Skip to content
Snippets Groups Projects

Honor entrypoint for build and helper images with exec passthrough

Merged bdwyertech requested to merge bdwyertech/gitlab-runner:entrypoint-logic into main
2 unresolved threads

What does this MR do?

Allows GitLab Runner to both honor entry point and also function with exec passthrough (exec "$@")

This also works with FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: true

Why was this MR needed?

Containers with an entrypoint with exec passthrough were not working.

What's the best way to test this MR?

Try to run a container such as Consul image which has exec passthrough https://github.com/hashicorp/docker-consul/blob/5607edeffa1c759ce996b437374be9e6613bdc15/0.X/docker-entrypoint.sh#L114

What are the relevant issue numbers?

#4125 (closed)

#4125 (comment 740372996)

#28484 !3095 (merged)

close #28807 (closed)

Edited by Georgi N. Georgiev

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • bdwyertech added 1 commit

    added 1 commit

    • f3e59982 - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • Romuald Atchadé changed the description

    changed the description

  • bdwyertech added 1 commit

    added 1 commit

    • 16d2422a - Apply 1 suggestion(s) to 1 file(s)

    Compare with previous version

  • Looking at this MR it isn't directly obvious from first glance if this MR is ready for a review. We recently introduced a new review workflow that makes it easy to indicate if you (and other people who collaborated here) are waiting on a review, and in effect, mark this MR as ready for another set of eyes to look at.

    If you think everything is ready for this next step, please run the command @gitlab-bot ready. Until further notice I've set your MR to workflowin dev to make it more clear you (and others) are still working on it.

    Thank you so much for your hard work so far!

  • Georgi N. Georgiev approved this merge request

    approved this merge request

  • Romuald Atchadé started a merge train

    started a merge train

  • Romuald Atchadé removed this merge request from the merge train

    removed this merge request from the merge train

  • Romuald Atchadé started a merge train

    started a merge train

  • Georgi N. Georgiev changed title from Adjust Entrypoint Logic to Honor entrypoint for build and helper images with exec passthrough

    changed title from Adjust Entrypoint Logic to Honor entrypoint for build and helper images with exec passthrough

  • Great work on this @ratchade & @bdwyertech :tada:

  • mentioned in commit 56803900

  • @bdwyertech, how was your code review experience with this merge request? Please tell us how we can continue to iterate and improve:

    1. Leave a :thumbsup: or a :thumbsdown: on this comment to describe your experience.
    2. Create a new comment starting with @gitlab-bot feedback below, and leave any additional feedback you have for us in the comment.

    Have five minutes? Take our survey to give us even more feedback on how GitLab can improve the contributor experience.

    Thanks for your help! :heart:

    • Can someone explain how to get this working on Kubernetes? My main problem is that the official gitlab-runner-helper image has no ENTRYPOINT

      $ docker inspect gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v15.1.1 | grep -i entrypoint
      "Entrypoint": null,
      "Entrypoint": null,

      With a custom helper image this works.

      Dockerfile:

      FROM gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v15.1.1
      
      ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
      CMD ["sh"]

      I found this information about it !2058 (comment 388341301)

      So how can this be fixed? The docker executor injects the ENTRYPOINT but the Kubernetes executor doesn't :disappointed: https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/executors/docker/docker.go#L181

    • Almost 2 years later and the standard helper image still does not have this entrypoint. I've tried both the ubuntu and the alpine flavors, I have the ca.crt mounted under /etc/gitlab-runner/certs/ directory, and there is no sign in the helper image log it ran update-ca-certificates. We'd very much prefer not to user our own helper image, as that creates bootstrap issues (e.g. to build the helper image, we need the helper image to already exist).

      Can we get a response from gitlab?

    • Please register or sign in to reply
  • Please register or sign in to reply
    Loading