Commit 780e56d5 authored by Kamil Trzciński's avatar Kamil Trzciński

Update docs and CHANGELOG

parent 01715d85
Pipeline #268461 passed with stages
......@@ -3,6 +3,15 @@ v 0.7.0 (unreleased)
- Refactor bash script adding pre-build and post-build steps
- Add support for build artifacts
- Add support for caching build directories
- Add command to generate archive with cached folders or artifacts
- Use separate containers to run pre-build (git clonning), build (user scripts) and post-build (uploading artifacts)
- Expand variables, allowing to use $CI_BUILD_TAG in image names, or in other variables
- Make shell executor to use absolute path for project dir
- Be strict about code formatting
- Move network related code to separate package
- Automatically load TLS certificates stored in /etc/gitlab-runner/certs/<hostname>.crt
- Allow to specify tls-ca-file during registration
- Allow to disable tls verification during registration
v 0.6.1
- Revert: Fix tags handling when using git fetch: fetch all tags and prune the old ones
......
......@@ -10,12 +10,12 @@ The GitLab Runner provides these options:
2. GitLab Runner reads the PEM (**DER format is not supported**) certificate from predefined file:
- `/etc/gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as root.
- `~/.gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as non-root,
- `./certs/hostname.crt` on other systems.
If address of your server is: `https://my.gitlab.server.com:8443/`.
Create the certificate file at: `/etc/gitlab-runner/certs/my.gitlab.server.com`.
- `/etc/gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as root.
- `~/.gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as non-root,
- `./certs/hostname.crt` on other systems.
If address of your server is: `https://my.gitlab.server.com:8443/`.
Create the certificate file at: `/etc/gitlab-runner/certs/my.gitlab.server.com`.
3. GitLab Runner exposes `tls-ca-file` option during registration and in [`config.toml`](advanced-configuration.md)
which allows you to specify custom file with certificates. This file will be read everytime when runner tries to
......@@ -25,9 +25,10 @@ access the GitLab server.
which allows you to skip TLS verification when connecting to server.
**This approach is INSECURE! Use at your own risk!**
Anyone can eavesdrop your connection:
- see the runner token which is used to authenticate against GitLab,
- see tokens which are used to clone GitLab projects,
- see the secure variables that are passed to runner.
- see the runner token which is used to authenticate against GitLab,
- see tokens which are used to clone GitLab projects,
- see the secure variables that are passed to runner.
### Git cloning
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment