git can't be configured on the docker runner.
Summary
Builds, using the docker runner, persistently fail, despite everything appearing to be configured correctly.
Steps to reproduce
I have deployed a runner, as a container, into a docker swarm.
docker run --name gitlab-runner -d --restart always \
-v gitlab-home:/home/gitlab-runner \
-v gitlab-etc:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
gitlab/gitlab-runner
I ran a 2nd container attached to the same volume to register it, and also exec'd into the container to populate the volumes:
/etc/gitlab-runner/ssl/certs/gitlab.example.com.crt has my corporate gitlab ssl cert and /etc/gitlab-runner/ssl/certs/ca.crt has my corporate CA cert.
I also, as the gitlab-runner user, executed
git config --global http.sslCAinfo /etc/gitlab-runner/certs/ca.crt
git config --global http.sslVerify false
to check this git config I have used git clone https://gitlab.example.com/my-group/my-project
from inside the runner container, and interactively it works.
.gitlab-ci.yml
build:
stage: build
image: mcr.microsoft.com/dotnet/core/sdk:3.0
script:
- dotnet build WebApi/WebApi.csproj -c release
tags:
- docker
Actual behavior
Instead of checking out the code and doing the build it fails with this error:
Fetching changes...
Reinitialized existing Git repository in /builds/my-group/my-project/.git/
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.example.com/my-group/my-project.git/': SSL certificate problem: unable to get local issuer certificate
Expected behavior
A successful build.
Relevant logs and/or screenshots
Updating CA certificates...,
Runtime platform arch=amd64 os=linux pid=6 revision=a8a019e0 version=12.3.0,
Starting multi-runner from /etc/gitlab-runner/config.toml ... builds=0,
Running in system-mode. ,
,
Configuration loaded builds=0,
Locking configuration file builds=0 file=/etc/gitlab-runner/config.toml pid=6,
listen_address not defined, metrics & debug endpoints disabled builds=0,
[session_server].listen_address not defined, session endpoints disabled builds=0,
Checking for jobs... received job=271523 repo_url=https://digit.mgsops.net/netcore/webapi.git runner=zAmVz6ki,
WARNING: Job failed: exit code 1 duration=12.349053733s job=271523 project=8902 runner=zAmVz6ki,
WARNING: Failed to process runner builds=0 error=exit code 1 executor=docker runner=zAmVz6ki,
Checking for jobs... received job=271540 repo_url=https://digit.mgsops.net/netcore/webapi.git runner=zAmVz6ki,
WARNING: Job failed: exit code 1 duration=11.494863001s job=271540 project=8902 runner=zAmVz6ki,
WARNING: Failed to process runner builds=0 error=exit code 1 executor=docker runner=zAmVz6ki,
job log
Running with gitlab-runner 12.3.0 (a8a019e0)
on docker-swarm-1 zAmVz6ki
Using Docker executor with image mcr.microsoft.com/dotnet/core/sdk:3.0 ...
Pulling docker image mcr.microsoft.com/dotnet/core/sdk:3.0 ...
Using docker image sha256:4422e7fb740c14af167b232a7b485d60a1a696a6507ee75e712817bd27dacdb5 for mcr.microsoft.com/dotnet/core/sdk:3.0 ...
Running on runner-zAmVz6ki-project-8902-concurrent-0 via 4176b9875c8a...
Fetching changes...
Reinitialized existing Git repository in /builds/my-group/my-project/.git/
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.example.com/my-group/my-project.git/': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit code 1
Environment description
The runners are gitlab/gitlab-runner:latest hosted on DockerHub The executor is docker
config.toml contents
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "docker-swarm-1"
url = "https://gitlab.example.com/"
token = "thIs13n0t_aT0k3n"
executor = "docker"
[runners.custom_build_dir]
[runners.docker]
tls_verify = false
image = "alpine:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
Used GitLab Runner version
Running with gitlab-runner 12.3.0 (a8a019e0)
Possible fixes
I don't literally know. This setup confuses me. There are two containers involved: I assumed that git is being executed in the gitlab runner container, with the gitlab-runner user as the current user, and the target container is being used as a volume. But I don't understand why git can't seem to find its config.
I also tried placing /etc/gitconfig via a -v mapping (i.e. where git config --system
would read/write) but this also made no change.