16.5.0 image pipeline execution permission issues
Summary
new 16.5.0 runner images fail to utilize /builds and /home/gitlab-runner
when executing a pipeline.
Also emailed Gitlab but wanted to create issue here for visibility and tracking.
Steps to reproduce
Deploy v16.5.0
versions of gitlab-runner and gitlab-runner-helper images. Create sample pipeline for Gitlab, run pipeline.
What is the current bug behavior?
Running on runner-ets5f1b-project-1-concurrent-0-71h962d4 via gitlab-runner-5f75d74c57-fvxqj...
Getting source from Git repository 00:01
Fetching changes with git depth set to 20...
warning: unable to access '/home/gitlab-runner/.gitconfig': Permission denied
warning: unable to access '/home/gitlab-runner/.config/git/config': Permission denied
error: could not lock config file /home/gitlab-runner/.gitconfig: Permission denied
ERROR: Job failed: command terminated with exit code 1
Running on runner-ets5f1b-project-1-concurrent-0-71h962d4 via gitlab-runner-5f75d74c57-fvxqj...
Getting source from Git repository 00:01
Fetching changes with git depth set to 20...
warning: unable to access '/home/gitlab-runner/.gitconfig': Permission denied
warning: unable to access '/home/gitlab-runner/.config/git/config': Permission denied
error: could not lock config file /home/gitlab-runner/.gitconfig: Permission denied
ERROR: Job failed: command terminated with exit code 1
What is the expected correct behavior?
(Testing using same gitlab+runner chart as above just with no securityContext
defined for runners and using upstream ubi-fips-v16.5.0
images.)
Getting source from Git repository 00:01
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/root/testing-stuff/.git/
Created fresh repository.
Checking out 4957cf92 as detached HEAD (ref is main)...
Skipping Git submodules setup
Restoring cache 00:02
Checking cache for default-protected...
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted.
Successfully extracted cache
Executing "step_script" stage of the job script 00:00
$ echo "dogfood" >> file.txt
Saving cache for successful job 00:01
Creating cache default-protected...
file.txt: found 1 matching artifact files and directories
No URL provided, cache will not be uploaded to shared cache server. Cache will be stored only locally.
Created cache
Uploading artifacts for successful job 00:02
Uploading artifacts...
file.txt: found 1 matching artifact files and directories
Uploading artifacts as "archive" to coordinator... 201 Created id=6 responseStatus=201 Created token=64_AgU2s
Job succeeded
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)
Possible fixes
I don't believe a chown gitlab-runner
is performed for the necessary directories in addition to the chmods
Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info