clone_url and tls_ca_file don't work together
Summary
On Windows shell runners (and possibly others), the [[runners] tls-ca-file
in config.toml
sets up git with the following setting:
http.https://<url>.sslcainfo=<runner_path>\builds\<runner_id>\0\<group\subgroup>\<project>.tmp\CI_SERVER_TLS_CA_FILE
however, when [[runners]] clone_url
is also configured in config.toml
git is still set up with <url>
above but should be:
http.https://<clone_url>.sslcainfo=<runner_path>\builds\<runner_id>\0\<group\subgroup>\<project>.tmp\CI_SERVER_TLS_CA_FILE
Steps to reproduce
- Register a Windows shell runner
- Set
[[runners]] tls_ca_file
inconfig.toml
to point to a certificate - Set
[[runners]] clone_url
to an address other than the value listed inurl
inconfig.toml
- Create a
.gitlab-ci.yml
job that runsgit config --list
on this runner
Actual behavior
A setting adding the CA file to the url
endpoint is added for git.
http.https://<url>.sslcainfo=<runner_path>\builds\<runner_id>\0\<group\subgroup>\<project>.tmp\CI_SERVER_TLS_CA_FILE
Expected behavior
A setting adding the CA file is added to the clone_url
endpoint is added for git.
http.https://<clone_url>.sslcainfo=<runner_path>\builds\<runner_id>\0\<group\subgroup>\<project>.tmp\CI_SERVER_TLS_CA_FILE
Environment description
A self-managed GitLab runner on Windows using the shell executor.
Used GitLab Runner version
Version: 16.8.0
Git revision: c72a09b6
Git branch: 16-8-stable
GO version: go1.21.5
Built: 2024-01-18T22:42:28+0000
OS/Arch: windows/amd64