Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to do a git push within a Gitlab-CI without SSH?

Tags:

gitlab

gitlab-ci

gitlab-ci-runner

gitlab-8

We want to know if it's technically possible like in GitHub, to do a git push using https protocol and not ssh and without using directly an username and password in the curl request.

I have seen people that seem to think it is possible, we weren't able to prove it.

Is there any proof or witness out there than can confirm such a feature that allow you to push using a user access token or the gitlab-ci-token within the CI?

like image 478
Dimitri Kopriwa Avatar asked May 27 '18 14:05

Dimitri Kopriwa

People also ask

What is allowed to push in GitLab?

Allowed to push means just that - the user is allowed to git push to the branch. Allowed to merge means that the user is allowed to accept merge requests into that branch.

Does GitLab runner use SSH?

SSH keys when using the Shell executor If you are using the Shell executor and not Docker, it is easier to set up an SSH key. You can generate the SSH key from the machine that GitLab Runner is installed on, and use that key for all projects that are run on this machine.

2 Answers

I am giving my before_script.sh that can be used within any .gitlab-ci.yml

before_script:
  - ./before_script.sh

All you need is to set a protected environment variable called GL_TOKEN or GITLAB_TOKEN within your project.

if [[ -v "GL_TOKEN" || -v "GITLAB_TOKEN" ]]; then
  if [[ "${CI_PROJECT_URL}" =~ (([^/]*/){3}) ]]; then
    mkdir -p $HOME/.config/git
    echo "${BASH_REMATCH[1]/:\/\//://gitlab-ci-token:${GL_TOKEN:-$GITLAB_TOKEN}@}" > $HOME/.config/git/credentials
    git config --global credential.helper store
  fi
fi

It doesn't require to change the default git strategy and it will work fine with non protected branch using the default gitlab-ci-token.

On a protected branch, you can use the git push command as usual.

We stopped using SSH keys, Vít Kotačka answers helped us understand why it was failing before.

like image 174
Dimitri Kopriwa Avatar answered Dec 09 '22 20:12

Dimitri Kopriwa

I was not able to push back via https from a Docker executor when I did changes in the repository which was cloned by gitlab-runner. Therefore, I use following workaround:

  1. Clone a repository to some temporary location via https with a user access token.
  2. Do some Git work (like merging, or tagging).
  3. Push changes back.

I have a job in the .gitlab-ci.yml:

tagMaster:
  stage: finalize
  script: ./tag_master.sh
  only:
  - master
  except:
  - tags

and then I have a shell script tag_master.sh with Git commands:

#!/usr/bin/env bash

OPC_VERSION=`gradle -q opcVersion`
CI_PIPELINE_ID=${CI_PIPELINE_ID:-00000}

mkdir /tmp/git-tag
cd /tmp/git-tag
git clone https://deployer-token:[email protected]/my-user/my-repo.git
cd my-repo
git config user.email [email protected]
git config user.name 'Deployer'
git checkout master
git pull
git tag -a -m "[GitLab Runner] Tag ${OPC_VERSION}-${CI_PIPELINE_ID}" ${OPC_VERSION}-${CI_PIPELINE_ID}
git push --tags

This works well.

like image 30
Vít Kotačka Avatar answered Dec 09 '22 20:12

Vít Kotačka
Sign in to Comment

Related questions

How to use `extends` with `gitlab-runner exec`
Gitlab ci issue with passing artifacts to Downstream pipeline with trigger and needs keywords
Gem::InstallError: celluloid requires Ruby version >= 1.9.2
Hyperlinks of README.md not working in Gitlab
`test:first job: script should be a string or an array of a strings`
How to use GitLab and Gitlab-Mattermost on one machine?
GitLab CI Android SDK not found
Gitlab CI: Set dynamic variables
Gitlab: piping commands with grep not working?
GitLab Runner not running privileged
How to deploy web application to AWS instance from GitLab repository
Tomcat deploys older version of webapp
How to pass values to a Gitlab CI Job
How do I set docker-credential-ecr-login in my PATH before anything else in GitLab CI
gitolite disallow access for directory on master branch but not on user branch
How do I start using Gitlab-CI in Gitlab Omnibus edition?
How to publish javadocs in gitlab?
How to give user specific file access in gitlab?
Is it possible to mirror a private repository on gitlab.com using the SSH protocol?
invalid credentials - LDAP access error in git community edition

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!