Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Running gitlab-ci pipeline jobs as non-root user

I have a mvn project which must be build as an non-root user but by default gitlab-ci allows runners to run as root user. I'm using gitlab.com runners by setting up gitlab-ci.yml file. I tried creating a user and switching to it like this:

$ useradd ***
$ su -***
$ whoami
root

It still says I'm root. How can I solve this?

like image 435
graylog dev Avatar asked Feb 02 '18 05:02

graylog dev


People also ask

Does GitLab runner run as root?

Summary. GitLab runner's pwsh shell runs as the root user on linux systems, not gitlab-runner user like the rest of the shell executors.

How do I trigger GitLab pipeline from another pipeline?

Go to Settings → CI/CD → Pipeline triggers → Add Trigger . It will create a trigger with a TOKEN string, which then can be copied into the curl command of gitlab-ci. yml of project A.


1 Answers

You can easily achieve this with sudo, e.g., excerpt from my .gitlab-ci.yml:

script:
    - useradd -d /builds/{GITLAB_USER} -g users -M -N builder
    - chown -R builder:users ..
    - |     
      sudo -H -i -u builder sh -e -x << EOS                                                                                                                                                                                                                       
      umask 0077                                                                                                                                                                                                                                               
      export CONTINUOUS_INTEGRATION_SYSTEM="gitlab" TIMESTAMP=`date +%Y%m%d%H%M%S` DEFAULT_TARGET="debug"                                                                                                                                                      
      export PREFIX="\${HOME}/usr" SYSCONFDIR="\${HOME}/etc/conf" LOCALSTATEDIR="\${HOME}/var"                                                                                                                                                                 
      cd my-project                                                                                                                                                                                                                                                  
      make install                                                                                                                                                                                                                                             
      make -C _deploy/debian clean package bundle BUILD_ID="-0{other}\${TIMESTAMP}"                                                                                                                                                                        
      EOS

Where {GITLAB_USER} is your actual gitlab user. Remember to escape $ in your script

like image 165
AmokHuginnsson Avatar answered Sep 28 '22 20:09

AmokHuginnsson