Provide JSON job response file for custom executor.
What does this MR do?
Adds default behaviors to the custom executor that conveys the full JSON
JobResponse
via file to the configured executor. The location of this
file is provided by the JOB_RESPONSE_FILE
environment variable.
This file will exist through every stage of the job and will be automatically removed during cleanup through existing mechanisms.
$ cat ${JOB_RESPONSE_FILE} | jq
{
"id": 123456,
"token": "jobT0ken",
...
}
By relying on a file to convey the value it avoids the need to potentially encode (e.g. Base64) and maintain a large environment variable.
Why was this MR needed?
The custom executor is incredibly exciting as we are able to leverage all the core GitLab functionality while still enforcing some unique execution workflows that are required for non-standard test systems.
As outlined in #4677 (closed) many of the existing CUSTOM_ENV_
values can be user influenced which makes preforming potentially privileged actions during a CI pipeline difficult to support. Earlier comments on the issue by the GitLab team and recent updates to the issue title/description appear to indicate that providing the full context of the job response would be an acceptable solution. This information requires advanced knowledge and planning to interact with, the proposed flag ensures it is only created if explicitly requested.
What's the best way to test this MR?
Several unit tests have been included, the structure attempts to align generally with other recent changes to the custom executor that provide context via environment variables.
It is possible to manually test using the custom executor itself to visually inspect the generated files and ensure its creation at every potential stage.
config.toml
[[runners]]
...
[runners.custom]
confg_exec = "/etc/gitlab-runner/job.bash"
prepare_exec = "/etc/gitlab-runner/job.bash"
run_exec = "/etc/gitlab-runner/job.bash"
clenaup_exec = "/etc/gitlab-runner/job.bash"
job.bash
#!/bin/bash
if [ -z "${JOB_RESPONSE_FILE}" ] ; then
echo "No JOB_RESPONSE_FILE defined"
exit 1
fi
if [ "${2}" == "after_script" ] ; then
echo ${JOB_RESPONSE_FILE}
cat ${JOB_RESPONSE_FILE} | jq
fi
exit 0
What are the relevant issue numbers?
Closes #4677 (closed)