search

cirruslabs / gitlab-tart-executor

GitLab Runner executor to run jobs in Tart VMs
MIT License
60 stars 5 forks source link

macOS 15 - all jobs stuck at "Waiting for the VM to boot and be SSH-able..." #86

Closed hschroeder-worldiety closed 24 minutes ago

hschroeder-worldiety commented 1 month ago

Hey there we updated our mac mini M1 runner from 14.7 to 15.0 yesterday.

The gitlab-tart-executor stopped working after the update to macOS 15.

Running with gitlab-runner 17.4.0 (b92ee590)
  on ...
Preparing the "custom" executor
03:00:05
Using Custom executor...
2024/09/23 16:56:51 Pulling the latest version of ghcr.io/cirruslabs/macos-runner:sonoma...
2024/09/23 16:56:52 Cloning and configuring a new VM...
2024/09/23 16:56:52 Waiting for the VM to boot and be SSH-able...
ERROR: Preparation failed: unknown Custom executor executable exit code -1; executable execution terminated with: signal: terminated

When looking at tart list and the graphs of the activity viewer I can see that the vm should be booted and is in a idle state afterwards.

We have a customized the gitlab-runner config, but the problem is also present with the default config.

concurrent = 2

[[runners]]
  # ...
  executor = "custom"
  [runners.feature_flags]
    FF_RESOLVE_FULL_TLS_CHAIN = false
  [runners.custom]
    config_exec = "gitlab-tart-executor"
    config_args = ["config"]
    prepare_exec = "gitlab-tart-executor"
    prepare_args = ["prepare"]
    run_exec = "gitlab-tart-executor"
    run_args = ["run"]
    cleanup_exec = "gitlab-tart-executor"
    cleanup_args = ["cleanup"]

Hope someone can help me with this.

edigaryev commented 1 month ago

This is likely related to the newly introduced "Local Network" permission in macOS Sequoia and the fact that GitLab Runner's binary has no LC_UUID identifier, which is critical for the Apple's Transparency Consent and Control framework.

Can you check if the workaround in https://github.com/cirruslabs/gitlab-tart-executor/issues/85#issuecomment-2363353178 works for you?

Without re-building the GitLab Runner (or waiting for the upstream fix) the permission above cannot take effect, even if you've explicitly allowed it in the GUI.

hschroeder-worldiety commented 1 month ago

Thanks alot! This worked.

Hopefully the LC_UUID Identifier is included when gitlab-runner 17.5 is released.

Never thought it would be a gitlab-runner issue, as our other mac runs just fine using the shell executor and macOS 15.

hschroeder-worldiety commented 1 month ago

Update: Upstream is still not fixed in gitlab-runner 17.5

edigaryev commented 2 hours ago

Thanks to @waddles, this is now fixed in the latest Homebrew version of GitLab Runner (>=17.6.0).

I've created https://github.com/cirruslabs/gitlab-tart-executor/pull/94 to reflect this in the README.md.