Troubleshooting GitLab CI¶

Sample Jobs¶

A job that fails at random¶

There are a bunch of ways to do this. Pop the following into fail.sh or similar:

EXIT_CODE=$( curl --silent "http://www.randomnumberapi.com/api/v1.0/random?min=0&max=1&count=1" | cut -c2)
echo $EXIT_CODE
exit $EXIT_CODE

A job that tells you about your `git` clone/fetch results¶

git info check:
  script:
    - git describe --tags --always --abbrev=0
    - if test -f ".git/shallow" ; then cat .git/shallow ; else echo "nope"; fi
    - git tag --list
    - git remote -v
    - git ls-remote --tags origin
    - echo $GIT_STRATEGY
    - echo $GIT_DEPTH
    - git fetch --tags
    - git describe --tags --always --abbrev=0
    - git tag --list

Sample Projects¶

These are the projects I use frequently for testing miscellaneous GitLab CI things. - GitLab Smoke Tests: this is amazing and tests job artifacts and caching as well as pushing to Container Registry and Package Registry (Maven, NPM, NuGet, Helm). - detecting-secrets: A small project I put together to ensure that Secret Detection works as expected. - https://gitlab.com/gitlab-ci-utils/gitlab-ci-templates - https://docs.gitlab.com/ee/user/application_security/dast_api/#example-dast-api-scanning-configurations - https://gitlab.com/gl-release/blue-green-example

Templates to Include¶

These are a few places with very interesting GitLab CI templates that can be included:

to be continuous
- Try the generator!
r2devops

TerraGoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.
tf-performance-issue-test
terraform-examples and a few more examples
You didn't ask but the top 10 most common mistakes wwith Terraform is worth a quick review.
Try Reverse Terraform.

Generating `.tf`¶

brainboard - drag-and-drop infrastructure builder, save the generated *.tf
cloudcraft
https://www.reddit.com/r/devops/comments/ezbbus/automatically_generate_terraform_code_by_scanning/
tfvar
Terraform Generator by Digger seems cool but wants to sign in with AWS. That's a trend with these tools. We see that Cycloid is free when you connect your cloud account.
https://marketplace.visualstudio.com/items?itemName=mindginative.terraform-snippets

Dynamically Generated Child Pipelines¶

Docs¶

External Examples and Write-Ups¶

node-gitlab-ci -- Dynamically create your .gitlab-ci.yml from TypeScript .ts files!
A new era for GitLab CI: Dynamic Child Pipelines

Troubleshooting¶

Problem: `remote: You are not allowed to download code from this project.`¶

remote: You are not allowed to download code from this project.

https://forum.gitlab.com/t/runner-cant-pull-code-from-server/14678

Solution: Add yourself as a member of the project.

Kerberos¶

GitLab CI/CD doesn’t work with a Kerberos-enabled GitLab instance unless the integration is set to use a dedicated port.

The change required to get GitLab CI working in Kerberized environment is documented and amounts to updates to gitlab.rb and a gitlab-ctl reconfigure. Additionally: Git remote URLs need to be updated to use that port for Kerberos ticket-based auth to work.

Example: https://gitlab.example.com:8443/whatever/cutecats.git