In my CI pipeline I am generating an artifact public/graph.png
that visualises some aspect of my code. In a later step I want to commit that to the repo from within the CI pipeline. Here's the pertinent part of .gitlab-ci.yml
:
commit-graph: stage: pages script: - git config user.email "[email protected]" - git config user.name "CI Pipeline" - cd /group/project - mv public/graph.png . - git add graph.png - git commit -m "committing graph.png [ci skip]" - echo $CI_COMMIT_REF_NAME - git push origin HEAD:$CI_COMMIT_REF_NAME
When the pipeline runs within gitlab it fails with:
$ git config user.email "[email protected]"
$ git config user.name "CI Pipeline"
$ cd /group/project
$ mv public/graph.png .
$ git add graph.png
$ git commit -m "committing graph.png [ci skip]"
[detached HEAD 22a50d1] committing graph.png [ci skip]
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 graph.png
$ echo $CI_COMMIT_REF_NAME
jamiet/my-branch
$ git push origin HEAD:$CI_COMMIT_REF_NAME
fatal: unable to access 'https://gitlab-ci-token:[email protected]/group/project/project.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Not sure what I'm doing wrong and don't know enough about SSL to understand that error. Can anyone advise?
We are hosting gitlab ourselves by the way.
If you'd like a commit or series of commits that you're pushing to not trigger a build, just write [ci skip] or [skip ci] somewhere in your commit's message. When squashing commits before merging in another branch, all commit messages will be merged as well.
gitlab-ci. yml file is a YAML file where you configure specific instructions for GitLab CI/CD. In this file, you define: The structure and order of jobs that the runner should execute.
GitLab CI/CD fits in a common development workflow. You can start by discussing a code implementation in an issue and working locally on your proposed changes. Then you can push your commits to a feature branch in a remote repository that's hosted in GitLab. The push triggers the CI/CD pipeline for your project.
I found this GitLab forum link helpful As suggested by the user you need to generate SSH key, associate it with new GitLab user dedicated for this job and add key to the runner. Small drawback is you need to use swap origin in gitlab for original ssh source (instead of sandboxed one used inside the job) which leads to committer being changed to mentioned new account instead of person who triggered pipeline. Source from link:
# for your information whoami printenv # we need to extract the ssh/git URL as the runner uses a tokenized URL export CI_PUSH_REPO=`echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\:\d+)?)/#git@\1:#'` # runner runs on a detached HEAD, create a temporary local branch for editing git checkout -b ci_processing git config --global user.name "My Runner" git config --global user.email "[email protected]" git remote set-url --push origin "${CI_PUSH_REPO}" # make your changes touch test.txt # push changes # always return true so that the build does not fail if there are no changes git push origin ci_processing:${CI_COMMIT_REF_NAME} || true
Just with current version of GitLab you need to change source variable name as follows:
export CI_PUSH_REPO=`echo $CI_REPOSITORY_URL | perl -pe 's#.*@(.+?(\:\d+)?)/#git@\1:#'`
Some finger push-ups still required, but here's a less brittle way of pushing to the repository from its own CI, that I use in my daily work. It pushes to master directly from a detached head:
SSH_PUSH_KEY
. Make sure to set it as protected.CI_KNOWN_HOSTS
variable, with the SSH fingerprint of your GitLab instance (remember that thing ssh
asks you about the first time you try to connect to a host? That.).Use ssh-keyscan <gitlab-host>
to get it. It will look similar to this:
my.gitlab.instance.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArlUMUmNj59PpoLyy4EsKbwhPUfXxuAzFN7dMKDXVvKMmN8344HqQV1tRx6fcmH+0BXK1JAP4f10V0VnYti3e1c5f9dhpl8pIqKLMJgdGDq3MLqjihL3bp5xm8nDsPTm5FoEPPYK1I3M2wr18pBB19evz64NHrK5R/HO5LyTrybVasFumt8cZoH6crnCFgfQWV1mHAG3j41Q0z4yxu6g8zBWESZcVVn90HxQH7+LDHx11122233344491MQGl5fZcKqVWsWQVEssaK87iBsWUxvsuoeVUrj4YRcmbi6F4+ZZZZZZZwwww3ZboWsSWxTk5ESR6WWHccBm8GQflXyY3ZQ==
.gitlab-ci.yml
as follows. Set stage
and resource_group
options appropriately - without the latter you might run into race conditions. Also, make sure to set only
properly, as otherwise your CI might trigger itself:"This CI job pushes to its own repo": stage: my_push_stage resource_group: this_option_comes_handy_when_pushing only: - triggers before_script: - mkdir ~/.ssh/ - echo "${CI_KNOWN_HOSTS}" > ~/.ssh/known_hosts - echo "${SSH_PUSH_KEY}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - git config user.email "[email protected]" - git config user.name "CI" - git remote remove ssh_origin || true # Local repo state may be cached - git remote add ssh_origin "git@$CI_SERVER_HOST:$CI_PROJECT_PATH.git" script: - touch "xyz" # Make an edit - git add "xyz" - git commit -m "My CI commit" - git push ssh_origin HEAD:master # ❗ this pushes to master, # use $CI_BUILD_REF_NAME if you want to push to current branch - git tag MyCiTag # If you need to add a tag you can do that too - git push --tags ssh_origin
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With