gitlab runner 使用摘要

参考文档
GitLab Runner runs the CI/CD jobs that are defined in GitLab
GitLab Runner is open-source and written in Go. It can run as a single binary and has no language-specific requirements.
After you install GitLab Runner, you must create and register runners with your GitLab instance. This instance can be self-managed, or you can use GitLab.com. You can also follow the tutorial, Create, register, and run your own project runner.

General GitLab Runner Docker image usage

GitLab Runner Docker images (based on Ubuntu or Alpine Linux) are designed as wrappers around the standard gitlab-runner command, like if GitLab Runner was installed directly on the host.

GitLab Runner command that normally would be executed as

gitlab-runner <runner command and options...>

can be executed with

docker run <chosen docker options...> gitlab/gitlab-runner <runner command and options...>

For example

docker run --rm -t -i gitlab/gitlab-runner --help

NAME:
   gitlab-runner - a GitLab Runner

USAGE:
   gitlab-runner [global options] command [command options] [arguments...]

VERSION:
   16.5.0 (853330f9)

(...)

Use local system volume mounts to start the Runner container

#!/bin/bash

export GITLAB_RUNNER_HOM=/srv/gitlab-runner

docker run \
    -d \
    -v $GITLAB_RUNNER_HOME/etc/config:/etc/gitlab-runner \
    -v /var/run/docker.sock:/var/run/docker.sock \
    --privileged \
    --network bridge \
    --add-host gitlab.example.com:172.17.0.2 \
    --name gitlab-runner \
    --link gitlab:gitlab \
gitlab/gitlab-runner:latest  run --user root --working-directory /root

Update configuration

If you change the configuration in config.toml, you might need to restart the runner to apply the change. The config.toml is the configuration file that you use to configure runners, and is created when you register a runner.

You should restart the whole container instead of using gitlab-runner restart

docker restart gitlab-runner 

SELinux

Some distributions (CentOS, Red Hat, Fedora) use SELinux by default to enhance the security of the underlying system

Special care must be taken when dealing with such a configuration.

1. If you want to use the Docker executor to run builds in containers, you need access to /var/run/docker.sock. However, if SELinux is in enforcing mode, you see a Permission denied error when you’re accessing /var/run/docker.sock. Install selinux-dockersock to resolve this issue.
2. Make sure that a persistent directory is created on host: mkdir -p /srv/gitlab-runner/config.
3. Run Docker with :Z on volumes:

docker run -d --name gitlab-runner --restart always \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \
  gitlab/gitlab-runner:latest

Registering runners

参考文档
Introduced in GitLab Runner 15.0, a change to the registration request format prevents the GitLab Runner from communicating with GitLab 14.7 and earlier. You must use a GitLab Runner version that is appropriate for the GitLab version, or upgrade the GitLab application

Runner registration is the process that links the runner with one or more GitLab instances. You must register the runner so that it can pick up jobs from the GitLab instance.

1. Run the register command

   sudo gitlab-runner register
   

   • Enter your GitLab URL
   • Enter the runner authentication token
   • Enter the runner authentication token
   • Enter the type of executor

2. You can also use the non-interactive mode to use additional arguments to register the runner

   sudo gitlab-runner register \
   --non-interactive \
   --url "https://gitlab.com/" \
   --token "$RUNNER_TOKEN" \
   --executor "docker" \
   --docker-image alpine:latest \
   --description "docker-runner"
   

生成runner后, 生成的 runner 配置参考

配置文件明细参考

配置文件demo

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "blog-runner"
  url = "http://gitlab.example.com:8980"
  token = "t1ixUk811QUySmuzCeMq"
  clone_url="http://172.17.0.2:8980/"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    pull_policy = "if-not-present"
    shm_size = 0

• pull_policy

  • always: Pull an image even if a local image exists. Default
  • if-not-present: Pull an image only when a local version does not exist
  • if-not-present: Pull an image only when a local version does not exist

• clone_url

  • Overwrite the URL for the GitLab instance. Used only if the runner can’t connect to the GitLab UR

• How clone_url works

  When the GitLab instance is available at a URL that the runner can’t use, you can configure a clone_url.

  For example, a firewall might prevent the runner from reaching the URL. If the runner can reach the node on 192.168.1.23, set the clone_url to http://192.168.1.23.

  If the clone_url is set, the runner constructs a clone URL in the form of http://gitlab-ci-token:[email protected]/namespace/project.git