I'm trying to run njsscan to SAST my code on gitlab-ci. But the results of the job always fail even though there are no errors as shown in the image below.
If I run the manual on my server the command runs without any problems in the image below.
Is this a bug of gitlab-ci ? or is there a solution I can do? thank you
I have the same issue using gitlab-runner 15.3.0 with docker executor (docker version is 20.10.17):
Job is failing with RC=1 while running the before_script part
Restarting the Job (without any changes to code or pipeline-definitions) just succeed in the most cases.
We are using a dozen of runners, but even if a job is restarted on the same runner, it succeeds although it just failed there before.
Related
The documentation from what I have found is a bit sparse on the setup of job runner nodes. I am wondering if anyone has set up a config - Rundeck Linux Cluster with a Windows Job Runner. I was able to install the .jar and all that on the Windows node and it appears and is able to communicate via Runner Management.
Where I am stuck and it gets ambiguous his how to properly specify to use the job runner. This is my current setup:
job runner installed and is green in Runner Management and assigned to my project
IN Project config I have Runner selected as the Default Node Executioner
Default File Copier is also set to runner-file-copier
Under Project nodes
I setup a Node Wizard - here is the edited yaml:
mydomain:
nodename: nodename
hostname: jobrunnerhost.domain
osFamily: windows
node-executor: runner-node-exec
file-copier: runner-file-copier
Under the jobs I have it set to the appropriate node.
I am getting this error when I try and run anything either a simple DIR command or executing a basic powershell:
Execution failed: 28 in project Server.Validation.mynode: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [mynode: COPY_ERROR: Reason: FILE_COPIER_NOT_FOUNDUnable to find file copier: runner-file-copier]}, Node failures: {mynode=[COPY_ERROR: Reason: FILE_COPIER_NOT_FOUNDUnable to find file copier: runner-file-copier]}, status: failed]
I have tried setting up multiple ways. I feel as though I am missing a config or another step somewhere. Any help is appreciated.
Have an API in production since May, working on server with Gitlab-CI/CD. Everything worked fine till last update (2021:08:10), when the pipelines started to fail.
I could see different errors, like :
/bin/sh: eval: line 183: docker-compose: not found
or
/bin/sh: eval: line 183: sudo: not found
or other problems like file or directory not found and etc. So fixing one issue was leading to another issue.
I don't show here the .gitlab-ci.yml file, because I assume the problem is in another place. After spending hours, found out that the pipeline is running with Docker executor.
Running with gitlab-runner 14.1.0-rc1 (e9489c8a)
on docker-auto-scale 0277ea0f
Preparing the "docker+machine" executor
Using Docker executor with image docker:latest ...
Very interesting... Because when registering the runner I've chosen the executor shell. And the last successful pipeline 2 months ago was running exactly with executor shell.
I tried to re-register the runner, reset the registration token and register the new one, each time choosing as executor shell, but when checking it appears that the pipelines are running with Docker executor.
Does anyone have idea how it is possible and how to fix this issue?
Actually here is the solution.
Settings were changed somehow in gitlab profile, shared runners became enabled and that caused an impact on my runner and executor.
I install a Specific Runners,and the status is actived.
my .gitlab-ci.ymi file code:
stages:
- build
build_maven:
stage: build
only:
- master
script:
- echo "hello CI/CD"
tags:
- vue-dev-pub
when I push the master branch,the gitlab-runner is running,but it's pending infinitely。
the job page show:
This job has not started yet
This job is in pending state and is waiting to be picked by a runner
if I excute the runner manually,the job can pass.
the command of gitlab-runner verify shows:
Runtime platform arch=amd64 os=linux pid=24616 revision=d0b76032 version=12.0.2
WARNING: Running in user-mode.
WARNING: The user-mode requires you to manually start builds processing:
WARNING: $ gitlab-runner run
WARNING: Use sudo for system-mode:
WARNING: $ sudo gitlab-runner...
Verifying runner... is alive runner=T4iKvsT3
I am waiting for you respond,thanks!
If you run the runner manually in debug mode gitlab-runner --debug run you may see the actual error message, in my case it was:
WARNING: Failed to process runner builds=0 error=failed to update executor: missing Machine options executor=docker+machine runner=pSUsX4yR
That's because on runner creation, I selected option docker+machine rather than docker.
After amending /etc/gitlab-runner/config.toml to docker and running gitlab-runner restart followed by gitlab-runner verify, pipeline started running again.
I had a similar problem with my (shell) runners on linux. It would work fine on runners installed and registered on one of my computers but not another. (Even as tags matched correctly in runner and job)
After
gitlab-runner register I would get:
New runner. Has not connected yet
After
gitlab-runner verify that error would go away. But I would get This job is in pending state and is waiting to be picked by a runner
After
gitlab-runner restart
It would all work.
gitlab-runner status
gitlab-runner: Service is running!
Maybe you have tagged your runner but your job has no tags. Refer :how to run untagged jobs
https://stackoverflow.com/a/53371027/10570524
The tags section in your .gitlab-ci.yml file specifies this job has to be picked by a runner that has the same tags (reference).
tags:
- vue-dev-pub
So unless there is actually a runner available for your project that has the vue-dev-pub tag it will keep waiting for one to become available.
first, remove the old config in sys
rm /etc/systemd/system/gitlab-runner.servicetemd
now, you need install gitlab-runner with gitlab user:
gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
root installations fail
Gitlab-CI seems allow the build to succeed even though the script is returning a non-zero exit. I have the following minimal .gitlab-ci.yml:
# Run linter
lint:
stage: build
script:
- exit 1
Producing the following result:
Running with gitlab-runner 11.1.0 (081978aa)
on gitlab-runner 72348d01
Using Shell executor...
Running on [hostname]
Fetching changes...
HEAD is now at 9f6f309 Still having problems with gitlab-runner
From https://[repo]
9f6f309..96fc77b dev -> origin/dev
Checking out 96fc77bb as dev...
Skipping Git submodules setup
$ exit 1
Job succeeded
Running on GitLab Community Edition 9.5.5 with gitlab-runner version 11.1.0. Closest post doesn't propose a resolution nor does this issue. A related question shows this setup should fail.
What are the conditions of failing a job? Isn't it a non-zero return code?
The cause of the problem was su was wrapped to call ksu as the shared machines are authenticated using Kerberos. In that case the wrapped ksu succeeds even though the script command might fail, indicating the job succeeded. This affected gitlab-runner since the shell executor was running su to run as the indicated user.
Having in gitlab-ci a job like the following one:
static_test_service:
stage: test code
script:
- docker run --rm -v $(pwd):/data -w /data dparra0007/sonar-scanner:20171010-1 sonar-scanner
-Dsonar.projectKey=$CI_PROJECT_NAMESPACE:$CI_PROJECT_NAME
-Dsonar.projectName=$CI_PROJECT_NAME
-Dsonar.branch=$CI_COMMIT_REF_NAME
-Dsonar.projectVersion=$CI_JOB_ID
-Dsonar.sources=./greetingapi/src
-Dsonar.java.binaries=./greetingapi/target
-Dsonar.gitlab.project_id=$CI_PROJECT_ID
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
I would need to fail the gitlab job when the sonarqube analysis fails. But in that case, the error in analysis is reported but not sending a fail status to the job in Gitlab CI and the step always finish with success.
It seems that there is no way to raise any event from "docker run" to be managed by gitlab job.
Any idea on how to force to fail the job if the sonarqube analysis fails?
Thanks,
To break the CI build for a failed Quality Gate, you have write script based on the following steps
1.Search in /report-task.txt the values of the CE Task URL (ceTaskUrl) and CE Task Id (ceTaskId)
2.Call /api/ce/task?id=XXX where XXX is the CE Task Id retrieved from step 1 Ex:- https://yourSonarURL/api/ce/task?id=Your ceTaskId
3.Wait for sometime until the status is SUCCESS, CANCELED or FAILED from Step 2
4.If it is FAILED, break the build (Here failure is unable to generate sonar report)
5.If successful,then Use the analysisId from the JSON returned by /api/ce/task? id=XXX(step2)and Immediately call /api/qualitygates/project_status?analysisId=YYY to check the status of the quality gate.
Ex:- https://yourSonarURL/api/qualitygates/project_status?analysisId=Your analysisId
6.Step 5 gives the status of the critical, major and minor error threshold limit
7.Based on the limit break the build.
I faced this problem with GitLab and Sonar where Sonar was failing the QualityAnalysis but GitLab job was still passing with
INFO: ANALYSIS SUCCESSFUL, you can find the results at:
Now the problem is below missing config in sonar.properties
sonar.qualitygate.wait=true
sonar.qualitygate.timeout=1800
So basically, the SonarScan takes time to do the analysis and by default it won't wait for the analysis to complete and may returns default SUCCESSFUL ANALYSIS result to GitLab
With the mentioned configuration, we are explicitly asking GitLab to wait for the qualitygate to finish and gave some timeout as well (in case analysis takes long time to finish)
Now we see the GitLab job fails with below
ERROR: QUALITY GATE STATUS: FAILED - View details