All geek questions in one place

Gitlab runner Requested Error URL: 403

I am currently using gitlab.com (and not a local installation) with their multi-channel CI integrator. This works fine on one of my projects, but doesn't work on the other.

I am using 2012R2 for my host with MSBuild version 14.0.23107.0. I know that the error below shows 403, which is an access denied message. My problem is to change the resolution setting.

Error message:

Working with gitlab-ci-multi-runner 1.5.3 (fb49c47) Using the shell executor ... Running on WIN-E0ORPCQUFHS ...

Retrieving Changes ...

Now HEAD is located on the remote file server version 6a70d96: access is denied: access could not be reached ' https: // gitlab-ci-token: xxxxxxxxxxxxxxxxxxxx@gitlab.com /##REDACTED##/ADInactiveObjectCleanup.git/ ': Request URL error: 403 Checking 60ea1410 as Production ...

fatal: the link is not a tree: 60ea1410dd7586f6ed9535d058f07c5bea2ba9c7 ERROR: Build error: exit status 128

Gitlab-ci.yml file:

variables: Solution: ADInactiveObjectCleanup.sln before_script: #- "echo off" #- 'call "%VS120COMNTOOLS%\vsvars32.bat"' ## output environment variables (usefull for debugging, propably not what you want to do if your ci server is public) #- echo. #- set #- echo. stages: - build #- test #- deploy build: stage: build script: - echo building... - '"%ProgramFiles(x86)%\MSBuild\14.0\Bin\msbuild.exe" "%Solution%" /p:Configuration=Release' except: #- tags
+12
source share
3 answers

To solve this problem, I had to add myself as a project participant. This is a private repo. I'm not sure if this led to the runner failing with a different permission setting or not, but it is very possible.

This help article in gitlab describes this problem.

With a new resolution model, there may be times when the assembly fails. This is most likely because your project is trying to access other project sources, and you do not have the appropriate permissions. In the build log, find information about 403 or restricted access messages.

As an administrator, you can verify that the user is a member of a group or project that they seek to access. to, and you can impersonate the user to retry the failed build in to make sure everything is correct.

On the project page, click the gear settings and select the participants. Add yourself (or custom builds) as a member of the project. I used the Master role, but based on this document , you can probably use the Reporter role at least. The reporter role is the least privilege that still has access to the "Pull project code". This removed my 403 error and allowed me to continue.

+21
source

It looks like you need to add the add cd to print the current directory in your before_script. Then, correct the permissions to access the parent of this folder. If you installed your gitlab runner on c:\glrunner , you probably need to fix the permission c:\glrunner\builds .

The second problem is that you may need to force install a new git clone by deleting the builds folder.

You might want to change the credentials for logging into the gitlab startup service to gitlabuser , which should be a non-admin account that may have less privileges than the default LOCAL SYSTEM account that your gitlab executor uses.

If you want to know who is logged in, add set to your before_script and you will get a dump of the environment variable. From this, you can see which account is logged into the system, where its USERPROFILE and other things are located.

0
source

I also ran into this problem

 fatal: unable to access 'http://gitlab-ci-token:xxxx.git':The Requested URL returned error:403 ERROR: Job Failed: command terminated with exit code 1

but it seems that the reason for the above answer is not the same, because my account is an administrator, ci job retrieves the project and reports a 403 error, since the administrator account is not a project participant, added as a project. Participants will no longer report this error.

ci_build_permissions

0
source

Source: https://habr.com/ru/post/1258104/

More articles:


All Articles