Open mamyn0va opened 1 year ago
@mamyn0va Can you provide the the full gitlab-ci-local ouput
gitlab-ci-local > textformjn.txt
and paste it here.
There is nothing more :
$ gitlab-ci-local
Remote include could not be fetched https://gitlab.com/gitlab-org/gitlab/-/raw/HEAD/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml AxiosError: Request failed with status code 400
Thanks!
Nothing about missing remote's or anything ?
No, and it's easily reproducible with this file:
include:
- template: Jobs/SAST.gitlab-ci.yml
Not that easy apparently :smiley:
Why is it that you think templates shouldn't be fetched from gitlab.com? Isn't this where the template repository is hosted?
I thought that templates were fetched from the same instance as the .gitlab-ci.yml's one.
-------- Message d'origine -------- Le 17 oct. 2022 à 18:05, Mads Jon Nielsen a écrit :
Why is it that you think templates shouldn't be fetched from gitlab.com ?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
And what makes you think that?
The fact that other templates are fetched from my own instance.
Do you have any idea why I'm getting 400 errors ? Is that because I'm behind a corporate proxy ? Is it possible to configure a proxy in the tool ?
No template includes have ever been downloaded from your private gitlab instance, local includes will, but never template includes.
Nah, not really... Can you do regular curl against gitlab.com?
Yes, I can do a regular curl to fetch the template from gitlab.com.
Hey 😊
From what I see in the doc, it seems to be fetched... from the same instance, in a specific folder : https://docs.gitlab.com/ee/ci/yaml/#includetemplate
Thanks, so the question is : why gitlab-ci-local fetches the template from gitlab.com ?
Hey 😊
From what I see in the doc, it seems to be fetched... from the same instance, in a specific folder : https://docs.gitlab.com/ee/ci/yaml/#includetemplate
The "templates" link points directly to gitlab.com. Where do you see that information?
I just tried replacing gitlab.com with gitlab.firecow.dk in this https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml link, and the file is 404 on my private instance.
He is seeing 400... Which indicates, someone is telling the request is "bad" not not found.
It's expected the 404, by default an instance has no template.
This piece of documentation in particular :
Templates are stored in lib/gitlab/ci/templates. Not all templates are designed to be used with include:template, so check template comments before using one.
Uses a relative path, and it must be empty in your instance.
I agree that the 400 error is something else, that we won't tackle together.
Unfortunately I can't test all of this, my current clients are on gitlab.com.
I don't get why it must be empty in my instance... If i push an .gitlab-ci.yml with a template include to gitlab.firecow.dk, the pipeline fetches the file directly from gitlab.com
Because templates are defined by the admin, and you did not put any in your folder ? And on the OP instance, they are defined by the admins...
Just guessing at this stage, I can't test any of my assumptions.
You think they are manually added to self hosted instances?
I find that unlikely, since my templates are fetched from gitlab.com, when run on gitlab.firecow.dk...
I think I can confirm this error is caused by proxy :
---
include:
- remote: "https://gitlab.com/Orange-OpenSource/lfn/ci_cd/gitlab-ci-templates/-/raw/master/markdown.gitlab-ci.yml"
job:
image: alpine
script:
- echo 'hello'
this works perfectly without proxy but I got Remote include could not be fetched https://gitlab.com/Orange-OpenSource/lfn/ci_cd/gitlab-ci-templates/-/raw/master/markdown.gitlab-ci.yml AxiosError: Request failed with status code 400
as soon I have with a proxy
Hi @greenmaid, I confirm that it works perfectly without proxy with this file:
---
include:
- template: Jobs/SAST.gitlab-ci.yml
job:
image: alpine
script:
- echo 'hello'
Ok, let's find out how we shall configure axios proxy then...
Looking at tcpdump trace, I can say that requests is send via proxy but without CONNECT (as if it was a http URL)
GET https://gitlab.com/Orange-OpenSource/lfn/ci_cd/gitlab-ci-templates/-/raw/master/markdown.gitlab-ci.yml HTTP/1.1
Accept: application/json, text/plain, */*
User-Agent: axios/0.27.2
Accept-Encoding: gzip, deflate, br
host: gitlab.com
Connection: close
Proxy answers 400
HTTP/1.0 400 Bad Request
Server: BigIP
Connection: close
Content-Length: 6564
<html>
<FONT face="Helvetica"><big><strong></strong></big>
[...]
For me it is exactly this bug at axios side: https://github.com/axios/axios/issues/4531 with open PR: https://github.com/axios/axios/pull/5037
Axios + proxy seems historically... complicated 😵
We could switch http client library
I'm gonna come up with some way to specify axios proxy setting via gitlab ci local options. I've renamed the issue.
Hi @firecow, any update on this ?
@mamyn0va Haven't looked seriously into it yet.
Minimal .gitlab-ci.yml illustrating the issue
Expected behavior It works! :)
Host information Manjaro gitlab-ci-local 4.33.1
Additional context The repo is hosted on a private gitlab instance, and it uses many templates.
I don't know why gitlab-ci-local tries to fetch some templates from gitlab.com instead of my private gitlab instance. The 400 error may be due to a proxy error (I'm behind a corporate proxy).