Gitlab-runner 未能删除权限被拒绝

Question

I'm setting up a CI/CD pipeline with Gitlab. I've installed gitlab-runner on a Digital Ocean Ubuntu 18.04 droplet and gave permissions in /etc/sudoers to the gitlab-runner as:

gitlab-runner ALL=(ALL:ALL)ALL

The first commit to the associated repository correctly build the docker-compose (the app itself is Django+postgres), but following commits are not able to clean previous builds and fail:

Running with gitlab-runner 12.8.0 (1b659122)
on ubuntu-s-4vcpu-8gb-fra1-01 52WypZsE
Using Shell executor...
00:00
Running on ubuntu-s-4vcpu-8gb-fra1-01...
00:00
Fetching changes with git depth set to 50...
00:01
 Reinitialized existing Git repository in /home/gitlab-runner/builds/52WypZsE/0/lorePieri/djangocicd/.git/
 From https://gitlab.com/lorePieri/djangocicd
  * [new ref]         refs/pipelines/120533457 -> refs/pipelines/120533457
    0072002..bd28ba4  develop                  -> origin/develop
 Checking out bd28ba46 as develop...
 warning: failed to remove app/staticfiles/admin/img/selector-icons.svg: Permission denied
 warning: failed to remove app/staticfiles/admin/img/search.svg: Permission denied
 warning: failed to remove app/staticfiles/admin/img/icon-alert.svg: Permission denied
 warning: failed to remove app/staticfiles/admin/img/tooltag-arrowright.svg: Permission denied
 warning: failed to remove app/staticfiles/admin/img/icon-unknown-alt.svg: Permission denied

This is the relevant portion of the .gitlab-ci.yml file:

image: docker:latest
services:
  - docker:dind

stages:
  - test
  - deploy_staging
  - deploy_production

step-test:
  stage: test
  before_script:
    - export DYNAMIC_ENV_VAR=DEVELOP
  only:
    - develop
  tags:
    - develop
  script:
    - echo running tests in $DYNAMIC_ENV_VAR
    - sudo apt-get install -y python-pip
    - sudo pip install docker-compose
    - sudo docker image prune -f
    - sudo docker-compose -f docker-compose.yml build --no-cache
    - sudo docker-compose -f docker-compose.yml up -d
    - echo do tests now
    - sudo docker-compose exec -T web python3 -m coverage run --source='.' manage.py test

...

What I've tried:

usermod -aG docker gitlab-runner
sudo service docker restart

Answer 1

The best solution for me was adding

pre_clone_script = "sudo chown -R gitlab-runner:gitlab-runner ."

into /etc/gitlab-runner/config.toml Even if you won't have permissions after a previous job it'll set correct permissions before cleaning up the workdir and cloning the repo.

Answer 2

我建议在受影响的工作中将 GIT_STRATEGY 设置为 none。

Answer 3

I have had the exact same problem. Therefore I will explain how it was resolved in details.

Try finding your config.toml file and run the gitlab-runner command with root privileges, since permission denied is a very common UNIX-based operating systems error.

After finding the location of config.toml pass it:

sudo gitlab-runner run --config <absolute_location_of_config_toml>

PS You can find all config.toml file easily using locate config.toml command. Make sure you have already installed by executing sudo apt-get install mlocate

1. After facing to permission denied error, I have tried using sudo gitlab-runner run instead of gitlab-runner , but it has its own problem:

    ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory builds=0

   while executing gitlab-runner without root permissions doesn't have any config file problem.

2. Try implementing the ways and solutions as @Grumbanks and @vlad-Mazurkov mentioned. But they didn't work properly.

Answer 4

It MAY be because you write a file in cloned out codebase. What I do is simply create another directory outside of gitlab-runner directory:

WORKSPACE_DIR="/home/abcd_USER/a/b"
rm -rf $WORKSPACE_DIR
mkdir -p $WORKSPACE_DIR
cd $WORKSPACE_DIR
ls -la
git clone ..................
AND DO whatever 

I never faced the issue again.