I newly installed a gitlab runner in docker like this:
...
# docker-compose.yaml
gitlab-runner:
image: 'gitlab/gitlab-runner:latest'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config-runner:/etc/gitlab-runner
restart: always
...
After that I successfully registered with something like this:
docker-compose exec -T gitlab-runner-prod gitlab-runner register
I created a simle gitlab-ci.yaml with simple build command like this:
variables:
MAVEN_CLI_OPTS: "-DskipTests=true -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Djacoco.skip=true -Dformatter.skip=true -Dsonar.host.url=https://sonar.xxxx.yyyy/ -s ./.m2/settings.xml"
DOCKER_TLS_CERTDIR: "/certs"
stages:
- build
image: maven:3.8-jdk-11
build:
stage: build
script:
- mvn $MAVEN_CLI_OPTS clean deploy
When the build starts I get this error:
Running with gitlab-runner 14.7.0 (98daeee0)
on kube.yyy.yy-docker TXU2VJaW
Preparing the "docker" executor
00:03
Using Docker executor with image maven:3.8-jdk-11 ...
Pulling docker image maven:3.8-jdk-11 ...
Using docker image sha256:7ba3f54f023fe41416785b7ff546abd975a8f7004f9e55d5be1b5ed7d3319792 for maven:3.8-jdk-11 with digest maven@sha256:be9931cf4b26f5c284e60a55652b8349b0322bfc9c9e2e3da88567310ce6e298 ...
Preparing environment
00:00
Running on runner-txu2vjaw-project-60-concurrent-0 via d355996b2401...
Getting source from Git repository
00:01
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/xxxx/yyyy/.git/
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://git.xxx.yyy/xxxx/yyyy.git/': The requested URL returned error: 403
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
I see the problem. The url is not contains the gitlab-ci-token and password. But I don't know why, and how can I set up.
The question is: How can I set up my dockerized gitlab-runner to use the token variables when try clone the project?
UPDATE: @sytech asked my config.toml file:
#config.toml
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "kube.yyy.yy-docker"
url = "https://git.xxx.yyy/"
token = "TXU2VJaWDPycc4cDKHAc"
tls-ca-file = "/etc/gitlab-runner/2014.pem"
executor = "docker"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
[runners.docker]
tls_verify = false
image = "maven:3.8-jdk-11"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
I solved my problem.
I was not member of the project (I haven't any roles), because I have full admin rights. As admin I can commit to any project.
BUT:
https://docs.gitlab.com/ee/ci/jobs/ci_job_token.html
The token has the same permissions to access the API as the user that caused the job to run. A user can cause a job to run by pushing a commit, triggering a manual job, being the owner of a scheduled pipeline, and so on. Therefore, this user must be assigned to a role that has the required privileges.
The cicd tokens not generated, because I not member of the project.
Because I not member of project, the tokens was not generated, and the project clone failed with 403.
After I added myself to the project as developer, and the problem solved automatically.