{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 家丑人穷心不美 的问题《How do I push to a repo from within a gitlab CI pi》','https://www.manongdao.com/q-1349125.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In my CI pipeline I am generating an artifact public/graph.png that visualises some aspect of my code. In a later step I want to commit that to the repo from within the CI pipeline. Here's the pertinent part of .gitlab-ci.yml:
commit-graph:
stage: pages
script:
- git config user.email "cipipeline@example.com"
- git config user.name "CI Pipeline"
- cd /group/project
- mv public/graph.png .
- git add graph.png
- git commit -m "committing graph.png [ci skip]"
- echo $CI_COMMIT_REF_NAME
- git push origin HEAD:$CI_COMMIT_REF_NAME
When the pipeline runs within gitlab it fails with:
$ git config user.email "cipipeline@dhgitlab.dunnhumby.co.uk"
$ git config user.name "CI Pipeline"
$ cd /group/project
$ mv public/graph.png .
$ git add graph.png
$ git commit -m "committing graph.png [ci skip]"
[detached HEAD 22a50d1] committing graph.png [ci skip]
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 graph.png
$ echo $CI_COMMIT_REF_NAME
jamiet/my-branch
$ git push origin HEAD:$CI_COMMIT_REF_NAME
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@example.com/group/project/project.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Not sure what I'm doing wrong and don't know enough about SSL to understand that error. Can anyone advise?
We are hosting gitlab ourselves by the way.
I found this GitLab forum link helpful As suggested by the user you need to generate SSH key, associate it with new GitLab user dedicated for this job and add key to the runner. Small drawback is you need to use swap origin in gitlab for original ssh source (instead of sandboxed one used inside the job) which leads to committer being changed to mentioned new account instead of person who triggered pipeline. Source from link:
Just with current version of GitLab you need to change source variable name as follows:
I can commit from Gitlab-CI with a selected user with a minor change based on tsr's answer https://stackoverflow.com/a/57800614/5269825 :
The
ACCESS_TOKEN_PARAMmust be configured at the project's CI/CD Variables configuration.The idea of using Oauth2 and Access Token was taken from https://stackoverflow.com/a/52074198/5269825 and https://stackoverflow.com/a/52154378/5269825.
Also, pushing changes can trigger a new pipeline!
Solved it. Issuing
git config --global http.sslverify "false"prior to the push solved that particular problem (it exposed another problem but that's for another thread :) )