2. softwares
  3. gitlab-runner

    Gitlab Runner

    Add runner with self-signed certificate host

    SERVER=gitlab.society-lbl.com
PORT=443
CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt

# Create the certificates hierarchy expected by gitlab
sudo mkdir -p $(dirname "$CERTIFICATE")

# Get the certificate in PEM format and store it
openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null

# Register your runner
gitlab-runner register --tls-ca-file="$CERTIFICATE"

    Allow runner to run local docker images

    Add pull_policy = "if-not-present" in runner.docker. Of course, this is only for docker executor.

    /etc/gitlab-runner/config.toml:

    [[runners]]
  url = "https://gitlab.society-lbl.com"
  token = "xxx"
  executor = "docker"
  [runners.docker]
    image = "debian:latest"
    privileged = false
    pull_policy = "if-not-present"

    Workaround for docker require loop device and others

    One solution: https://gitlab.com/gitlab-com/support-forum/issues/3732

    Another solution (security risk if multiple projects on same machine/runner): /etc/gitlab-runner/config.toml:

    [[runners]]
  url = "https://gitlab.society-lbl.com"
  token = "xxx"
  executor = "docker"
  [runners.docker]
    image = "debian:latest"
    privileged = true
    volumes = ["/dev:/dev"]

    Note: Privileged is true

    Using Podman instead of Docker

    Apparently it is a Work in progress, but you can try with https://der-jd.de/blog/2021/04/16/Using-podman-instead-of-docker-for-your-gitlab-runner-as-docker-executor/

    /etc/gitlab-runner/config.toml:

    # NOTE https://docs.gitlab.com/runner/configuration/advanced-configuration.html
[[runners]]
  ...
  [runners.docker]
    ...
    privileged = true # stink
    volumes = ["/cache", "/run/podman/podman.sock:/var/run/podman/podman.sock"]
    host = "unix:///var/run/podman/podman.sock"

    However it did not work for me to clone the project

    Issue with self signed certificate through LFS

    Git LFS relies on Go's crypto/x509 package to find certs, and extends it with support for some of Git's CA config values, specifically http.sslCAInfo/GIT_SSL_CAINFO and http.sslCAPath/GIT_SSL_CAPATH

    source

    posted issue