Allow Executors to clone via SSH
What does this MR do?
This MR adds the SSH protocol to the clone_url setting of the Runner. At the moment HTTP/HTTPS is supported only. The SSH private key can be made available to the Runner in the pre_clone_script.
Why was this MR needed?
There are several issues including stackoverflow.com complaining about problems cloning via HTTP/HTTPS (we have the same problems with Gitlab EE (3rd party hosting) at Hapag-Lloyd). If it is not possible to clone via SSH on the Runner, you have to come up with a workaround. But there is at least one shortcoming: Setting GIT_STRATEGY="none" disables the pre_clone_script and post_clone_script. Thus you have to use the before_script in the pipeline or the pre_build_script of the Runner to clone the repository via SSH. Unfortunately the pipeline artifacts have been downloaded at this point so cleaning the local repository is almost impossible.
Discussion at https://forum.gitlab.com/t/make-ci-runner-clone-using-ssh-not-https/5291
What's the best way to test this MR?
- set the
clone_urltossh://git@my.gitlab.domainin theconfig.toml - Make a SSH key available in the
pre_clone_scriptusingssh-agent. Otherwise no SSH key is present andgitis not able to clone anything.# ATTENTION!!! This is insecure. Used to validate the functionality of this MR only! echo $SSH_KEY | ssh-add - mkdir -p ~/.ssh echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts chmod 0644 ~/.ssh/known_hosts - trigger a pipeline in a repository with a simple job script:
ls -la - the output shows the repository content --> it works