Closed WCY91 closed 1 month ago
I am not sure what the question is, so I am going to answer how I understood your question: how to map a file from the host system into the job run by gitlab-ci-local
.
Using the shell executor with the sample above seems to work fine (you can tell it uses the shell executor, as there is no image:
), since gitlab-ci-local
has access to your host filesystem.
---
job:
script:
- echo "$PRIVATE_KEY"
- ls -la $PRIVATE_KEY
- cat $PRIVATE_KEY
$ echo "I am the private key" > private.key
$ gitlab-ci-local --variable PRIVATE_KEY="$(pwd)/private.key"
job starting shell (test)
job $ echo "$PRIVATE_KEY"
job > /tmp/tmp.KnyhyOlxKI/private.key
job $ ls -la $PRIVATE_KEY
job > -rw-r--r-- 1 pigeon pigeon 21 22. Mai 11:11 /tmp/tmp.KnyhyOlxKI/private.key
job $ cat $PRIVATE_KEY
job > I am the private key
job finished in 28 ms
PASS job
pipeline finished in 142 ms
If you are using the docker executor, you can map the private key as a volume, though to reproduce this on GitLab, you would have to have access to the gitlab runner configuration file
---
job:
image: docker.io/busybox
script:
- echo "$PRIVATE_KEY"
- ls -la $PRIVATE_KEY
- cat $PRIVATE_KEY
$ echo "I am the private key" > private.key
$ gitlab-ci-local --variable PRIVATE_KEY="/secrets/private.key" --volume "$(pwd)/private.key:/secrets/private.key:ro"
job starting docker.io/busybox:latest (test)
job copied to docker volumes in 572 ms
job $ echo "$PRIVATE_KEY"
job > /secrets/private.key
job $ ls -la $PRIVATE_KEY
job > -rw-r--r-- 1 1000 996 21 May 22 09:11 /secrets/private.key
job $ cat $PRIVATE_KEY
job > I am the private key
job finished in 1.5 s
PASS job
pipeline finished in 1.62 s
$ cd $(mktemp -d)
$ mkdir gnupg && chmod 0700 gnupg
$ export GNUPGHOME="$(pwd)/gnupg"
$ cat > key.batch <<EOF
%no-protection
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: John Doe
Expire-Date: 0
EOF
$ gpg --generate-key --batch key.batch
$ gpg --armor --export-secret-keys "John Doe" > private_key.key
$ echo "Hello, World" | gpg -e -r "John Doe" --armor > message.gpg.asc
With the following .gitlab-ci.yml
---
before_script:
- export GNUPGHOME="$(mktemp -d)"
- gpg --list-keys
- ls -l private_key.key
#- cat private_key.key
- gpg --import private_key.key
- gpg --list-keys
job:
script:
- ls -l message.gpg.asc
#- cat message.gpg.asc
- gpg --decrypt message.gpg.asc
$ gitlab-ci-local
job starting shell (test)
job $ export GNUPGHOME="$(mktemp -d)"
job $ gpg --list-keys
job > gpg: keybox '/run/user/1000/tmp.q8dppqKNvt/pubring.kbx' created
job > gpg: /run/user/1000/tmp.q8dppqKNvt/trustdb.gpg: trustdb created
job $ ls -l private_key.key
job > -rw-r--r-- 1 pigeon pigeon 1422 May 22 11:37 private_key.key
job $ gpg --import private_key.key
job > gpg: key 24CDC076A0D51FED: public key "John Doe" imported
job > gpg: key 24CDC076A0D51FED: secret key imported
job > gpg: Total number processed: 1
job > gpg: imported: 1
job > gpg: secret keys read: 1
job > gpg: secret keys imported: 1
job $ gpg --list-keys
job > /run/user/1000/tmp.q8dppqKNvt/pubring.kbx
job > -----------------------------------------
job > pub dsa1024 2024-05-22 [SCA]
job > E299E68E830E08529F3D62EF24CDC076A0D51FED
job > uid [ unknown] John Doe
job > sub elg1024 2024-05-22 [E]
job >
job $ ls -l message.gpg.asc
job > -rw-r--r-- 1 pigeon pigeon 545 May 22 11:39 message.gpg.asc
job $ gpg --decrypt message.gpg.asc
job > gpg: encrypted with elg1024 key, ID 1B8968D1F8B80D75, created 2024-05-22
job > "John Doe"
job > Hello, World
job finished in 70 ms
PASS job
pipeline finished in 191 ms
I am using gpg
2.4.5.
Is PRIVATE_KEY
set to a path or the actual private key content? It seems to me that the issue lies in your .gitlab-ci.yml
or the way you set PRIVATE_KEY
.
You set "$PRIVATE_KEY_PATH" to a path, but then write it to a file, as though it were the actual key. Instead, you should try
before_script:
- gpg --import "$PRIVATE_KEY_PATH"
job:
stage: stage
script:
- gpg --decrypt config.py.gpg > config.py
- pipenv run python3 attendance_check.py
thanks for reply it can work ~
thanks for reply it can work ~
Minimal .gitlab-ci.yml illustrating the issue
Expected behavior it should get the key which is on my pc
Host information Mac gitlab-ci-local latest
Containerd binary Are you using docker or podman, or any other relevant containerization tool.
Additional context the private key path is like : "/User//" and print the path by echo cmd is correct value