helper command breaks build container with entrypoint script containing exec $(@}
Summary
The gitlab helper is trying to execute a multiline string inside our build container which causes the entrypoint script with exec ${@}
to fail.
We tracked the issue to this bash statement that seems to be run before any of our job commands get executed. The command injected by the gitlab-runner will cause the re-expansion of ${@}
to exec
command inside entrypoint script to fail.
Steps to reproduce
- create an entrypoint script like so:
cat > entrypoint.sh <<EOF
#! /bin/bash -e
set -o pipefail
echo "Launch \${@}"
exec \${@}
EOF
- create a build image with that entrypoint
docker build --tag runner-issue:latest . -f-<<EOF
FROM alpine:3.7
ADD entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod 0755 /usr/local/bin/entrypoint.sh ; apk add bash
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD []
EOF
- create a variable that holds a statement similar to the gitlab-runner bash statement
cat > bashdetectshell <<EOF
sh -c if [ -x /usr/bin/bash ]; then
echo ya
else
echo no
fi
EOF
- run a statement that resembles the gitlab-runner-helper command
docker run --rm runner-issue:latest "$(cat <<EOF
sh -c if [ -x /usr/local/bin/bash ]; then
echo ya
else
echo no
fi
EOF)"
[: line 1: syntax error: unexpected end of file (expecting "then")
the error message is slightly different when this through the gitlab-runner but the concept remains the same.
I would have thought that any variation of this one would work, but naah:
docker run --rm runner-issue:latest 'sh -c if [ -x /usr/local/bin/bash ]; then echo ya; else echo no; fi'
Actual behavior
This is the actual error we get when running a build image with entrypoint script like above on gitlab-runner. The job terminates with following error message BEFORE any of our scripts are run:
[: -c: line 1: syntax error: unexpected end of file
section_end:1554859836:build_script
[0Ksection_start:1554859836:after_script
[0K Launch sh -c if [ -x /usr/local/bin/bash ]; then
exec /usr/local/bin/bash
elif [ -x /usr/bin/bash ]; then
exec /usr/bin/bash
elif [ -x /bin/bash ]; then
exec /bin/bash
elif [ -x /usr/local/bin/sh ]; then
exec /usr/local/bin/sh
elif [ -x /usr/bin/sh ]; then
exec /usr/bin/sh
elif [ -x /bin/sh ]; then
exec /bin/sh
elif [ -x /busybox/sh ]; then
exec /busybox/sh
else
echo shell not found
exit 1
fi
Expected behavior
job is executed on the docker image with entrypoint containing exec command
Environment description
hosted gitlab 11.7
Used GitLab Runner version
gitlab-ci 11.7 also verified problem on 11.9.1