gitlab-runner ssh+bash executor generates incorrect bash and fails all builds.
Summary
The gitlab ssh executor is failing all builds, this is caused by the ssh/bash executor generating an incorrect path, triggered by the ssh executor wrapping the bash script in an eval call in single quotes.
Steps to reproduce
Install gitlab runner 10.6.0 or 10.5.0 and try to do an ssh build. All builds but the first will fail.
The error log shows a "double" path which is obviously wrong:
error setting certificate verify locations
...
/home/builder/builds/039e34c0/0/achamb/buppy.io/builds/039e34c0/0/achamb/buppy.io.tmp/CI_SERVER_TLS_CA_FILE
When dumping the bash script sent via ssh:
eval '
...
$\'cd\' "builds/039e34c0/0/achamb/buppy.io"
$\'git\' "config" "fetch.recurseSubmodules" "false"
$\'git\' "config" "http.https://gitlab.com.sslCAInfo" "$PWD/builds/039e34c0/0/achamb/buppy.io.tmp/CI_SERVER_TLS_CA_FILE"
...
'
It is obvious why this fails, the $PWD call is after the directory is changed. Tracing into the code, you can see the PWD line is generated by shells/bash.go - Absolute() .
I think the root cause is the single quotes used by the ssh executor prevent the PWD from being expanded, causing it to be expanded at the wrong time.
Actual behavior
The ssh executor does not work at all.
Expected behavior
Some builds should work.
Relevant logs and/or screenshots
Running with gitlab-runner 10.6.0 (v10.6.0)
on runner 039e34c0
Using SSH executor...
Running on gitlab via gitlab...
Fetching changes...
HEAD is now at a08e907 package
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.com/achamb/buppy.io.git/': error setting certificate verify locations:
CAfile: /home/builder/builds/039e34c0/0/achamb/buppy.io/builds/039e34c0/0/achamb/buppy.io.tmp/CI_SERVER_TLS_CA_FILE
CApath: none
Environment description
Using ssh executor on linux.
Used GitLab Runner version
10.5.0, 10.6.0
From reading the code, it seems to affect newer versions too.