meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
git:gitlab:ci:issues [2023/05/29 13:23] niziak |
git:gitlab:ci:issues [2023/11/28 10:18] (current) niziak |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== CI Issues ====== | ====== CI Issues ====== | ||
- | ===== fatal: unsafe repository ===== | + | ===== remote: You are not allowed to download code from this project. ===== |
- | Error: | + | <code> |
+ | Cloning into '/builds/group/project/buildroot/src/maginc-submodule'... | ||
+ | remote: You are not allowed to download code from this project. | ||
+ | fatal: unable to access 'https://gitlab.example.com/groups/project/magic-submodule.git': The requested URL returned error: 403 | ||
+ | fatal: clone of 'https://gitlab-ci-token:[MASKED]@gitlab.example.com/groups/project/magic-submodule.git' into submodule path '/builds/group/project/buildroot/src/maginc-submodule' failed | ||
+ | </code> | ||
- | <code>fatal: detected dubious ownership in repository at</code> | + | Reason: |
+ | [[https://docs.gitlab.com/ee/update/deprecations.html#default-cicd-job-token-ci_job_token-scope-changed|Default CI/CD job token (CI_JOB_TOKEN) scope changed]] | ||
+ | More: | ||
+ | [[https://gitlab.grinndev.ovh/help/ci/jobs/ci_job_token#allow-access-to-your-project-with-a-job-token|Allow access to your project with a job token]] | ||
+ | |||
+ | Solution: | ||
+ | * Go to ''Submodule to be cloned'' in Gitlab UI | ||
+ | * Settings --> CI/CD --> Token Access | ||
+ | |||
+ | ===== fatal: No names found, cannot describe anything ===== | ||
+ | |||
+ | <code>fatal: No names found, cannot describe anything.</code> | ||
+ | |||
+ | When ''git describe --tags'' is used to detect version name but repository doesn't contain tags. | ||
+ | |||
+ | Possible reasons of failure: | ||
+ | * shallow clone, to unshallow run ''sudo git fetch --unshallow'' | ||
+ | * gitlab ??? | ||
+ | |||
+ | |||
+ | ===== cannot run ssh ===== | ||
<code> | <code> | ||
- | fatal: unsafe repository ('/builds/rPrca3qv/0/group/project' is owned by someone else) | + | Synchronizing submodule url for 'xxx' |
- | To add an exception for this directory, call: | + | Cloning into 'xxx'... |
- | git config --global --add safe.directory /builds/rPrca3qv/0/group/project | + | error: cannot run ssh: No such file or directory |
+ | fatal: unable to fork | ||
+ | fatal: clone of 'git@gitlab.xxx:xxx/xxx.git' into submodule path 'xxx' failed | ||
</code> | </code> | ||
- | Workaround: | + | Looks like SSH client is not installed in Job image (install ''openssh-clients''). |
+ | **Reason:** During clone operation Gitlab Runner is using small helper (around 66MB) image where ssh client is not installed: | ||
<code bash> | <code bash> | ||
- | git config --global --add safe.directory ${CI_PROJECT_DIR} | + | docker run --rm -it registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:alpine-latest-x86_64-000bc602 ssh |
</code> | </code> | ||
- | [[https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/3538|Mark project working directory as safe for Git ]] | + | It is possible to chose flavour of helper image: [[https://docs.gitlab.com/runner/configuration/advanced-configuration.html#helper-image|helper-image]] |
+ | |||
+ | Images source: [[https://gitlab.com/gitlab-org/gitlab-runner/-/tree/main/dockerfiles/runner-helper|runner-helper]] | ||
+ | |||
+ | Ubuntu helper flavour contains ssh client: | ||
+ | <code bash> | ||
+ | docker run --rm -it gitlab/gitlab-runner-helper:ubuntu-x86_64-bleeding ssh | ||
+ | docker run --rm -it gitlab/gitlab-runner-helper:ubuntu-x86_64-v15.11.1 ssh | ||
+ | </code> | ||
+ | |||
+ | |||
+ | **Solution**: use Ubuntu based helper image: | ||
+ | <file toml config.toml> | ||
+ | [runners.docker] | ||
+ | helper_image = "gitlab/gitlab-runner-helper:ubuntu-x86_64-v16.0.2" | ||
+ | helper_image_flavor = "ubuntu" | ||
+ | </file> | ||
+ | |||
+ | **Workaround 1:** use relative submodules as described in [[https://docs.gitlab.com/ee/ci/git_submodules.html#using-relative-urls|Using relative URLs]]. Gitlab runner will use https to clone submodules. | ||
+ | |||
+ | **Workaround 2:** [[https://docs.gitlab.com/ee/ci/runners/configure_runners.html#rewrite-submodule-urls-to-https|Rewrite submodule URLs to HTTPS]] | ||
===== CAfile: none ===== | ===== CAfile: none ===== |