Make FIPS image work with shell executor by default (!4263) · Merge requests · GitLab.org / gitlab-runner

Stan Hu requested to merge sh-fix-fips-shell-executor into main Aug 01, 2023

Since --user=gitlab-runner was previously specified (https://gitlab.com/gitlab-org/gitlab-runner/-/blob/f29584e83f2b39572d44cc15efbced87a928d1b4/shells/bash.go#L370-371), the shell executor attempted to run su. However, because only root users can run this without a password, builds would fail due to authentication denied errors. Omit this argument and switch the default user to gitlab-runner. Previously the image ran as UID 1001 by default (a non-existent user), but the gitlab-runner user was added as UID 998.

Relates to #36289

Edited Aug 01, 2023 by Stan Hu

Make FIPS image work with shell executor by default

Merge request reports