Skip to content

Provide JSON job response file for custom executor.

Paul Bryant requested to merge paulbry/gitlab-runner:4677-paulbry-custom-job-response into main

What does this MR do?

Adds default behaviors to the custom executor that conveys the full JSON JobResponse via file to the configured executor. The location of this file is provided by the JOB_RESPONSE_FILE environment variable.

This file will exist through every stage of the job and will be automatically removed during cleanup through existing mechanisms.

$ cat ${JOB_RESPONSE_FILE} | jq
{
  "id": 123456,
  "token": "jobT0ken",
  ...
}

By relying on a file to convey the value it avoids the need to potentially encode (e.g. Base64) and maintain a large environment variable.

Why was this MR needed?

The custom executor is incredibly exciting as we are able to leverage all the core GitLab functionality while still enforcing some unique execution workflows that are required for non-standard test systems.

As outlined in #4677 (closed) many of the existing CUSTOM_ENV_ values can be user influenced which makes preforming potentially privileged actions during a CI pipeline difficult to support. Earlier comments on the issue by the GitLab team and recent updates to the issue title/description appear to indicate that providing the full context of the job response would be an acceptable solution. This information requires advanced knowledge and planning to interact with, the proposed flag ensures it is only created if explicitly requested.

What's the best way to test this MR?

Several unit tests have been included, the structure attempts to align generally with other recent changes to the custom executor that provide context via environment variables.

It is possible to manually test using the custom executor itself to visually inspect the generated files and ensure its creation at every potential stage.

config.toml

[[runners]]
  ...
  [runners.custom]
    confg_exec = "/etc/gitlab-runner/job.bash"
    prepare_exec = "/etc/gitlab-runner/job.bash"
    run_exec = "/etc/gitlab-runner/job.bash"
    clenaup_exec = "/etc/gitlab-runner/job.bash"

job.bash

#!/bin/bash

if [ -z "${JOB_RESPONSE_FILE}" ] ; then
  echo "No JOB_RESPONSE_FILE defined"
  exit 1
fi

if [ "${2}" == "after_script" ] ; then
  echo ${JOB_RESPONSE_FILE}
  cat ${JOB_RESPONSE_FILE} | jq
fi

exit 0

What are the relevant issue numbers?

Closes #4677 (closed)

Edited by Paul Bryant

Merge request reports