[英]Gitlab CI/CD fails while "Cleaning up project directory and file based variables" with "ERROR: Job failed: exit code 1"
[英]How to solve the "remote: You are not allowed to upload code." error on GitLab CI/CD job?
我目前正在嘗試使用 GitLab 運行 CI/CD 作業,該作業運行 Python 文件,該文件對特定存儲庫進行更改,然后提交並將這些更改推送到 master。 我在存儲庫中也有 Master 的角色。 似乎所有git
函數都運行良好,除了git push
,這會導致fatal: You are not currently on a branch.
並使用git push origin HEAD:master --force
,這會導致fatal: unable to access 'https://gitlab-ci-token:xxx@xxx/project.git/': The requested URL returned error: 403
。 我一直在網上尋找解決方案,一個是this one ,另一個是取消保護它,但還沒有找到我想要的東西。 這也是 GitLab 存儲庫中的一個子項目。
現在,這幾乎就是我的.gitlab-ci.yml
樣子。
before_script:
- apt-get update -y
- apt-get install git -y
- apt-get install python -y
- apt-get python-pip -y
main:
script:
- git config --global user.email "xxx@xxx"
- git config --global user.name "xxx xxx"
- git config --global push.default simple
- python main.py
我的main.py
文件本質上具有在內部目錄中創建新文件的功能,前提是該文件尚不存在。 它的外觀類似於以下內容:
import os
import json
def createFile(strings):
print ">>> Pushing to repo...";
if not os.path.exists('files'):
os.system('mkdir files');
for s in strings:
title = ("files/"+str(s['title'])+".json").encode('utf-8').strip();
with open(title, 'w') as filedata:
json.dump(s, filedata, indent=4);
os.system('git add files/');
os.system('git commit -m "Added a directory with a JSON file in it..."');
os.system('git push origin HEAD:master --force');
createFile([{"title":"A"}, {"title":"B"}]);
我不完全確定為什么會一直發生這種情況,但我什至嘗試修改存儲庫設置以更改protected
的拉取和推送訪問,但是當我點擊保存時,它實際上並沒有保存。 盡管如此,這是我的整體輸出。 我真的很感激任何可以提供的指導。
Running with gitlab-runner 10.4.0 (00000000)
on cicd-shared-gitlab-runner (00000000)
Using Kubernetes namespace: cicd-shared-gitlab-runner
Using Kubernetes executor with image ubuntu:16.04 ...
Waiting for pod cicd-shared-gitlab-runner/runner-00000000-project-00000-concurrent-000000 to be running, status is Pending
Waiting for pod cicd-shared-gitlab-runner/runner-00000000-project-00000-concurrent-000000 to be running, status is Pending
Running on runner-00000000-project-00000-concurrent-000000 via cicd-shared-gitlab-runner-0000000000-00000...
Cloning repository...
Cloning into 'project'...
Checking out 00000000 as master...
Skipping Git submodules setup
$ apt-get update -y >& /dev/null
$ apt-get install git -y >& /dev/null
$ apt-get install python -y >& /dev/null
$ apt-get install python-pip -y >& /dev/null
$ git config --global user.email "xxx@xxx" >& /dev/null
$ git config --global user.name "xxx xxx" >& /dev/null
$ git config --global push.default simple >& /dev/null
$ python main.py
[detached HEAD 0000000] Added a directory with a JSON file in it...
2 files changed, 76 insertions(+)
create mode 100644 files/A.json
create mode 100644 files/B.json
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:xxx@xxx/project.git/': The requested URL returned error: 403
HEAD detached from 000000
Changes not staged for commit:
modified: otherfiles/otherstuff.txt
no changes added to commit
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab-ci-token:xxx@xxx/project.git/': The requested URL returned error: 403
>>> Pushing to repo...
Job succeeded
這是來自 Gitlab 的資源,描述了如何在 CI 管道中提交到存儲庫: https ://gitlab.com/guided-explorations/gitlab-ci-yml-tips-tricks-and-hacks/commit-to- repos-during-ci/commit-to-repos-during-ci
嘗試配置您的 gitlab-ci.yml 文件以推送更改,而不是嘗試從 python 文件中執行此操作。
The requested URL returned error: 403
Control Panel => User Accounts => Manage your credentials => Windows Credentials
它對我有用。但是我不太確定它是否適合你。
通過確保添加了 ssh 密鑰,然后使用完整的 git url,我設法通過 ssh 在 runner 上執行此操作:
task_name:
stage: some_stage
script:
- ssh-add -K ~/.ssh/[ssh key]
- git push -o ci-skip git@gitlab.com:[path to repo].git HEAD:[branch name]
如果它是觸發作業的同一個 repo,則 url 也可以寫為:
git@$CI_SERVER_HOST:$CI_PROJECT_PATH.git
此方法可用於提交標簽或文件。 如果不必提交到 repo https://docs.gitlab.com/ee/api/project_level_variables.html https://docs.gitlab.com/ee/api/project_level_variables.html https:/ /docs.gitlab.com/ee/api/group_level_variables.html
下面的 ACCESS_TOKEN 是存儲庫或上行組級別的變量,其中包含可以寫入目標存儲庫的令牌。 由於維護者可以看到這些,因此最佳做法是在特殊 API 用戶上創建令牌,這些用戶只需要執行他們需要做的事情的最低權限。
write_to_another_repo:
before_script:
- git config --global user.name "${GITLAB_USER_NAME}"
- git config --global user.email "${GITLAB_USER_EMAIL}"
script:
- |
echo "This CI job demonstrates writing files and tags back to a different repository than this .gitlab-ci.yml is stored in."
OTHERREPOPATH="guided-explorations/gitlab-ci-yml-tips-tricks-and-hacks/commit-to-repos-during-ci/pushed-to-from-another-repo-ci.git"
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@$CI_SERVER_HOST/$OTHERREPOPATH
cd pushed-to-from-another-repo-ci
CURRENTDATE="$(date)"
echo "$CURRENTDATE added a line" | tee -a timelog.log
git status
git add timelog.log
# "[ci skip]" and "-o ci-skip" prevent a CI trigger loop
git commit -m "[ci skip] updated timelog.log at $CURRENTDATE"
git push -o ci-skip http://root:$ACCESS_TOKEN@$CI_SERVER_HOST/$OTHERREPOPATH HEAD:master
#Tag commit (can be used without commiting files)
git tag "v$(date +%s)"
git tag
git push --tags http://root:$ACCESS_TOKEN@$CI_SERVER_HOST/$OTHERREPOPATH HEAD:master
也許您可能需要在配置文件上生成訪問令牌,編輯配置文件 - 然后訪問“read_repository”或“write_repository”的令牌
個人資料 => 編輯個人資料 => 訪問令牌
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.