pact-cli - Issue with gitlab CI

[JayaPrajeesh]

Pre issue-raising checklist

I have already (please mark the applicable with an x):

• [ ] Upgraded to the latest version of the relevant libraries
• [x] Checked to see if the issue has already been raised
• [ ] Created an executable example that demonstrates the issue using either:
  • a Dockerfile
  • a fork of https://github.com/pact-foundation/pact-ruby-standalone-e2e-example
  • a Git repository with a Travis or Appveyor (or similar) build
  • a gist with all the relevant code and full instructions on how to run it

Software versions

• pact-ci: 0.23.1.0
• CI/CD: Gitlab CI

Expected behaviour

When I run the commands in local machine i am seeing the below results. So I am expecting the same in gitlab CI. docker run --rm docker.repo.myorg.com/pactfoundation/pact-cli:0.23.1.0 broker help Commands: broker can-i-deploy -a, --pacticipant=PACTICIPANT -b, --broker-base-url=BRO... broker create-or-update-pacticipant --name=NAME -b, --broker-base-url=BROKE... broker create-or-update-webhook URL --uuid=UUID -X, --request=METHOD -b, --... broker create-version-tag -a, --pacticipant=PACTICIPANT -b, --broker-base-u... broker create-webhook URL -X, --request=METHOD -b, --broker-base-url=BROKER... broker describe-version -a, --pacticipant=PACTICIPANT -b, --broker-base-url... broker generate-uuid ... broker help [COMMAND] ... broker list-latest-pact-versions -b, --broker-base-url=BROKER_BASE_URL ... broker publish PACT_DIRS_OR_FILES ... -a, --consumer-app-version=CONSUMER_A... broker test-webhook --uuid=UUID -b, --broker-base-url=BROKER_BASE_URL ... broker version ...

Actual behaviour

I am getting this message: Could not find command "sh".

I am not seeing the commands executed. This is what I am seeing in the job job log: Running before_script and script 00:03 Could not find command "sh". Running after_script 00:02 Could not find command "sh". Saving cache 00:02 Uploading artifacts for successful job 00:03 Job succeeded

Steps to reproduce

1. We have the pact-cli in our org repo.

2. Added the below job in my .gitlab-ci.yml pact_sample_job: variables: PACT_BROKER_BASE_URL: "https://mypactbroker.myorg.com" image: name: docker.repo.myorg.com/pactfoundation/pact-cli:0.23.1.0 entrypoint: ["pact"] stage: pact_sample_stage script:

   • "broker help"

3. Pushed the changes and verify pipeline

Relevant log files

Running before_script and script 00:03 Could not find command "sh". Running after_script 00:02 Could not find command "sh". Saving cache 00:02 Uploading artifacts for successful job 00:03 Job succeeded

[bethesque]

Have a look at the entrypoint in the Dockerfile. It's not pact. Do you need to set the entrypoint at all? I would think that it would just use the default one if you didn't set it, but you'll have to try it and see. Otherwise, try setting the entrypoint as per the Dockerfile.

[JayaPrajeesh]

I have tried without giving entrypoint first. Since it didn't work, I was troubleshooting by adding the entrypoint.. I was getting the same log without entrypoint as well.

[bethesque]

And what happens when you set the correct entrypoint as per the Dockerfile?

[JayaPrajeesh]

I got the same logs: Running before_script and script 00:03 Could not find command "sh". Running after_script 00:02 Could not find command "sh". Saving cache 00:02 Uploading artifacts for successful job 00:03 Job succeeded

[mefellows]

Just confirming that you used something like the below:

docker run --entrypoint "/pact/entrypoint.sh" --rm pactfoundation/pact-cli:latest  broker --help

What does that look like in Gitlab?

[mefellows]

These articles seems to use Pact with Gitlab - helpful?

• https://blog.codecentric.de/en/2020/02/implementing-a-consumer-driven-contract-testing-workflow-with-pact-broker-and-gitlab-ci/ ?
• https://solidstudio.io/blog/consumer-driven-contract-ci-cd

[sagupta02]

@JayaPrajeesh I have checked this and this is a common issue with how GitLab Runner starts the docker container . The solution was suggested by Gitlab engineer here in this issue (Check comment by Tomasz Maczukin)

You have 2 options to solve this:

1. For Docker version 17.06+ : Unset the entry point to empty array and use /pact/entrypoint.sh before the command

   build:
   stage: test-docker
   image: 
   name: pactfoundation/pact-cli
   entrypoint: [""]
   script:
   - /pact/entrypoint.sh broker help

2. For Docker =< 17.03 :

   build:
   stage: test-docker
   image: 
   name: pactfoundation/pact-cli
   entrypoint: ["/bin/sh", "-c"]
   script:
   - /pact/entrypoint.sh broker help

[sagupta02]

To explain a little bit about why the problem was happening , when you define the job as below ,

build:
  stage: test-docker
  image: 
    name: pactfoundation/pact-cli
  script:
    - broker help

GitLab Runner starts Docker container using defined entrypoint (default from Dockerfile) and shell discovering as command . That means it send the script contents to docker container shell's STDIN and receives the output. And the pact-cli entrypoint doesnt allow to start a shell command.

You can see the same behaviour locally as well if you try to pass sh before the actual command. This is what GitLab Runner is doing in job.

 $ docker run --rm -it --name pacttest pactfoundation/pact-cli sh broker help 
Could not find command "sh".

[mefellows]

Thanks so much @sagupta02!

[JayaPrajeesh]

Thanks @sagupta02, @mefellows & @bethesque !!!

I can see the help commands, which means when we added the entrypoint.sh, it worked.. Unfortunately I am unable to communicate to pact broker. I am getting the below error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain). Any solution to this?

More details: $ /pact/entrypoint.sh broker help Commands: broker can-i-deploy -a, --pacticipant=PACTICIPANT -b, --broker-base-url=BRO... broker create-or-update-pacticipant --name=NAME -b, --broker-base-url=BROKE... broker create-or-update-webhook URL --uuid=UUID -X, --request=METHOD -b, --... broker create-version-tag -a, --pacticipant=PACTICIPANT -b, --broker-base-u... broker create-webhook URL -X, --request=METHOD -b, --broker-base-url=BROKER... broker describe-version -a, --pacticipant=PACTICIPANT -b, --broker-base-url... broker generate-uuid ... broker help [COMMAND] ... broker list-latest-pact-versions -b, --broker-base-url=BROKER_BASE_URL ... broker publish PACT_DIRS_OR_FILES ... -a, --consumer-app-version=CONSUMER_A... broker test-webhook --uuid=UUID -b, --broker-base-url=BROKER_BASE_URL ... broker version ... $ /pact/entrypoint.sh broker create-version-tag --pacticipant pc-devops-sandbox --version v1.0.1-6fc9875a --tag review bundler: failed to load command: /pact/bin/pact (/pact/bin/pact) OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)

[mefellows]

As per the docs:

To connect to a Pact Broker that uses custom SSL cerificates, set the environment variable $SSL_CERT_FILE or $SSL_CERT_DIR to a path that contains the appropriate certificate.

[bethesque]

There is also a guide to using HTTPS with self signed certs with the Pact Broker here https://docs.pact.io/pact_broker/advanced_topics/using-tls/

[mefellows]

Ah, I knew we had another one. Thanks.