1

There a lot of discussion on this topic, I read a lot but I cannot figure out what I'm doing wrong.

Gitlab version 14.5.2

Gitlab runner version: 14.5.1 and running as shell

2FA is enabled and I have created my access token; I'm trying to compile a Golang program that use a library in my gitlab repo. Here my yml file

variables:
  REPOSITORY: $CI_REGISTRY/acme/test/master

before_script:
  - export PATH=$PATH:/usr/local/go/bin
  - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
  - go env -w GOOS=linux
  - go env -w GOARCH=amd64
  - go env -w GOPRIVATE=gitlab.acme.com

build_image:
  script: 
    - ssh-keyscan -t rsa gitlab.acme.com >> ~/.ssh/known_hosts
    - echo -e "machine gitlab.acme.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
    - git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf git://gitlab.acme.com/
    - go mod download
    - go build
    - docker build -f Dockerfile -t $REPOSITORY:latest .
    - docker push $REPOSITORY:latest
    - docker rmi $(docker images $REPOSITORY -a -q)
    - rm $HOME/.netrc

The result is this:

go mod download: gitlab.acme.com/datamanent/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/gitlab-runner/go/pkg/mod/cache/vcs/c9ecbc2c20382f733e0a04c852c63cb9a78c5166f9ae2d25864a2d7728490ddb: exit status 128:
    remote: HTTP Basic: Access denied
    fatal: Authentication failed for 'https://gitlab.acme.com/test/go-commons.git/'
Cleaning up project directory and file based variables

If I don't use an internal lib, compile is fine and push in gitlab registry is ok as well. If I try to clone the repo instead of doing go mod download, doing this:

- git clone [email protected]:test/go-commons.git

Of course it doesn't work I got this message:

cloning into 'go-commons'...
Permission denied, please try again.
Permission denied, please try again.
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cleaning up project directory and file based variables

--------------- UPDATE ---------------

Thanks to @VonC I change the git directive to

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    [email protected]:

unfortunately this was still not enough, and it was really weird, so I add to the pipeline cat $HOME/.gitconfig I wanted to see if it was correctly added the directive. And what I see was that there were a lots of entries, most likely everytime I tried the pipeline, stupid me, I thought the file went away everytime I run the CI (but I'm in shell not in docker), so I delete it and now works.

Improve this question
3
  • Have you considered using SSH Key based auth? or does that not work with gitlab's 2fa? Commented Dec 22, 2021 at 16:34
  • Good catch, well done. Commented Dec 23, 2021 at 10:39
  • I have edited the answer to include your conclusion. Commented Dec 30, 2021 at 15:49

1 Answer 1

Reset to default
1

In your test, you tried to clone using an SSH URL [email protected]:..., which did not work.
Replacing it be an HTTPS with credentials (including a token, to pass 2FA) would make sense.

But in your git config, you replace a Git URL git://gitlab.acme.com/ (not an SSH URL).

Try and display $REPOSITORY first, to double check if it is an SSH or Git URL.
Because if it is an SSH one, you would need an InsteadOf directive like:

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/".insteadOf \
                    [email protected]:

The OP NiBE adds

I added to the pipeline cat $HOME/.gitconfig: I wanted to see if it was correctly added the directive.

And what I see was that there were a lots of entries, most likely every time I tried the pipeline (I thought the file went away everytime I run the CI, but I'm in shell not in docker).

So I delete it and now works.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks @VonC I change the directive as you suggested and try for semplicity to clone the repo. What I got is : fatal: unable to update url base from redirection .... redirect: gitlab.acme.com/users/sign_in which seems to me a auth problem it seems like it does not like the token? or maybe I miss some configuration on gitlab side
I just tried this in the pipeline and it works: git clone gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.acme.com/test/go-commons so it seems I'm doing something wrong in the git redirect directive
@NiBE so you need to adapt your InsteadOf directive to emulate the URL which works

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.