stackoom
  简体   繁体   中英

gitlab-runner exec docker - inject gpg key

 原文  2018-06-05 09:37:29       docker/ continuous-integration/ gitlab

Question

I need to run gitlab-runner locally using the exec command and the docker executor.

The docker executor clones the project into the container so I start with a blank slate. In order to run the tests, I need to decrypt certain credentials files. Normally this is done on the dev machine using the developers private gpg key. But now we are in a container and I can't find a way to inject the developers gpg key into the testing container.

Normally it would make sense to pass the private key as an environment variable but the environment feature is not supported on the gitlab-runner exec command.

It would be much easier if gitlab-runner would just copy the project files into the container instead of doing a fresh clone of the project. That way the developer would decrypt the credentials on the host and everything is fine.

What are my options here?

2 answers

solution1
 2 ACCPTED  2018-06-07 12:06:42

The only option to pass in environment variables into the testing container is to use the --env parameter for gitlab-runner .

First we need to store the private key in an environment variable on our local machine. I used direnv for this but it also works manually: 

export GPG_PRIVATE_KEY="$(gpg --export-secret-keys -a <KEY ID>)"

Then we can run gitlab-runner like this: 

gitlab-runner exec docker test \
  --env GPG_PRIVATE_KEY="$GPG_PRIVATE_KEY" \
  --env GPG_PASSPHRASE="$GPG_PASSPHRASE"

Note that I also passed the passphrase in an environment variable because I need it inside the container to decrypt my data.

Now I can import the key in the docker container. The top of my .gitlab-ci.yml looks like this: 

image: quay.io/mhart/alpine-node:8

before_script:
  - apk add --no-cache gnupg
  - echo "$GPG_PRIVATE_KEY" | gpg --batch --import --pinentry-mode loopback --no-tty

Done, now we can use that key inside the container to do what we want.

I also ran into some problems when I tried to decrypt my data. This guide was incredibly helpful and solved my issue.

solution2
 0  2018-06-05 10:25:36

It is hard for me to imagine.why you need to invoke gitlab-runner with exec but why could not you do 

   exec gitlab-runner sh
             export GPG_KEY=...
             ....

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Running default before_script in gitlab-runner docker exec How to use gitlab-runner exec docker correclty Deploy with gitlab-runner and docker Why docker gitlab/gitlab-runner use "/etc/gitlab-runner" and "/home/gitlab-runner" as VOLUME? register gitlab-runner to gitlab from docker Gitlab CE in Docker and gitlab-runner How to fix 'Job failed: invalid volume specification' for gitlab-runner exec docker on osx Gitlab-runner pass custom options to docker Gitlab-Runner issue commands to docker containers Docker volume cleanup of gitlab-runner
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM