I’m successfully running multiple gitlab-runners setup on different nixos
hosts pretty much according to the NixOS
Wiki. The ones working are all docker-executors and a trivial CI also appears to work on the one with the shell-executor.
However: the need has arisen to execute more involved tasks like podman run
from a Makefile
running in a CI in the shell-executor. This fails invariably with either:
XDG_RUNTIME_DIR not set
errors from podman
,
or, if I manually set XDG_RUNTIME_DIR
in the runner config with something like
let
pydeps = pkgs.python39Packages.makePythonPath [ "pexpect" ];
userrundir = "${config.users.users.gitlab-runner.home}/.run";
in
{
...
preBuildScript = pkgs.writeScript "setup-shell-env" ''
[[ -d "${userrundir}" ]] || mkdir -p "${userrundir}"
'';
environmentVariables = {
ENV = "/etc/profile";
XDG_RUNTIME_DIR="${userrundir}"; # because without an interactive login session /run/user/107 is not mounted as tmpfs ?!
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/run/current-system/sw/bin";
ANSIBLE_EXECUTABLE="/run/current-system/sw/bin/sh";
PYTHONPATH="${pydeps}";
};
I still get an error, as if podman
doesn’t really honor XDG_RUNTIME_DIR
like it says it does?
time="2022-05-11T16:02:48+02:00" level=warning msg="XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.: read-only file system"
Error: error creating tmpdir: mkdir /run/user/107/libpod: read-only file system
make: *** [Makefile:175: satellite-admin-ui] Error 125
even though from the env in the same instance:
XDG_RUNTIME_DIR=/var/lib/gitlab-runner/.run
(I’m running unstable podman 4.0.3
BTW, since I saw a related issue mentioned somewhere…)
Anyone have an Idea?
And while we’re at it, the way the runner env is defined otherwise seems a bit off, wouldn’t it be more idiomatic to somehow define the shell env of the shell-executor with defined buildInputs
instead of passing the system-wide path?
Also, I would have preferred for the gitlab-runner
to be defined as a normal user, so I would be able to impersonate it on the host to debug pipelines in-situ. But I tried (a long time ago) and failed miserably (due to user-re-definition issues/clashes between user definition and the gitlab-runner module I suspect).