[templates] Fix Merge_Release and Translate_Changelog on shell executors#83
Open
[templates] Fix Merge_Release and Translate_Changelog on shell executors#83
Conversation
Both templates failed on GitLab shell-executor runners because: - `apt-get install` requires root, which shell executors do not have. - `git config --global` writes to the runner user's $HOME (e.g. /opt/gitlab-runner/.gitconfig), which is typically read-only. Changes: - Replace unconditional `apt-get install` with a `command -v` presence check; install only when tools are actually missing and only when running as root (docker images). On shell executors the required tools (git, curl, jq, python3) are expected to be preinstalled on the host and the job fails fast with a clear message otherwise. - Drop `git config --global`. Use repo-local `git config` in the clone directory (Merge_Release) or `git -C "$CI_PROJECT_DIR" config` (Translate_Changelog) so nothing is written to $HOME. This keeps the templates working on both docker and shell executors without requiring any runner-side changes beyond having git/curl/jq (and python3 for Translate_Changelog) available on the host. Signed-off-by: v.oleynikov <vasily.oleynikov@flant.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Both
templates/Merge_Release.gitlab-ci.ymlandtemplates/Translate_Changelog.gitlab-ci.ymlfail on GitLab runners that use the shell executor because the templates assume root/docker semantics:apt-get installrequires root, which shell executors do not have (Permission deniedon/var/lib/apt/lists/lock).git config --globalwrites to the runner user's$HOME(e.g./opt/gitlab-runner/.gitconfig), which is typically not writable (could not lock config file /opt/gitlab-runner/.gitconfig: Permission denied).Real log excerpt from a failing
merge_and_releasejob on a shell runner:Note that the
image:directive in the templates is silently ignored by shell executors, so the job runs directly on the host as thegitlab-runneruser.Changes
apt-get installwith acommand -vpresence check. Install only when the tool is actually missing and the job runs as root (typical for docker images). On shell executors the required tools (git,curl,jq,python3) are expected to be preinstalled on the host, and the job now fails fast with a clear message instead of a cryptic apt error.git config --global. Use repo-localgit configinside the clone directory (Merge_Release) orgit -C "$CI_PROJECT_DIR" config(Translate_Changelog) so nothing is written to$HOME.The templates continue to work on both docker and shell executors with no runner-side changes beyond having the standard tooling available on the host.
Backport
Cherry-picked to
v12.0in 1c614a3.Test plan
merge_and_releasejob on a shell-executor runner withgit,curl,jqpreinstalled and confirm it tags and creates a Release without touching$HOMEorapt.translate_and_create_mrjob on a shell-executor runner and confirm the translation MR is created.debian:bookworm-slim,python:3.11-slim) and confirmapt-get installstill works for any missing tool.storage-volume-data-managerMR pipeline that previously failed and confirm the job succeeds.