The State of Self-Hosted Runners 2026
Why teams self-host CI runners, what it really costs to operate them once idle compute and on-call are counted, and the narrow band where running your own fleet actually pays off.
Executive summary
Self-hosting CI runners is an attractive idea on its face: bring your own hardware or cloud capacity, dodge per-minute hosted pricing, and run jobs on machines you fully control. For a small set of teams that bet pays off cleanly. For many more, the savings on the per-minute line are quietly eaten by costs that never appear on a pricing page, and the team ends up paying in engineering hours what it thought it was saving in compute.
This report separates the appealing reason from the operational result. We look at why teams choose to self-host, which is usually cost control, and then put modeled numbers on the work that comes with the choice: patching base images, scaling capacity up and down with demand, cleaning up stale or wedged runners, and carrying the security weight of long-lived hosts that accumulate state and credentials between jobs.
The throughline is that a self-hosted fleet is never finished. It is a standing piece of infrastructure with its own upgrade cadence, failure modes, and on-call burden, and that burden scales with fleet size rather than amortizing away. The per-minute compute can genuinely be cheaper than hosted runners; the per-month attention is the line that decides whether the model actually nets out ahead.
Three numbers frame the year. Keeping a fifty-runner fleet patched and scaled costs a modeled multiple of the ops time teams budget for. Cost control is the stated driver for a majority of self-hosting teams, yet it is frequently not the result once the full ledger is counted. And the managed alternative requires essentially zero fleet operations, which is the entire point of the comparison.
The conclusion is not that self-hosting is wrong. It is that self-hosting pays off in a narrow band, very high sustained volume, a dedicated platform team, and a real tolerance for ops toil, and that outside that band managed runners deliver the compute savings teams were chasing without the fleet to babysit. This report is meant to help a leader figure out which side of that band they are actually on.
Modeled share of self-hosting teams citing each primary driver. · Source: Latchkey analysis (modeled)
Modeled split of monthly engineering hours spent operating a self-hosted fleet. · Source: Latchkey analysis (modeled)
Email me the report
The full report is right here on this page, free. Want the link in your inbox to read later or share, plus new Latchkey reports as they drop? Drop your email and we will send it over.
Sent! Check your inbox for the report link.
No spam. Unsubscribe anytime.
Cost control is the reason, but rarely the clean result
When teams explain why they self-host, the most common answer by a wide margin is to control spend. The logic is intuitive: hosted minutes are expensive, a raw instance is cheap, so running jobs on your own machines must save money. On the per-minute line that logic holds, and for teams staring at a large GitHub Actions bill it is a compelling place to start.
The trouble is that the per-minute saving frequently fails to survive contact with operational reality. The minute is cheaper, but the engineer-hours spent keeping the fleet alive, the idle capacity that bills whether or not a job lands on it, and the incident time when the pool runs dry are not, and none of them appeared on the invoice the decision was based on. The team set out to control cost and ended up relocating it from a line they could see to several they could not.
This is the central irony of the self-hosting decision and the reason this report exists. Cost control is a perfectly good motivation. It just has to be measured against the full ledger rather than the per-minute rate alone, because the costs that move off the cloud invoice do not disappear, they reappear as headcount and toil.
Patching and scaling are a recurring tax, not a one-time setup
A self-hosted fleet is never done. Base images drift and need patching for security and toolchain updates. Demand swings force constant capacity tuning, because a pool sized for last quarter starves jobs or wastes money this quarter. Stale and wedged runners accumulate, registering and then going silent or holding capacity they will never use, and someone has to find and clear them. This is steady monthly toil, and it is the cost most teams underestimate going in.
Our model splits the ops time roughly into scaling and capacity tuning as the largest slice, image patching and updates close behind, cleanup of stale or wedged runners a meaningful third, and incident response filling out the rest. None of these is dramatic in a single week, which is exactly why the total goes unbudgeted: it is a drip rather than a flood, a few hours here and there that sum to a real fraction of an engineer across a year.
Crucially, this burden scales with fleet size rather than shrinking at scale. A bigger fleet has more images to patch, more capacity to tune, more runners to go wedged, and more incidents to absorb. The hope that operations amortize away as the fleet grows is backwards: the fleet that is large enough to justify self-hosting on compute economics is also the fleet that demands the most operations attention.
- Scaling and capacity tuning is the single largest slice of modeled fleet ops time.
- Image patching, stale-runner cleanup, and incident response together account for the rest, none of it one-time.
- Ops burden scales with fleet size, so it grows alongside the volume that justifies self-hosting in the first place.
Long-lived runners are a standing security liability
Runners that persist between jobs accumulate state, cached credentials, and the residue of every prior workload. That persistence is convenient and dangerous in equal measure: it speeds the next job, and it widens the blast radius if any single job is compromised. A malicious or compromised build on a long-lived host can observe secrets left behind by an earlier job, poison a cache that a later job trusts, or plant tooling that persists across runs.
Ephemeral and managed runners that tear down after each job shrink that exposure dramatically. A runner that exists for exactly one job cannot carry contamination forward, cannot leak one job's credentials to the next, and presents an attacker with a single-job window rather than a standing foothold. Our modeled risk index puts long-lived self-hosted runners well above every other model precisely because of this accumulated, persistent surface.
The security argument therefore points the same direction as the reliability argument. Single-use isolation removes a class of flaky failures caused by state bleeding between runs and removes a class of security incidents caused by state persisting between runs. Long-lived self-hosting is the model that forgoes both protections, and in 2026 that is increasingly hard to justify when the alternatives are well understood.
Modeled relative risk score across runner sourcing models (higher is worse). · Source: Latchkey analysis (modeled)
Idle capacity bills even when no job is running
The per-minute comparison that justifies self-hosting counts only the minutes a job actually consumes. A self-hosted fleet does not work that way. CI demand is spiky, arriving in bursts at merge and release time and falling to near zero overnight and on weekends, so a fleet sized to handle the peak sits mostly idle in between, and every idle machine bills regardless of whether a job ever lands on it.
Teams that keep a warm pool to avoid cold-start latency make this worse on purpose, and reasonably so, because cold starts hurt developer experience. But warm headroom is reserved capacity that costs money the moment it exists, not the moment it is used. The gap between provisioned capacity and consumed capacity is pure waste on the ledger, and it is invisible to the per-minute math that drove the decision.
This is why effective cost per useful minute, rather than raw instance price, is the number that matters. Spreading fixed ops overhead and idle capacity across the minutes you actually use is what determines whether self-hosting nets out cheaper, and as the chart of cost per active minute shows, that effective rate only falls toward competitive territory at high volume where the idle fraction finally shrinks.
Self-hosting only pays off at high sustained utilization
The fully-loaded cost per useful minute on a self-hosted fleet falls as volume rises, because the fixed ops overhead spreads across more work and the idle fraction shrinks as the fleet stays busier. At low volume the effective rate is high, dominated by idle and operations; at high volume it drops substantially as utilization climbs. The curve is real and it does bend in self-hosting's favor.
The catch is where it crosses below the managed rate. Our modeling puts that crossover at volumes that require a dedicated platform team to keep the fleet busy and operated, which is to say at a scale most organizations have not reached. Below that point the managed alternative is cheaper on total cost despite a higher headline per-minute rate, because it carries no idle and no ops. The crossover is a function of utilization, not ambition.
The practical reading of the payoff chart is therefore a question about your own volume and staffing, not a universal verdict. If you are running sustained high volume with a platform team already in place, self-hosting can genuinely win. If you are not, the curve says you are paying a premium in operations and idle to chase a per-minute saving that your utilization is too low to realize.
Modeled fully-loaded self-hosted cost per useful minute as volume rises. · Source: Latchkey analysis (modeled)
Transient failures get re-run and re-billed on your own fleet
Self-hosting does not remove flaky failures. Network blips pulling dependencies, registry timeouts, out-of-memory kills on undersized runners, and load-dependent races all fail jobs that would pass on a clean retry, and they do so regardless of who owns the runner. The test code is fine; the environment hiccuped.
On a self-hosted fleet those failures consume your own compute on the re-run and, more expensively, pull an engineer out of focus to click re-run and wait. Most self-hosted setups have no way to distinguish a transient infrastructure failure from a real regression, so recovery is manual and the mechanical-flake tax is paid in both minutes and attention on every spurious red build.
Automated recovery at the runner layer removes this without anyone editing a test. When a step fails on a known-transient signal, the platform retries it on a fresh environment before a human sees the red check, so the failure never reaches the pull request. Building that capability yourself is yet another item on the operations ledger; getting it by default is one of the reasons the managed comparison keeps coming out ahead.
Managed runners keep the upside and drop the toil
The genuine benefits teams want from self-hosting are cheaper compute and ephemeral control. Managed runners deliver both: workloads run on right-sized cloud compute rather than premium hosted minutes, and every job gets a fresh, single-use environment. What the managed model removes is the fleet itself, the part that turned the per-minute saving into a net cost.
There is no image to patch, no autoscaler to tune, no stale runners to clean up, and no on-call rotation for the fleet, because the fleet is not yours to operate. The modeled ops burden goes to essentially zero. On top of that, scale-to-zero means idle capacity stops billing the moment the queue empties, and automated recovery means transient failures are healed rather than re-billed, the two costs that quietly eroded the self-hosted case.
This is why the break-even increasingly favors managed for any team without platform staff to spare, and often even for teams that have it but would rather aim it at product. Latchkey targets a modeled rate well below a self-run autoscaling fleet at the volumes most teams actually run, with savings on the order of 69 percent against hosted pricing, and it does so without handing the team a fleet to babysit in exchange.
- Right-sized cloud compute plus ephemeral isolation keeps the upside teams wanted from self-hosting.
- Zero fleet to patch, scale, or clean up drops the modeled ops burden to near zero.
- Scale-to-zero and automated recovery remove the idle and re-run costs that erode the self-hosted case.
Recommendations
Compare total cost of ownership, not per-minute price
Put idle capacity, monthly ops hours, and incident time on the ledger before deciding to self-host. The per-minute instance rate is the part of the comparison that flatters self-hosting; the effective cost per useful minute, fully loaded, is the number that actually decides it.
Locate your real volume on the payoff curve
Self-hosting crosses below managed pricing only at high sustained utilization with a platform team in place. Estimate your monthly active minutes and your staffing honestly. If you are below the crossover, the curve says you are paying a premium in idle and ops to chase a saving your volume cannot realize.
If you self-host, make every runner ephemeral
Long-lived runners carry the highest modeled security risk and a class of state-bleed flakes. Tear the environment down after each job so no runner serves two workloads. This shrinks both the credential exposure window and the flaky-failure surface to a single job.
Budget for transient-failure recovery explicitly
Most self-hosted tooling cannot tell a transient infrastructure failure from a real regression, so re-runs are manual and re-billed against your own compute. Either build automated recovery into the fleet or account for the mechanical-flake tax in your cost model. It does not disappear just because the runner is yours.
Revisit the decision as volume and team change
The self-hosting math is a function of utilization and staffing, both of which move. Track fleet ops hours and idle spend as first-class metrics and re-run the managed comparison when either climbs. A decision that was right at one scale is not automatically right at the next.
Outlook
Expect the case for long-lived self-hosting to keep eroding through 2026 and beyond. The security posture the industry now treats as default, ephemeral single-use environments and short-lived credentials, is precisely the posture long-lived fleets struggle to deliver, and the reliability benefits of single-use isolation point the same way. The model that forgoes both is increasingly the exception rather than a defensible norm.
The economic picture is converging too. As managed runners deliver scale-to-zero, ephemeral isolation, and automated recovery as a baseline, the band in which self-hosting genuinely wins on total cost narrows toward the largest, most platform-heavy organizations. For everyone below that volume the comparison is shifting from how to operate a fleet well to whether to operate one at all.
For most engineering leaders the durable takeaway is that the per-minute price was never the real question. The fleet you self-host is the cost that does not fit on the comparison page: the idle, the patching, the cleanup, the on-call, and the flake recovery you have to build yourself. Pricing that honestly is what turns a runner decision from a spreadsheet exercise into a real one, and for any team without a platform group to spare it increasingly points toward managed.
Methodology
This report combines published CI runner pricing with Latchkey's own modeling of fleet operations, utilization, and security exposure. Figures labeled "modeled" are illustrative estimates derived from public pricing and representative fleet shapes, not a primary survey; figures attributed to a named source reflect that source. Risk scores are relative modeled indices, not absolute measurements. Figures labeled "modeled" are illustrative estimates derived from public pricing and typical pipeline shapes, not a primary survey; figures attributed to a named source reflect that source. Pricing reflects published rates at time of writing and should be verified against current provider pricing.
Sources
- GitHub Actions - billing & pricing
- AWS EC2 On-Demand pricing
- CNCF Annual Survey
- DORA State of DevOps Report