惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
T
Troy Hunt's Blog
The Last Watchdog
The Last Watchdog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Secure Thoughts
Hacker News - Newest:
Hacker News - Newest: "LLM"
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 司徒正美
TaoSecurity Blog
TaoSecurity Blog
博客园 - Franky
有赞技术团队
有赞技术团队
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
NISL@THU
NISL@THU
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
Kaspersky official blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
W
WeLiveSecurity
SecWiki News
SecWiki News
Google DeepMind News
Google DeepMind News
O
OpenAI News
V
V2EX
AI
AI
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
大猫的无限游戏
大猫的无限游戏
美团技术团队
C
Cyber Attacks, Cyber Crime and Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园 - 三生石上(FineUI控件)
G
GRAHAM CLULEY
月光博客
月光博客
T
Threatpost
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
Vulnerabilities – Threatpost
Last Week in AI
Last Week in AI
爱范儿
爱范儿
C
CXSECURITY Database RSS Feed - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Cloudbric
Cloudbric
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
N
News | PayPal Newsroom
Know Your Adversary
Know Your Adversary

博客园 - zakun

Gitlab CI 本地开发部署 Golang grpc 实践 Mongo 聚合演示 真・一键激活 JetBrains 全家桶! Kafka 分区细说 解决国内Homebrew安装 Homebrew How to Install PHP Install Elasticsearch with Docke wsl2 网络相关设置 php docker image nginx 反向代理常用设置说明 Golang常见的并发模式 Gin框架的几种热加载方法 协程 Mysql Full-Text Index 介绍 Gitlab Docker 使用摘要 Docker 简介 linux-查看文件夹大小 Linux 如何删除乱码文件-inode删除 Nginx反爬虫: 禁止某些User Agent抓取网站 PHP添加$_SERVER服务器环境变量
gitlab runner 使用摘要
zakun · 2023-11-24 · via 博客园 - zakun

参考文档
GitLab Runner runs the CI/CD jobs that are defined in GitLab
GitLab Runner is open-source and written in Go. It can run as a single binary and has no language-specific requirements.
After you install GitLab Runner, you must create and register runners with your GitLab instance. This instance can be self-managed, or you can use GitLab.com. You can also follow the tutorial, Create, register, and run your own project runner.

General GitLab Runner Docker image usage

GitLab Runner Docker images (based on Ubuntu or Alpine Linux) are designed as wrappers around the standard gitlab-runner command, like if GitLab Runner was installed directly on the host.

GitLab Runner command that normally would be executed as

gitlab-runner <runner command and options...>

can be executed with

docker run <chosen docker options...> gitlab/gitlab-runner <runner command and options...>

For example

docker run --rm -t -i gitlab/gitlab-runner --help

NAME:
   gitlab-runner - a GitLab Runner

USAGE:
   gitlab-runner [global options] command [command options] [arguments...]

VERSION:
   16.5.0 (853330f9)

(...)

Use local system volume mounts to start the Runner container

#!/bin/bash

export GITLAB_RUNNER_HOM=/srv/gitlab-runner

docker run \
    -d \
    -v $GITLAB_RUNNER_HOME/etc/config:/etc/gitlab-runner \
    -v /var/run/docker.sock:/var/run/docker.sock \
    --privileged \
    --network bridge \
    --add-host gitlab.example.com:172.17.0.2 \
    --name gitlab-runner \
    --link gitlab:gitlab \
gitlab/gitlab-runner:latest  run --user root --working-directory /root

Update configuration

If you change the configuration in config.toml, you might need to restart the runner to apply the change. The config.toml is the configuration file that you use to configure runners, and is created when you register a runner.

You should restart the whole container instead of using gitlab-runner restart

docker restart gitlab-runner 

SELinux

Some distributions (CentOS, Red Hat, Fedora) use SELinux by default to enhance the security of the underlying system

Special care must be taken when dealing with such a configuration.

  1. If you want to use the Docker executor to run builds in containers, you need access to /var/run/docker.sock. However, if SELinux is in enforcing mode, you see a Permission denied error when you’re accessing /var/run/docker.sock. Install selinux-dockersock to resolve this issue.
  2. Make sure that a persistent directory is created on host: mkdir -p /srv/gitlab-runner/config.
  3. Run Docker with :Z on volumes:
docker run -d --name gitlab-runner --restart always \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \
  gitlab/gitlab-runner:latest

Registering runners

参考文档
Introduced in GitLab Runner 15.0, a change to the registration request format prevents the GitLab Runner from communicating with GitLab 14.7 and earlier. You must use a GitLab Runner version that is appropriate for the GitLab version, or upgrade the GitLab application

Runner registration is the process that links the runner with one or more GitLab instances. You must register the runner so that it can pick up jobs from the GitLab instance.

  1. Run the register command

    sudo gitlab-runner register
    
    • Enter your GitLab URL
    • Enter the runner authentication token
    • Enter the runner authentication token
    • Enter the type of executor
  2. You can also use the non-interactive mode to use additional arguments to register the runner

    sudo gitlab-runner register \
    --non-interactive \
    --url "https://gitlab.com/" \
    --token "$RUNNER_TOKEN" \
    --executor "docker" \
    --docker-image alpine:latest \
    --description "docker-runner"
    

生成runner后, 生成的 runner 配置参考

配置文件明细参考

配置文件demo

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "blog-runner"
  url = "http://gitlab.example.com:8980"
  token = "t1ixUk811QUySmuzCeMq"
  clone_url="http://172.17.0.2:8980/"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0
  • pull_policy

    • always: Pull an image even if a local image exists. Default
    • if-not-present: Pull an image only when a local version does not exist
    • if-not-present: Pull an image only when a local version does not exist
  • clone_url

    • Overwrite the URL for the GitLab instance. Used only if the runner can’t connect to the GitLab UR
  • How clone_url works

    When the GitLab instance is available at a URL that the runner can’t use, you can configure a clone_url.

    For example, a firewall might prevent the runner from reaching the URL. If the runner can reach the node on 192.168.1.23, set the clone_url to http://192.168.1.23.

    If the clone_url is set, the runner constructs a clone URL in the form of http://gitlab-ci-token:s3cr3tt0k3n@192.168.1.23/namespace/project.git

资源引用参考