Skip to content

gitlab-runner 14.10.1 fails to clone a repo configured with a `https` repo URL

Summary

gitlab-runner version 14.10.1 fails to clone a repo configured with a https repo URL, stating HTTP Basic: Access denied.

Steps to reproduce

  1. Configure a docker runner with a https URL in /etc/gitlab-runner/config.toml like so: 
    [[runners]]
  name = "docker"
  url = "https://gitlab.example.com/"
  token = "..."
  tls-ca-file = "..."
  executor = "docker"
  # ...
  2. Run a CI job.

Actual behavior

gitlab-runner changes the protocol to non-TLS http, then fails to clone the repo, stating

remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://gitlab.example.com/internal/example-project.git/'

Expected behavior

The runner should use the repo URL as is, including the https protocol, like gitlab-runner 14.10.0 did.

Relevant logs and/or screenshots

job log 
Running with gitlab-runner 14.10.1 (f761588f)
on docker NC39SWBL
Preparing the "docker" executor
00:03
Using Docker executor with image example-ubuntu-ci:focal-testing ...
WARNING: Container based cache volumes creation is disabled. Will not create volume for "/cache"
Using docker image sha256:00ce8e14ac2ec85ac74134a51bc2310d54bd32eac44e50f29b0b78cde365a3d9 for example-ubuntu-ci:focal-testing ...
Preparing environment
00:01
Running on runner-nc39swbl-project-2-concurrent-0 via hotel...
Getting source from Git repository
00:00
Fetching changes...
Initialized empty Git repository in /builds/internal/example-project/.git/
Created fresh repository.
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://gitlab.example.com/internal/example-project.git/'
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

Environment description

config.toml contents 
concurrent = 4
check_interval = 0

[[runners]]
  name = "docker"
  url = "https://gitlab.example.com/"
  token = "..."
  tls-ca-file = "..."
  executor = "docker"
  # pre_clone_script = "set -v"  # uncomment to debug the startup environment before git clone
  pre_build_script = "sudo chown $(id --user --name) $CI_PROJECT_DIR"  # WORKAROUND https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29022
  [runners.docker]
    tls_verify = false
    image = "example-ubuntu-ci:focal"
    pull_policy = "never"
    privileged = false
    cap_add = ["SYS_ADMIN"]
    devices = ["/dev/fuse"]
    security_opt = ["apparmor:unconfined"]
    disable_cache = true
    volumes = [
        "/cache"
    ]
    shm_size = 0
    network_mode = "host"
  [runners.cache]

Used GitLab Runner version

Version:      14.10.1
Git revision: f761588f
Git branch:   14-10-stable
GO version:   go1.17.7
Built:        2022-05-02T16:08:41+0000
OS/Arch:      linux/amd64

Possible fixes

Adding a clone_url makes cloning in the above scenario work again:

clone_url = "https://gitlab.example.com/"