[英]gitlab-runner cannot clone the git repository. How can I add authentication to it?
I newly installed a gitlab runner in docker like this:我像这样在 docker 中新安装了一个 gitlab runner:
...
# docker-compose.yaml
gitlab-runner:
image: 'gitlab/gitlab-runner:latest'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config-runner:/etc/gitlab-runner
restart: always
...
After that I successfully registered with something like this:之后我成功注册了这样的东西:
docker-compose exec -T gitlab-runner-prod gitlab-runner register
I created a simle gitlab-ci.yaml with simple build command like this:我用这样简单的构建命令创建了一个 simle gitlab-ci.yaml:
variables:
MAVEN_CLI_OPTS: "-DskipTests=true -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Djacoco.skip=true -Dformatter.skip=true -Dsonar.host.url=https://sonar.xxxx.yyyy/ -s ./.m2/settings.xml"
DOCKER_TLS_CERTDIR: "/certs"
stages:
- build
image: maven:3.8-jdk-11
build:
stage: build
script:
- mvn $MAVEN_CLI_OPTS clean deploy
When the build starts I get this error:构建开始时出现此错误:
Running with gitlab-runner 14.7.0 (98daeee0)
on kube.yyy.yy-docker TXU2VJaW
Preparing the "docker" executor
00:03
Using Docker executor with image maven:3.8-jdk-11 ...
Pulling docker image maven:3.8-jdk-11 ...
Using docker image sha256:7ba3f54f023fe41416785b7ff546abd975a8f7004f9e55d5be1b5ed7d3319792 for maven:3.8-jdk-11 with digest maven@sha256:be9931cf4b26f5c284e60a55652b8349b0322bfc9c9e2e3da88567310ce6e298 ...
Preparing environment
00:00
Running on runner-txu2vjaw-project-60-concurrent-0 via d355996b2401...
Getting source from Git repository
00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/xxxx/yyyy/.git/
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://git.xxx.yyy/xxxx/yyyy.git/': The requested URL returned error: 403
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
I see the problem.我看到了问题。 The url is not contains the
gitlab-ci-token
and password. url 不包含
gitlab-ci-token
和密码。 But I don't know why, and how can I set up.但我不知道为什么,我该如何设置。
The question is: How can I set up my dockerized gitlab-runner
to use the token variables when try clone the project?问题是:如何设置我的
dockerized gitlab-runner
以在尝试克隆项目时使用令牌变量?
UPDATE: @sytech asked my config.toml file:更新:@sytech 问了我的 config.toml 文件:
#config.toml
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "kube.yyy.yy-docker"
url = "https://git.xxx.yyy/"
token = "TXU2VJaWDPycc4cDKHAc"
tls-ca-file = "/etc/gitlab-runner/2014.pem"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "maven:3.8-jdk-11"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
I solved my problem.我解决了我的问题。
I was not member of the project (I haven't any roles), because I have full admin rights.我不是该项目的成员(我没有任何角色),因为我拥有完全的管理员权限。 As admin I can commit to any project.
作为管理员,我可以致力于任何项目。
BUT:但:
https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html
The token has the same permissions to access the API as the user that caused the job to run.
该令牌与导致作业运行的用户具有相同的访问 API 的权限。 A user can cause a job to run by pushing a commit, triggering a manual job, being the owner of a scheduled pipeline, and so on.
用户可以通过推送提交、触发手动作业、成为预定管道的所有者等方式使作业运行。 Therefore, this user must be assigned to a role that has the required privileges.
因此,必须将此用户分配给具有所需权限的角色。
The cicd tokens not generated, because I not member of the project.未生成 cicd 令牌,因为我不是该项目的成员。
Because I not member of project, the tokens was not generated, and the project clone failed with 403.因为我不是项目成员,所以没有生成令牌,项目克隆失败并显示 403。
After I added myself to the project as developer, and the problem solved automatically.在我将自己作为开发人员添加到项目后,问题自动解决。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.