Verified Commit 923a2b91 authored by Tobias Frust's avatar Tobias Frust

Merge upstream/master into master

parents aebf02d0 6da35412
Pipeline #70726523 passed with stages
in 49 minutes and 51 seconds
......@@ -181,8 +181,8 @@ tests definitions:
# in this step, the version difference doesn't matter
image: golang:1.10
script:
- apt update
- apt install make
- apt-get update
- apt-get install -y make
- source ci/touch_make_dependencies
- make parallel_test_prepare
artifacts:
......@@ -281,7 +281,7 @@ unit test with race:
CGO_ENABLED: "1"
TESTFLAGS: "-cover -race"
docs check links:
docs lint:
image: "registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-docs-lint"
stage: test
cache: {}
......@@ -291,6 +291,10 @@ docs check links:
script:
- mv docs/ /tmp/gitlab-docs/content/$DOCS_GITLAB_REPO_SUFFIX
- cd /tmp/gitlab-docs
# Lint Markdown
# https://github.com/markdownlint/markdownlint/blob/master/docs/RULES.md
- bundle exec mdl content/$DOCS_GITLAB_REPO_SUFFIX/**/*.md --rules \
MD001,MD004,MD029,MD032,MD034
# Build HTML from Markdown
- bundle exec nanoc
# Check the internal links
......
v12.0.0-rc1 (2019-06-11)
v12.1.0-rc1 (2019-07-09)
- Fix "WARNING: apt does not have a stable CLI interface. Use with caution in scripts" !1143
- Fix artifact uploading for Windows Docker containers !1414
- Upgrade base image for gitlab/gitlab-runner:ubuntu to ubuntu:18.04 !1413
- Add tip to execute batch from PowerShell !1412
- Replace wget commands with curl commands !1419
- Wrap submodule command with a string !1411
- Add missing test cases for s3 IAM checks !1421
- Add Markdown linting and one rule !1422
- Fix indentation for docs !1417
- Add docs for not supporting LCOW !1415
- Disallow bare URLs from project !1425
- Update zglob !1426
- Add note in docs for mounting volumes to services !1420
- Clarify docs for `builds_dir` & `cache_dir` !1428
- Update docs to fix markdown and square bracket use !1429
- Enforce consistent prefix for numbered lists !1435
- Remove fedora/30 from supported list !1436
- Add STOPSIGNAL to gitlab-runner docker images !1427
- Add trace entry for Docker authConfig resolving !1431
- Enforce consistent prefix for bullet lists !1441
- Fix concurrent updates !1447
- docs: add --config for install command !1433
- Document why we no longer accept new executors !1437
- Document limitation for Windows Docker target drive !1432
- Trivial update to virtualbox.md - 'shutdown' is not the verb, barely the noun. !1445
- Update description of flag in docs !1451
- Docs: Update redirected links in runner docs !1453
- Add lint rule that headings must increment one level at a time !1452
- Add custom executor !1385
v12.0.0 (2019-06-21)
**Release notices:**
......
......@@ -17,10 +17,26 @@ _This notice should stay as the first item in the CONTRIBUTING.md file._
---
## Contribute to GitLab runner
## Contribute to GitLab Runner
The following contents has to be considered as an extension over [gitlab-ce contributing guidelines](https://docs.gitlab.com/ce/development/contributing/index.html).
### Contributing new [executors](https://docs.gitlab.com/runner/#selecting-the-executor)
We are no longer accepting or developing new executors for a few
reasons listed below:
- Some executors require licensed software or hardware that GitLab Inc.
doesn't have.
- Each new executor brings its own set of problems when it comes to
testing it properly.
- Adding new executors can add new dependencies, which adds maintenance costs.
- Having a lot of executors adds to maintenance costs.
With GitLab 12.1, we introduced the [custom
executor](https://gitlab.com/gitlab-org/gitlab-runner/issues/2885),
which will provide a way to create an executor of choice.
## Workflow lables
We have some additional labels plus those defined in [gitlab-ce workflow labels](https://docs.gitlab.com/ce/development/contributing/issue_workflow.html)
......
......@@ -459,15 +459,15 @@
revision = "098fa99650c08b308663e2b2f057eddf4fb83fa2"
[[projects]]
branch = "master"
digest = "1:6f2e6a8a38f1e3b7d579404f0420bdf7a11389f4dc2de93134a142da2bbdca05"
digest = "1:5a93296ca590f834e900ac8a480e3b13800e7e030c24ec9b688b85b58629abb5"
name = "github.com/mattn/go-zglob"
packages = [
".",
"fastwalk",
]
pruneopts = "N"
revision = "4959821b481786922ac53e7ef25c61ae19fb7c36"
revision = "2ea3427bfa539cca900ca2768d8663ecc8a708c1"
version = "v0.0.1"
[[projects]]
digest = "1:c11b25d0b1937a2c7139e1f795dbcec1b77e7c9a0fb5aa3d065368a5a807c9c6"
......
......@@ -140,7 +140,7 @@ ignored = ["test", "appengine"]
[[constraint]]
name = "github.com/mattn/go-zglob"
branch = "master"
version = "0.0.1"
[[constraint]]
name = "github.com/docker/go-units"
......
......@@ -160,6 +160,7 @@ mocks: $(MOCKERY)
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./helpers/docker -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./helpers/certificate -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./executors/docker -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./executors/custom -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./cache -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./common -all -inpkg
GOPATH=$(ORIGINAL_GOPATH) mockery $(MOCKERY_FLAGS) -dir=./log -all -inpkg
......
......@@ -12,6 +12,79 @@ import (
"gitlab.com/gitlab-org/gitlab-runner/common"
)
type minioClientInitializationTest struct {
errorOnInitialization bool
configurationFactory func() *common.CacheConfig
expectedToUseIAM bool
expectedInsecure bool
}
func TestMinioClientInitialization(t *testing.T) {
tests := map[string]minioClientInitializationTest{
"error-on-initialization": {
errorOnInitialization: true,
configurationFactory: defaultCacheFactory,
},
"all-credentials-empty": {
configurationFactory: emptyCredentialsCacheFactory,
expectedToUseIAM: true,
},
"serverAddress-empty": {
configurationFactory: emptyServerAddressFactory,
expectedToUseIAM: true,
},
"accessKey-empty": {
configurationFactory: emptyAccessKeyFactory,
expectedToUseIAM: true,
},
"secretKey-empty": {
configurationFactory: emptySecretKeyFactory,
expectedToUseIAM: true,
},
"only-ServerAddress-defined": {
configurationFactory: onlyServerAddressFactory,
expectedToUseIAM: true,
},
"only-AccessKey-defined": {
configurationFactory: onlyAccessKeyFactory,
expectedToUseIAM: true,
},
"only-SecretKey-defined": {
configurationFactory: onlySecretKeyFactory,
expectedToUseIAM: true,
},
"should-use-explicit-credentials": {
configurationFactory: defaultCacheFactory,
},
"should-use-explicit-credentials-with-insecure": {
configurationFactory: insecureCacheFactory,
expectedInsecure: true,
},
}
for testName, test := range tests {
t.Run(testName, func(t *testing.T) {
cleanupMinioMock := runOnFakeMinio(t, test)
defer cleanupMinioMock()
cleanupMinioCredentialsMock := runOnFakeMinioWithCredentials(t, test)
defer cleanupMinioCredentialsMock()
cacheConfig := test.configurationFactory()
client, err := newMinioClient(cacheConfig.S3)
if test.errorOnInitialization {
assert.Error(t, err, "test error")
return
}
require.NoError(t, err)
assert.NotNil(t, client)
})
}
}
func insecureCacheFactory() *common.CacheConfig {
cacheConfig := defaultCacheFactory()
cacheConfig.S3.Insecure = true
......@@ -28,12 +101,49 @@ func emptyCredentialsCacheFactory() *common.CacheConfig {
return cacheConfig
}
type minioClientInitializationTest struct {
errorOnInitialization bool
configurationFactory func() *common.CacheConfig
func emptyServerAddressFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.AccessKey = "TOKEN"
cacheConfig.S3.SecretKey = "TOKEN"
expectedToUseIAM bool
expectedInsecure bool
return cacheConfig
}
func emptyAccessKeyFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.ServerAddress = "s3.amazonaws.com"
cacheConfig.S3.SecretKey = "TOKEN"
return cacheConfig
}
func emptySecretKeyFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.ServerAddress = "s3.amazonaws.com"
cacheConfig.S3.AccessKey = "TOKEN"
return cacheConfig
}
func onlyServerAddressFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.ServerAddress = "s3.amazonaws.com"
return cacheConfig
}
func onlyAccessKeyFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.AccessKey = "TOKEN"
return cacheConfig
}
func onlySecretKeyFactory() *common.CacheConfig {
cacheConfig := emptyCredentialsCacheFactory()
cacheConfig.S3.SecretKey = "TOKEN"
return cacheConfig
}
func runOnFakeMinio(t *testing.T, test minioClientInitializationTest) func() {
......@@ -89,44 +199,3 @@ func runOnFakeMinioWithCredentials(t *testing.T, test minioClientInitializationT
newMinioWithCredentials = oldNewMinioWithCredentials
}
}
func TestMinioClientInitialization(t *testing.T) {
tests := map[string]minioClientInitializationTest{
"error-on-initialization": {
errorOnInitialization: true,
configurationFactory: defaultCacheFactory,
},
"should-use-IAM": {
configurationFactory: emptyCredentialsCacheFactory,
expectedToUseIAM: true,
},
"should-use-explicit-credentials": {
configurationFactory: defaultCacheFactory,
},
"should-use-explicit-credentials-with-insecure": {
configurationFactory: insecureCacheFactory,
expectedInsecure: true,
},
}
for testName, test := range tests {
t.Run(testName, func(t *testing.T) {
cleanupMinioMock := runOnFakeMinio(t, test)
defer cleanupMinioMock()
cleanupMinioCredentialsMock := runOnFakeMinioWithCredentials(t, test)
defer cleanupMinioCredentialsMock()
cacheConfig := test.configurationFactory()
client, err := newMinioClient(cacheConfig.S3)
if test.errorOnInitialization {
assert.Error(t, err, "test error")
return
}
require.NoError(t, err)
assert.NotNil(t, client)
})
}
}
......@@ -8,10 +8,11 @@ import (
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
"gitlab.com/ayufan/golang-cli-helpers"
"gitlab.com/gitlab-org/gitlab-runner/common"
"gitlab.com/gitlab-org/gitlab-runner/helpers/gitlab_ci_yaml_parser"
// Force to load all executors, executes init() on them
_ "gitlab.com/gitlab-org/gitlab-runner/executors/custom"
_ "gitlab.com/gitlab-org/gitlab-runner/executors/docker"
_ "gitlab.com/gitlab-org/gitlab-runner/executors/parallels"
_ "gitlab.com/gitlab-org/gitlab-runner/executors/shell"
......
......@@ -176,7 +176,13 @@ func (b *Build) getCustomBuildDir(rootDir, overrideKey string, customBuildDirEna
}
func (b *Build) StartBuild(rootDir, cacheDir string, customBuildDirEnabled, sharedDir bool) error {
var err error
if rootDir == "" {
return MakeBuildError("the builds_dir is not configured")
}
if cacheDir == "" {
return MakeBuildError("the cache_dir is not configured")
}
// We set RootDir and invalidate variables
// to be able to use CI_BUILDS_DIR
......@@ -184,6 +190,7 @@ func (b *Build) StartBuild(rootDir, cacheDir string, customBuildDirEnabled, shar
b.CacheDir = path.Join(cacheDir, b.ProjectUniqueDir(false))
b.refreshAllVariables()
var err error
b.BuildDir, err = b.getCustomBuildDir(b.RootDir, "GIT_CLONE_PATH", customBuildDirEnabled, sharedDir)
if err != nil {
return err
......
......@@ -2,6 +2,7 @@ package common
import (
"fmt"
"io"
"github.com/sirupsen/logrus"
......@@ -42,6 +43,10 @@ func (e *BuildLogger) sendLog(logger func(args ...interface{}), logPrefix string
logger(args...)
}
func (e *BuildLogger) WriterLevel(level logrus.Level) *io.PipeWriter {
return e.entry.WriterLevel(level)
}
func (e *BuildLogger) Debugln(args ...interface{}) {
if e.entry == nil {
return
......
......@@ -119,6 +119,22 @@ type VirtualBoxConfig struct {
DisableSnapshots bool `toml:"disable_snapshots,omitzero" json:"disable_snapshots" long:"disable-snapshots" env:"VIRTUALBOX_DISABLE_SNAPSHOTS" description:"Disable snapshoting to speedup VM creation"`
}
type CustomConfig struct {
PrepareExec string `toml:"prepare_exec,omitempty" json:"prepare_exec" long:"prepare-exec" env:"CUSTOM_PREPARE_EXEC" description:"Executable that prepares executor"`
PrepareArgs []string `toml:"prepare_args,omitempty" json:"prepare_args" long:"prepare-args" description:"Arguments for the prepare executable"`
PrepareExecTimeout *int `toml:"prepare_exec_timeout,omitempty" json:"prepare_exec_timeout" long:"prepare-exec-timeout" env:"CUSTOM_PREPARE_EXEC_TIMEOUT" description:"Timeout for the prepare executable (in seconds)"`
RunExec string `toml:"run_exec" json:"run_exec" long:"run-exec" env:"CUSTOM_RUN_EXEC" description:"Executable that runs the job script in executor"`
RunArgs []string `toml:"run_args,omitempty" json:"run_args" long:"run-args" description:"Arguments for the run executable"`
CleanupExec string `toml:"cleanup_exec,omitempty" json:"cleanup_exec" long:"cleanup-exec" env:"CUSTOM_CLEANUP_EXEC" description:"Executable that cleanups after executor run"`
CleanupArgs []string `toml:"cleanup_args,omitempty" json:"cleanup_args" long:"cleanup-args" description:"Arguments for the cleanup executable"`
CleanupExecTimeout *int `toml:"cleanup_exec_timeout,omitempty" json:"cleanup_exec_timeout" long:"cleanup-exec-timeout" env:"CUSTOM_CLEANUP_EXEC_TIMEOUT" description:"Timeout for the cleanup executable (in seconds)"`
GracefulKillTimeout *int `toml:"graceful_kill_timeout,omitempty" json:"graceful_kill_timeout" long:"graceful-kill-timeout" env:"CUSTOM_GRACEFUL_KILL_TIMEOUT" description:"Graceful timeout for scripts execution after SIGTERM is sent to the process (in seconds). This limits the time given for scripts to perform the cleanup before exiting"`
ForceKillTimeout *int `toml:"force_kill_timeout,omitempty" json:"force_kill_timeout" long:"force-kill-timeout" env:"CUSTOM_FORCE_KILL_TIMEOUT" description:"Force timeout for scripts execution (in seconds). Counted from the force kill call; if process will be not terminated, Runner will abandon process termination and log an error"`
}
type KubernetesPullPolicy string
// Get returns one of the predefined values in kubernetes notation or returns an error if the value can't match the predefined
......@@ -285,6 +301,7 @@ type RunnerSettings struct {
Cache *CacheConfig `toml:"cache,omitempty" json:"cache" group:"cache configuration" namespace:"cache"`
Machine *DockerMachine `toml:"machine,omitempty" json:"machine" group:"docker machine provider" namespace:"machine"`
Kubernetes *KubernetesConfig `toml:"kubernetes,omitempty" json:"kubernetes" group:"kubernetes executor" namespace:"kubernetes"`
Custom *CustomConfig `toml:"custom,omitempty" json:"custom" group:"custom executor" namespace:"custom"`
}
type RunnerConfig struct {
......
package common
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestCacheS3Config_ShouldUseIAMCredentials(t *testing.T) {
tests := map[string]struct {
s3 CacheS3Config
shouldUseIAMCredential bool
}{
"Everything is empty": {
s3: CacheS3Config{
ServerAddress: "",
AccessKey: "",
SecretKey: "",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"Both AccessKey & SecretKey are empty": {
s3: CacheS3Config{
ServerAddress: "s3.amazonaws.com",
AccessKey: "",
SecretKey: "",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"SecretKey is empty": {
s3: CacheS3Config{
ServerAddress: "s3.amazonaws.com",
AccessKey: "TOKEN",
SecretKey: "",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"AccessKey is empty": {
s3: CacheS3Config{
ServerAddress: "s3.amazonaws.com",
AccessKey: "",
SecretKey: "TOKEN",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"ServerAddress is empty": {
s3: CacheS3Config{
ServerAddress: "",
AccessKey: "TOKEN",
SecretKey: "TOKEN",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"ServerAddress & AccessKey are empty": {
s3: CacheS3Config{
ServerAddress: "",
AccessKey: "",
SecretKey: "TOKEN",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"ServerAddress & SecretKey are empty": {
s3: CacheS3Config{
ServerAddress: "",
AccessKey: "TOKEN",
SecretKey: "",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: true,
},
"Nothing is empty": {
s3: CacheS3Config{
ServerAddress: "s3.amazonaws.com",
AccessKey: "TOKEN",
SecretKey: "TOKEN",
BucketName: "name",
BucketLocation: "us-east-1a",
},
shouldUseIAMCredential: false,
},
}
for name, tt := range tests {
t.Run(name, func(t *testing.T) {
assert.Equal(t, tt.shouldUseIAMCredential, tt.s3.ShouldUseIAMCredentials())
})
}
}
......@@ -148,13 +148,21 @@ func GetRemoteLongRunningBuild() (JobResponse, error) {
func GetMultilineBashBuild() (JobResponse, error) {
return GetRemoteBuildResponse(`if true; then
bash \
--login \
-c 'echo Hello World'
echo 'Hello World'
fi
`)
}
func GetMultilineBashBuildPowerShell() (JobResponse, error) {
return GetRemoteBuildResponse("if (0 -eq 0) {\n\recho \"Hello World\"\n\r}")
}
func GetMultilineBashBuildCmd() (JobResponse, error) {
return GetRemoteBuildResponse(`IF 0==0 (
echo Hello World
)`)
}
func GetRemoteBrokenTLSBuild() (JobResponse, error) {
invalidCert, err := buildSnakeOilCert()
if err != nil {
......
......@@ -39,6 +39,7 @@ RUN chmod +x /usr/bin/gitlab-runner && \
COPY entrypoint /
RUN chmod +x /entrypoint
STOPSIGNAL SIGQUIT
VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]
FROM ubuntu:16.04
FROM ubuntu:18.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && \
apt-get upgrade -y && \
apt-get install -y ca-certificates wget apt-transport-https vim nano tzdata git curl && \
......@@ -37,6 +38,7 @@ RUN dpkg -i /tmp/gitlab-runner_amd64.deb; \
COPY entrypoint /
RUN chmod +x /entrypoint
STOPSIGNAL SIGQUIT
VOLUME ["/etc/gitlab-runner", "/home/gitlab-runner"]
ENTRYPOINT ["/usr/bin/dumb-init", "/entrypoint"]
CMD ["run", "--user=gitlab-runner", "--working-directory=/home/gitlab-runner"]
......@@ -347,6 +347,7 @@ allows you to drop privileges of builds run with the **shell** executor.
| Parameter | Default | Description |
|-----------------------|-----------------------|-------------|
| `--service` | `gitlab-runner` | Specify service name to use |
| `--config` | See the [configuration file](#configuration-file) | Specify a custom configuration file to use |
| `--syslog` | `true` | Specify if the service should integrate with system logging service |
| `--working-directory` | the current directory | Specify the root directory where all data will be stored when builds will be run with the **shell** executor |
| `--user` | `root` | Specify the user which will be used to execute builds |
......@@ -564,7 +565,7 @@ administrator privileges:
- On Unix (Linux, OSX, FreeBSD) systems, prefix `gitlab-runner` with `sudo`
- On Windows systems use the elevated command prompt.
Run an `Administrator` command prompt ([How to][prompt]).
Run an `Administrator` command prompt.
The simplest way is to write `Command Prompt` in the Windows search field,
right click and select `Run as administrator`. You will be asked to confirm
that you want to execute the elevated command prompt.
......
......@@ -112,8 +112,8 @@ This defines one runner entry.
| `limit` | Limit how many jobs can be handled concurrently by this token. `0` (default) simply means don't limit |
| `executor` | Select how a project should be built, see next section |
| `shell` | Name of shell to generate the script. Default value is [platform dependent](../shells/index.md#overview). |
| `builds_dir` | Directory where builds will be stored in context of selected executor (Locally, Docker, SSH) |
| `cache_dir` | Directory where build caches will be stored in context of selected executor (locally, Docker, SSH). If the `docker` executor is used, this directory needs to be included in its `volumes` parameter. |
| `builds_dir` | Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH) |
| `cache_dir` | Absolute path to a directory where build caches will be stored in context of selected executor (locally, Docker, SSH). If the `docker` executor is used, this directory needs to be included in its `volumes` parameter. |
| `environment` | Append or overwrite environment variables |
| `request_concurrency` | Limit number of concurrent requests for new jobs from GitLab (default 1) |
| `output_limit` | Set maximum build log size in kilobytes, by default set to 4096 (4MB) |
......@@ -218,7 +218,7 @@ This defines the Docker Container parameters.
| `allowed_services` | Specify wildcard list of services that can be specified in .gitlab-ci.yml. If not present all images are allowed (equivalent to `["*/*:*"]`) |
| `pull_policy` | Specify the image pull policy: `never`, `if-not-present` or `always` (default); read more in the [pull policies documentation](../executors/docker.md#how-pull-policies-work) |
| `sysctls` | specify the sysctl options |
| `helper_image` | [ADVANCED] Override the default helper image used to clone repos and upload artifacts. Read the [helper image](#helper-image) section for more details |
| `helper_image` | (Advanced) [Override the default helper image](../configuration/advanced-configuration.md#helper-image) used to clone repos and upload artifacts. |
Example:
......@@ -284,9 +284,9 @@ This will create a new volume inside the container at `/path/to/volume/in/contai
#### Example 2: mount a host directory as a data volume
In addition to creating a volume using you can also mount a directory from your
Docker daemon's host into a container. It's useful when you want to store
builds outside the container.
In addition to creating a volume using a data volume, you can also mount
a directory from your Docker daemon's host into a container. It's useful
when you want to store directories outside the container.
```bash
[runners.docker]
......@@ -302,6 +302,12 @@ builds outside the container.
This will use `/path/to/bind/from/host` of the CI host inside the container at
`/path/to/bind/in/container`.
NOTE: **Note:**
GitLab Runner 11.11 and newer [will mount the host
directory](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/1261)
for the defined [services](https://docs.gitlab.com/ee/ci/services/) as
well.
### Using a private container registry
> **Notes:**
......
......@@ -161,14 +161,14 @@ at the beginning of the example.
So, to sum up:
1. We start the Runner
2. Runner creates 2 idle machines
3. Runner picks one job
4. Runner creates one more machine to fulfill the strong requirement of always
1. Runner creates 2 idle machines
1. Runner picks one job
1. Runner creates one more machine to fulfill the strong requirement of always
having the two idle machines
5. Job finishes, we have 3 idle machines
6. When one of the three idle machines goes over `IdleTime` from the time when
1. Job finishes, we have 3 idle machines
1. When one of the three idle machines goes over `IdleTime` from the time when
last time it picked the job it will be removed
7. The Runner will always have at least 2 idle machines waiting for fast
1. The Runner will always have at least 2 idle machines waiting for fast
picking of the jobs
Below you can see a comparison chart of jobs statuses and machines statuses
......
......@@ -160,7 +160,7 @@ The ports can be required because otherwise `docker push` will be blocked
as it originates from the IP mapped to docker. However, in that case, it is meant to go through the proxy.
When testing the communication between `dockerd` from dind and a `docker` client locally
(as described here: https://hub.docker.com/_/docker/),
(as described here: <https://hub.docker.com/_/docker/>),
`dockerd` from dind is initially started as a client on the host system by root,
and the proxy variables are taken from `/root/.docker/config.json`.
......@@ -184,7 +184,8 @@ These are available as environment variables as is (in contrast to `.docker/conf
in the dind containers running `dockerd` as a service and `docker` client executing `.gitlab-ci.yml`.
In `.gitlab-ci.yml`, the environment variables will be picked up by any program honouring the proxy settings from default environment variables. For example,
`wget`, `apt`, `apk`, `docker info` and `docker pull` (but not by `docker run` or `docker build` as per:
https://github.com/moby/moby/issues/24697#issuecomment-366680499).
<https://github.com/moby/moby/issues/24697#issuecomment-366680499>).
`docker run` or `docker build` executed inside the container of the docker executor
will look for the proxy settings in `$HOME/.docker/config.json`,
which is now inside the executor container (and initially empty).
......
......@@ -383,9 +383,9 @@ be sure to check on the current pricing based on the region you picked.
To learn more about Amazon EC2 Spot instances, visit the following links:
- https://aws.amazon.com/ec2/spot/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html
- https://aws.amazon.com/blogs/aws/focusing-on-spot-instances-lets-talk-about-best-practices/
- <https://aws.amazon.com/ec2/spot/>
- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html>
- <https://aws.amazon.com/blogs/aws/focusing-on-spot-instances-lets-talk-about-best-practices/>
### Caveats of Spot instances
......
......@@ -11,7 +11,7 @@ GitLab Runner provides these options:
1. **Default**: GitLab Runner reads system certificate store and verifies the GitLab server against the CA's stored in system.
2. GitLab Runner reads the PEM (**DER format is not supported**) certificate from predefined file:
1. GitLab Runner reads the PEM (**DER format is not supported**) certificate from predefined file:
- `/etc/gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as root.
- `~/.gitlab-runner/certs/hostname.crt` on *nix systems when gitlab-runner is executed as non-root,
......@@ -21,10 +21,10 @@ GitLab Runner provides these options:
Create the certificate file at: `/etc/gitlab-runner/certs/my.gitlab.server.com.crt`.
> **Note:** You may need to concatenate the intermediate and server certificate
for the chain to be properly identified.
3. GitLab Runner exposes `tls-ca-file` option during registration and in [`config.toml`](advanced-configuration.md)
under the `[[runners]]` section which allows you to specify a custom file with certificates. This file will be read every time when runner tries to
access the GitLab server.
> for the chain to be properly identified.
1. GitLab Runner exposes `tls-ca-file` option during registration and in [`config.toml`](advanced-configuration.md)
under the `[[runners]]` section which allows you to specify a custom file with certificates. This file will be read every time when runner tries to
access the GitLab server.
## Git cloning
......
......@@ -3,6 +3,7 @@
## 1. Install dependencies and Go runtime
### For Debian/Ubuntu
```bash
apt-get install -y mercurial git-core wget make
wget https://storage.googleapis.com/golang/go1.8.7.linux-amd64.tar.gz
......@@ -10,23 +11,27 @@ sudo tar -C /usr/local -xzf go*-*.tar.gz
```
### For OSX using binary package
```bash