Gitlab Ci无法从跑步者处推动分支 [英] Gitlab Ci unable to push on a branch from runner
问题描述
我正在尝试使用Gitlab设置CI/CD管道 这是我想做的:
I'm trying to settup a CI/CD pipelines with Gitlab Here is what I would like to do :
注意:这是一个打字稿项目
NOTE: It's a typescript project
- 单元测试&&集成测试
- 促进分支机构开发人员到分支机构的整合
- 通过分支集成构建docker映像
- 部署到集成环境
这是我正在使用的.gitlab-ci.yml(i:
Here is the .gitlab-ci.yml I am using (i:
stages:
- test
- promote
- build
- deploy
cache:
paths:
- node_modules/
test:
image: node
stage: test
before_script:
- yarn
script:
- yarn test
promote:
image: node
stage: promote
only:
- dev
script:
- git push origin HEAD:integration
build
image: node
stage: build
only:
- integration
script:
- echo "build docker image from integration"
deploy:
image: node
stage: deploy
only:
- integration
script:
- echo "deploy integration"
我的问题是git push origin HEAD:integration这行不能从gitlab运行程序完成,这是输出控制台:
My problem is that this line git push origin HEAD:integration can not be done from the gitlab runner, here is the output console :
Running with gitlab-runner 10.1.0 (c1ecf97f)
on RUNNER (ce8757c9)
Using Docker executor with image node ...
Using docker image sha256:fb8322a7cefdf2b3ba1c15218187bb65f9d4d4ab4e27dc3a91bb4eba38964429 for predefined container...
Pulling docker image node ...
Using docker image node ID=sha256:c1d02ac1d9b4de08d3a39fdacde10427d1c4d8505172d31dd2b4ef78048559f8 for build container...
Running on runner-ce8757c9-project-907-concurrent-0 via VERD842...
Fetching changes...
Removing node_modules/
HEAD is now at 63cccc5 update ci - dev
From https://gitlab.mycompany.com/project1/ci-demo
63cccc5..98d347e dev -> origin/dev
Checking out 98d347e5 as dev...
Skipping Git submodules setup
Checking cache for default...
Successfully extracted cache
$ git push origin HEAD:integration
remote: You are not allowed to upload code for this project.
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.mycompany.com/project1/ci-democi-demo.git/': The requested URL returned error: 403
ERROR: Job failed: exit code 1
我已经阅读了文档和一些示例,但是我无法弄清楚如何使它工作?
我应该创建一个用户gitlab-ci-token吗?
我应该在bash脚本中进行分支提升吗?
I have read the docs, and some example, but I cant figure out on how to make this work ?
Should I create a user gitlab-ci-token ?
Should I do branch promotion in a bash script ?
请随时给我有关我尝试做的管道的任何反馈...
Feel free to give me any feedback on the pipeline I try to do...
致谢
推荐答案
要从Gitlab CI运行器中推送到存储库,您需要使用对您要推送到的分支具有推送访问权限的用户.我们使用以下设置来完成此操作(我们让Gitlab CI标签发布并推送它们).
To push to a repo from within a Gitlab CI runner you need to use a user that has push access to the branch you want to push to. We use the following set-up to accomplish this (we let Gitlab CI tag releases and push them).
- 创建一个名为
gitlab-ci的新Gitlab用户
- 创建 SSH密钥对 ,并将公钥添加到 访问您的存储库 (开发人员角色)
- 添加私钥的内容作为 CI/CD机密变量 ,称为**
SSH_PRIVATE_KEY**
- Create a new Gitlab user called
gitlab-ci - Create a SSH key-pair and add the public key to the gitlab-ci user's SSH keys in Gitlab
- Give the gitlab-ci user push access to your repo (developer role)
- Add the content of the private-key as a CI/CD secret variable called **
SSH_PRIVATE_KEY**
这样,私钥将在CI作业中可用,接下来我的CI作业的第一部分是这样的:
This way the private key will be available in CI jobs, next the first part of my CI job looks like this:
script:
# Install ssh-agent through openssh-client if not present
- 'which ssh-agent || ( apt-get update -qy && apt-get install openssh-client -qqy )'
# Add the private key to this user
- eval $(ssh-agent -s) && ssh-add <(echo "$SSH_PRIVATE_KEY") && mkdir -p ~/.ssh
# Docker specific settings
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# Config git to avoid first usage questions. Set the identity
- git config --global user.email "noreply@example.com" && git config --global user.name "Gitlab CI"
#
# Do Git stuff, for example:
#
- git checkout $CI_COMMIT_REF_NAME
- git tag my-release-1.0
- git push -u origin my-release-1.0
重大免责声明:仅在已弃置的Gitlab CI运行程序设置中使用此功能,您正在分发可能会访问您的存储库的专用SSH密钥,因此您必须谨慎使用.
Big fat disclaimer: Only use this in Gitlab CI runner setups that are disposed of, you are distributing private SSH keys with potential access to your repo so you must use this carefully.
这篇关于Gitlab Ci无法从跑步者处推动分支的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
