.org_login(),
                 environmentid=self._lookup.org_id(),
-                # actions_enabled=self.actions_enabled,
+                actions_enabled=self.actions_enabled,
+                self_hosted_runners_enabled=self.self_hosted_runners_enabled,
                 # secret_scanning=self.secret_scanning,
                 query_branches=f"MATCH p=(:GH_Repository {{node_id: '{rid}'}})-[:GH_HasBranch]->(:GH_Branch) RETURN p",
                 query_protected_branches=f"MATCH p=(:GH_Repository {{node_id: '{rid}'}})-[:GH_HasBranch]->(:GH_Branch)<-[:GH_ProtectedBy]-(:GH_BranchProtectionRule) RETURN p",
                 query_branch_protection_rules=f"MATCH p=(:GH_Repository {{node_id: '{rid}'}})-[:GH_Contains]->(:GH_BranchProtectionRule) RETURN p",
                 query_roles=f"MATCH p=(:GH_RepoRole)-[*1..]->(:GH_Repository {{node_id: '{rid}'}}) RETURN p",
                 query_teams=f"MATCH p=(:GH_Team)-[:GH_MemberOf|GH_HasRole*1..]->(:GH_RepoRole)-[]->(:GH_Repository {{node_id: '{rid}'}}) RETURN p",
                 query_workflows=f"MATCH p=(:GH_Repository {{node_id:'{rid}'}})-[:GH_HasWorkflow]->(w:GH_Workflow) RETURN p",
+                query_runners=f"MATCH p=(:GH_Repository {{node_id:'{rid}'}})-[:GH_CanUseRunner]->(:GH_Runner) RETURN p",
                 query_environments=f"MATCH p=(:GH_Repository {{node_id: '{rid}'}})-[:GH_HasEnvironment]->(:GH_Environment) RETURN p",
                 query_secrets=f"MATCH p=(:GH_Repository {{node_id:'{rid}'}})-[:GH_HasSecret]->(:GH_Secret) RETURN p",
                 query_variables=f"MATCH p=(:GH_Repository {{node_id:'{rid}'}})-[:GH_HasVariable]->(:GH_Variable) RETURN p",