Differences

This shows you the differences between two versions of the page.

--- git:gitlab:ci:issues [2023/05/29 13:23]
niziak
+++ git:gitlab:ci:issues [2023/11/28 10:18] (current)
niziak
@@ Line 1: / Line 1: @@
 ====== CI Issues ======
-===== fatal: unsafe repository =====
+===== remote: You are not allowed to download code from this project. =====
-Error:
+<code>
+Cloning into '/builds/group/project/buildroot/src/maginc-submodule'...
+remote: You are not allowed to download code from this project.
+fatal: unable to access 'https://gitlab.example.com/groups/project/magic-submodule.git': The requested URL returned error: 403
+fatal: clone of 'https://gitlab-ci-token:[MASKED]@gitlab.example.com/groups/project/magic-submodule.git' into submodule path '/builds/group/project/buildroot/src/maginc-submodule' failed
+</code>
-<code>fatal: detected dubious ownership in repository at</code>
+Reason:
+[[https://docs.gitlab.com/ee/update/deprecations.html#default-cicd-job-token-ci_job_token-scope-changed|Default CI/CD job token (CI_JOB_TOKEN) scope changed]]
+More:
+[[https://gitlab.grinndev.ovh/help/ci/jobs/ci_job_token#allow-access-to-your-project-with-a-job-token|Allow access to your project with a job token]]
+Solution:
+  * Go to ''Submodule to be cloned'' in Gitlab UI
+  * Settings --> CI/CD --> Token Access
+===== fatal: No names found, cannot describe anything =====
+<code>fatal: No names found, cannot describe anything.</code>
+When ''git describe --tags'' is used to detect version name but repository doesn't contain tags.
+Possible reasons of failure:
+  * shallow clone, to unshallow run ''sudo git fetch --unshallow''
+  * gitlab ???
+===== cannot run ssh =====
 <code>
-fatal: unsafe repository ('/builds/rPrca3qv/0/group/project' is owned by someone else)
+Synchronizing submodule url for 'xxx'
-To add an exception for this directory, call:
+Cloning into 'xxx'...
-	git config --global --add safe.directory /builds/rPrca3qv/0/group/project
+error: cannot run ssh: No such file or directory
+fatal: unable to fork
+fatal: clone of 'git@gitlab.xxx:xxx/xxx.git' into submodule path 'xxx' failed
 </code>
-Workaround:
+Looks like SSH client is not installed in Job image (install ''openssh-clients'').
+**Reason:** During clone operation Gitlab Runner is using small helper (around 66MB) image where ssh client is not installed:
 <code bash>
-git config --global --add safe.directory ${CI_PROJECT_DIR}
+docker run --rm -it registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:alpine-latest-x86_64-000bc602 ssh
 </code>
-[[https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3538|Mark project working directory as safe for Git ]]
+It is possible to chose flavour of helper image: [[https://docs.gitlab.com/runner/configuration/advanced-configuration.html#helper-image|helper-image]]
+Images source: [[https://gitlab.com/gitlab-org/gitlab-runner/-/tree/main/dockerfiles/runner-helper|runner-helper]]
+Ubuntu helper flavour contains ssh client:
+<code bash>
+docker run --rm -it gitlab/gitlab-runner-helper:ubuntu-x86_64-bleeding ssh
+docker run --rm -it gitlab/gitlab-runner-helper:ubuntu-x86_64-v15.11.1 ssh
+</code>
+**Solution**: use Ubuntu based helper image:
+<file toml config.toml>
+  [runners.docker]
+    helper_image = "gitlab/gitlab-runner-helper:ubuntu-x86_64-v16.0.2"
+    helper_image_flavor = "ubuntu"
+</file>
+**Workaround 1:** use relative submodules as described in [[https://docs.gitlab.com/ee/ci/git_submodules.html#using-relative-urls|Using relative URLs]]. Gitlab runner will use https to clone submodules.
+**Workaround 2:** [[https://docs.gitlab.com/ee/ci/runners/configure_runners.html#rewrite-submodule-urls-to-https|Rewrite submodule URLs to HTTPS]]
 ===== CAfile: none =====

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences