当前位置: 文江博客话题详情

GitLab Runner无法在PowerShell executor中检索依赖关系回购

发布于 2025-01-23 07:28:58 字数 1227 浏览 0 评论 0原文

CI Runner上下文

  • GitLab版本:13.12.2(专用服务器)
  • Gitlab Runner版本:14.9.1
  • 执行程序:S​​hell Executor(PowerShell)
  • 系统:Windows 10 Python中的Windows 10
  • (可能是无关

Project

剥削 我正在为一个项目设置一个自动集成系统,该项目具有与集成项目相同的服务器上托管的几个内部依赖关系。如果我在YML文件中使用诗歌更新运行CI,则作业控制台将在我的内部依赖关系上调用git克隆时,带有错误代码128 的退出。

为了隔离问题,我尝试在同一存储库上简单地调用git克隆。响应是跑步者无法将自己验证到GitLab服务器。

我尝试

通过GitLab文档阅读的内容,我发现跑步者需要授权来拉任何私人依赖。为此,GitLab创建了 decloy键

因此,我遵循指令为依赖关系创建部署密钥,并将其添加到子项目的部署密钥列表中。然后,我遇到了完全相同的权限问题。

我想念什么?

(对于寻找Winodws PowerShell此情况的任何人,跑步者使用的用户是 nt Authority/System ,这是我唯一的系统用户,我没有找到作为人类访问的方法。要使CI跑步者执行SSH密钥创建步骤。)

示例 .gitlab-ci.yml 文件:

#Commands in PowerShell

but_first:
  #The initial stage, always happens first
  stage: .pre
  script:
    # Start ssh agent for deploy keys
    - Start-Service ssh-agent
    # Check if ssh-agent is running
    - Get-Service ssh-agent
    - git clone ssh://git@PRIVATE_REPO/software/dependency-project.git
原文

CI Runner Context

  • Gitlab version : 13.12.2 (private server)
  • Gitlab Runner version : 14.9.1
  • Executor : shell executor (PowerShell)
  • Exploitation system : Windows 10
  • Project in Python (may be unrelated)
  • (using Poetry for dependency management)

The Problem

I am setting up an automated integration system for a project that has several internal dependencies that are hosted on the same server as the project being integrated. If I run the CI with a poetry update in the yml file, the Job console sends an exit with error code 128 upon calling a git clone on my internal dependency.

To isolate the problem, I tried simply calling a git clone on that same repo. The response is that the runner cannot authenticate itself to the Gitlab server.

What I Have Tried

Reading through the Gitlab docs, I found that the runners need authorization to pull any private dependencies. For that, Gitlab has created deploy keys.

So I followed the instructions to create the deploy key for the dependency and added it to the sub-project's deploy key list. I then ran into the exact same permissions problem.

What am I missing?

(For anyone looking for this case for a Winodws PowerShell, the user that the runner uses is nt authority/system, a system only user that I have not found a way to access as a human. I had to make the CI runner do the ssh key creation steps.)

Example .gitlab-ci.yml file:

#Commands in PowerShell

but_first:
  #The initial stage, always happens first
  stage: .pre
  script:
    # Start ssh agent for deploy keys
    - Start-Service ssh-agent
    # Check if ssh-agent is running
    - Get-Service ssh-agent
    - git clone ssh://git@PRIVATE_REPO/software/dependency-project.git

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

硬不硬你别怂 2025-01-30 07:28:58

我解决了通过完全绕过 的源代码的ssh拉动以及从诗歌转换为孵化的问题以进行依赖管理的问题(我将解释为什么进一步向下解释, )。

将依赖的依赖项托管了

为此,我 ,我将依赖项项目的源代码编译到了一个可以发行的软件包中(在这种情况下,这是Python Wheel)。
然后使用Gitlab的软件包和注册表来托管我的包裹。我没有在每个源代码项目中包含软件包,而是将所有依赖项的软件包推到了为此目的创建的项目。

我的.gitlab-ci.yaml文件在发布到该项目时看起来像这样:

deploy:
# Could be used to build the code into an installer
  stage: Deploy
  script:
    - echo "deploying"
    - hatch version micro
    # only wheel is built (without target, both wheel and sdist are built)
    - hatch build -t wheel
    - echo "Build done ..."
    - hatch publish --repo http://<private gitlab repo>/api/v4/projects/<project number>/packages/pypi --user gitlab-ci-token --auth $CI_JOB_TOKEN
    - echo "Publishing done!"

拉动那些托管的依赖关系(&amp;为什么我放弃诗歌)

我的第一个问题是让PIP找到带有所有包装的额外PYPI存储库。但是PIP已经有一个解决方案!

在它的pip.ini文件中(要查找它在哪里,您可以执行 pip config -v list ),需要添加2个条目:

[global]
extra-index-url = http://__token__:<your api token>@<private gitlab repo>/api/v4/projects/<project number>/packages/pypi/simple

[install]
trusted-host = <private gitlab repo>

这使其与添加 - - - -Extra-index-url - 呼叫PIP安装时,可信赖的宿主标签。

由于我使用了依赖性经理,因此我不是直接使用PIP,而是使用PIP的经理包装纸。这是我决定改变依赖经理的主要原因:诗歌没有阅读或识别pip.ini。因此,在任何这些文件中进行的任何更改都将被忽略。

借助PIP.INI文件的配置,我在私有软件包存储库中的任何依赖项也将被搜索项目的安装。因此,行:

- git clone ssh://git@PRIVATE_REPO/software/dependency-project.git

更改为简单的行:

- pip install dependency-project

或pyproject.toml中的一条线:

依赖项= [

“ dependenty-project”,

“ second_project”,

]

I solved my problem of pulling internal dependencies via completely bypassing the ssh pull of the source code and by switching from poetry to hatch for dependency management (I'll explain why further down).

Hosting the compiled dependencies

For this, I compiled my dependency project's source code into a distribution-ready package (in this context it was a python wheel).
Then used Gitlab's Packages and Registries offering to host my package. Instead of having packages in each source code project, I pushed the packages of all my dependencies to a project I created for this single purpose.

My .gitlab-ci.yaml file looks like this when publishing to that project:

deploy:
# Could be used to build the code into an installer
  stage: Deploy
  script:
    - echo "deploying"
    - hatch version micro
    # only wheel is built (without target, both wheel and sdist are built)
    - hatch build -t wheel
    - echo "Build done ..."
    - hatch publish --repo http://<private gitlab repo>/api/v4/projects/<project number>/packages/pypi --user gitlab-ci-token --auth $CI_JOB_TOKEN
    - echo "Publishing done!"

Pulling those hosted dependencies (& why I ditched poetry)

My first problem was having pip find the extra pypi repository with all my packages. But pip already has a solution for that!

In it's pip.ini file(to find where it is, you can do pip config -v list), 2 entries need to be added:

[global]
extra-index-url = http://__token__:<your api token>@<private gitlab repo>/api/v4/projects/<project number>/packages/pypi/simple

[install]
trusted-host = <private gitlab repo>

This makes it functionally the same as adding the --extra-index-url and --trusted-host tags while calling pip install.

Since I was using a dependency manager, I was not directly using pip, but the manager's wrapper for pip. And here comes the main reason why I decided to change dependency managers: poetry does not read or recognize pip.ini. So any changes done in any of those files will be ignored.

With the configuration of the pip.ini file, any dependencies I have in the private package repo will also be searched for the installation of projects. So the line:

- git clone ssh://git@PRIVATE_REPO/software/dependency-project.git

changes to a simple line:

- pip install dependency-project

Or a line in pyproject.toml:

dependencies = [

"dependency-project",

"second_project",

]

回复 原文
~没有更多了~

关于作者

夢归不見

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

明月

文章 0 评论 0

守不住的情

文章 0 评论 0

悲念泪

文章 0 评论 0

墨洒年华

文章 0 评论 0

花桑

文章 0 评论 0

浅听莫相离

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文