diff options
Diffstat (limited to 'community/gitlab-runner')
-rw-r--r-- | community/gitlab-runner/APKBUILD | 68 | ||||
-rw-r--r-- | community/gitlab-runner/gitlab-runner.confd | 34 | ||||
-rw-r--r-- | community/gitlab-runner/gitlab-runner.initd | 65 | ||||
-rw-r--r-- | community/gitlab-runner/gitlab-runner.logrotate | 5 | ||||
-rw-r--r-- | community/gitlab-runner/syslog-log-format.patch | 93 | ||||
-rw-r--r-- | community/gitlab-runner/update-pty-for-riscv64.patch | 25 | ||||
-rw-r--r-- | community/gitlab-runner/use-logrus-syslog-hook.patch | 42 |
7 files changed, 266 insertions, 66 deletions
diff --git a/community/gitlab-runner/APKBUILD b/community/gitlab-runner/APKBUILD index 3545e6616a0..eef683ab2e4 100644 --- a/community/gitlab-runner/APKBUILD +++ b/community/gitlab-runner/APKBUILD @@ -1,48 +1,52 @@ # Contributor: Carlo Landmeter <clandmeter@alpinelinux.org> # Contributor: Rasmus Thomsen <oss@cogitir.dev> -# Maintainer: Rasmus Thomsen <oss@cogitri.dev> +# Maintainer: Jakub Jirutka <jakub@jirutka.cz> pkgname=gitlab-runner -pkgver=13.12.0 +pkgver=16.11.0 pkgrel=0 -# first 8 chars of the git hash of the release, see -# https://gitlab.com/gitlab-org/gitlab-runner/-/tags -# PLEASE update this, since they're used to determine what version of -# https://hub.docker.com/r/gitlab/gitlab-runner-helper/tags to use -_rev=7a6612da pkgdesc="GitLab runner for CI/CD jobs" url="https://docs.gitlab.com/runner/" arch="all" license="MIT" -makedepends="go" +makedepends="curl go jq" install="$pkgname.pre-install $pkgname.pre-upgrade" pkgusers="gitlab-runner" pkggroups="gitlab-runner" -options="!check chmod-clean" # Need to be run in a git repo subpackages="$pkgname-helper $pkgname-openrc" source="https://gitlab.com/gitlab-org/gitlab-runner/-/archive/v$pkgver/gitlab-runner-v$pkgver.tar.gz + syslog-log-format.patch + use-logrus-syslog-hook.patch $pkgname.initd $pkgname.confd - - update-pty-for-riscv64.patch + $pkgname.logrotate " - builddir="$srcdir/$pkgname-v$pkgver" +# check: need to be run in a git repo +# net: required for pulling dependencies +options="!check net" -export GOPATH="$srcdir" -export CGO_ENABLED=0 +export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}" +export GOTMPDIR="${GOTMPDIR:-"$srcdir"}" +export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}" -prepare() { - default_prepare -} +# secfixes: +# 15.10.0-r0: +# - CVE-2022-1996 build() { + # This is used to determine what version of + # https://hub.docker.com/r/gitlab/gitlab-runner-helper/tags to use. + local gitrev + gitrev="$(curl -fsSL "https://gitlab.com/api/v4/projects/gitlab-org%2F$pkgname/repository/tags/v$pkgver" \ + | jq -r '.commit.short_id')" + echo "Tag v$pkgver resolved to SHA $gitrev" >&2 + local ldflags=" -X gitlab.com/gitlab-org/$pkgname/common.NAME=$pkgname -X gitlab.com/gitlab-org/$pkgname/common.VERSION=$pkgver - -X gitlab.com/gitlab-org/$pkgname/common.REVISION=$_rev + -X gitlab.com/gitlab-org/$pkgname/common.REVISION=$gitrev -X gitlab.com/gitlab-org/$pkgname/common.BUILT=$(date -u +%Y-%m-%dT%H:%M:%S%z) -X gitlab.com/gitlab-org/$pkgname/common.BRANCH=master - -s -w " # required for github.com/docker/docker export GO111MODULE=auto @@ -52,25 +56,27 @@ build() { } package() { - install -Dm755 "$builddir"/bin/gitlab-runner \ - "$pkgdir"/usr/bin/gitlab-runner + install -Dm755 bin/gitlab-runner -t "$pkgdir"/usr/bin/ - install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/gitlab-runner - install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/gitlab-runner + install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname + install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname + install -Dm644 "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname - mkdir -p "$pkgdir"/var/lib/gitlab-runner - chown gitlab-runner:gitlab-runner "$pkgdir"/var/lib/gitlab-runner + install -d -m750 -o "$pkgusers" -g "$pkggroups" "$pkgdir"/etc/$pkgname + install -d -m700 -o "$pkgusers" -g "$pkggroups" "$pkgdir"/var/lib/$pkgname } helper() { pkgdesc="$pkgdesc (helper)" - install -Dm755 "$builddir"/bin/gitlab-runner-helper \ - "$subpkgdir"/usr/bin/gitlab-runner-helper + + install -Dm755 "$builddir"/bin/gitlab-runner-helper -t "$subpkgdir"/usr/bin/ } sha512sums=" -d1b4ea21c81671cd7da61020d7cd24889a844387e6e86b265a25497ca47b83ab95cc91fd153d8078ad74c15f3be525f6b3d7ec83f544bf7487633ae9de9e137f gitlab-runner-v13.12.0.tar.gz -2ae753efc220c46378e84831f01b289f3689af70cd7cbb0bbcc04dc17c910d65eb5105c198d5a23098e27797a7d1c695f49b244993ea4676eb9ec9cda064f44e gitlab-runner.initd -243ed9d7575e925794213973232f95f02d5e10cfab6cd29df6a4641b9d05b342ae90678b2eea4b21ddc703596429919d037b38248046d7c5e7a480406f412445 gitlab-runner.confd -eaaec01ad687b955e83f2c475e865a0c8a93aea23f8f0c88c0088461e8b8050b5423e03683149f917c71ff2520ea04a0c3af1267b946efb34c0a70670fa27bc2 update-pty-for-riscv64.patch +6fe57318b014d5acf9b7364c07bc700a54782683fffafecf2f4224821fa421d8cd2e104a4c4475d2260ff0b8d5284f36c91d4f8ffe4b28ce52d892e68340d5b6 gitlab-runner-v16.11.0.tar.gz +c2e2d36714d1f8fc49ed2de6b411a879183b40356af366e9e89e0ee246d0b5400ebbfc598f747e30dec813c8d89399d80a1e8218890baed525136a734e1ca626 syslog-log-format.patch +30726c362476b9f93b44c44435cd04e8210f04b25f878302c7edeca387094a616af7aa20ece6eb6dcf329a2702ef2079dcc002779deef09d78ecb447253f87bf use-logrus-syslog-hook.patch +8cdcea1e07b30b720d0e18a12f06fff69f2a7804d0038b2bfd6a880a5c99eb4b2b06dd8ccd21edc501a2205d89decb176b725211a03253068fa45b6861e75f11 gitlab-runner.initd +45c3727a4b2544c59db50b3a93d917bbce14441453ebd0b81c981568ccc71338e564213f7bed449f0712fbcfb96ce6e51ac5759d5bde82e3986265e26d9db315 gitlab-runner.confd +2ddd42622b72135a95ac1c09061b61e73c4f89d4f0a86d1a3c902760d4a5f2c749a04f2d81568c973c83b1aae60ada71360a6bf74a31f8e5d9b10b90af4cdcfe gitlab-runner.logrotate " diff --git a/community/gitlab-runner/gitlab-runner.confd b/community/gitlab-runner/gitlab-runner.confd index 98c3f285de2..107ad55f279 100644 --- a/community/gitlab-runner/gitlab-runner.confd +++ b/community/gitlab-runner/gitlab-runner.confd @@ -1,7 +1,29 @@ -# Extra options passed to 'gitlab-runner run' -GITLAB_RUNNER_OPTS="--config /etc/gitlab-runner/config.toml --working-directory /var/lib/gitlab-runner --service gitlab-runner" +# Configuration for /etc/init.d/gitlab-runner -# Change to root if you want to run a system instance instead of a user one -GITLAB_RUNNER_USER="gitlab-runner" -# Same as above -GITLAB_RUNNER_GROUP="gitlab-runner" +# Path to the config file (--config). +#cfgfile="/etc/gitlab-runner/config.toml" + +# Path to the working directory (--working-directory). +#datadir="/var/lib/gitlab-runner" + +# The log format: "runner", "text", "json", or "syslog". Defaults to "syslog" +# if log_syslog=yes, otherwise "text". If you prefer to set this in the runner +# config, set to an empty string. +#log_format= + +# Whether to log to system service logger. If disabled, stderr will be +# redirected to $error_log file. +log_syslog=yes + +# Path to the logging file where stderr will be redirected. Defaults to +# /var/log/gitlab-runner.log if log_syslog=no, otherwise disabled. +#error_log="/var/log/gitlab-runner.log" + +# Extra options passed to 'gitlab-runner run'. +#command_args= + +# Change to root if you want to run a system instance instead of a user one. +#command_user="gitlab-runner" + +# Comment out to run without process supervisor. +supervisor=supervise-daemon diff --git a/community/gitlab-runner/gitlab-runner.initd b/community/gitlab-runner/gitlab-runner.initd index f0659a7ad3e..494a275f950 100644 --- a/community/gitlab-runner/gitlab-runner.initd +++ b/community/gitlab-runner/gitlab-runner.initd @@ -1,14 +1,71 @@ #!/sbin/openrc-run -supervisor=supervise-daemon - description="GitLab CI Runner" name="Gitlab Runner" +extra_started_commands="reload" +description_reload="Reload configuration" + +# NOTE: All SCREAMING_CASE variables are here for backward compatibility only (Alpine <3.17). + +: ${cfgfile:="/etc/gitlab-runner/config.toml"} +: ${datadir:="/var/lib/gitlab-runner"} +: ${log_syslog:="no"} +: ${start_wait:=50} # milliseconds +: ${command_user:="${GITLAB_RUNNER_USER:-gitlab-runner}:${GITLAB_RUNNER_GROUP:-gitlab-runner}"} + command="/usr/bin/gitlab-runner" -command_args="run ${GITLAB_RUNNER_OPTS}" -command_user="${GITLAB_RUNNER_USER}:${GITLAB_RUNNER_GROUP}" +command_args="run + --config $cfgfile + --working-directory $datadir + --service $RC_SVCNAME + ${command_args:-$GITLAB_RUNNER_OPTS} + " +command_background="yes" +directory="$datadir" + +start_stop_daemon_args="--wait $start_wait $start_stop_daemon_args" +# The leading space is to avoid fallback to $start_stop_daemon_args when this +# is empty (supervise-daemon doesn't support --wait). +supervise_daemon_args=" $supervise_daemon_args" +pidfile="/run/$RC_SVCNAME.pid" depend() { need net + use dns logger +} + +start_pre() { + export CLICOLOR=0 # disable colors (ANSI sequences) in the log output + + if yesno "$log_syslog"; then + export LOG_FORMAT="syslog" + command_args="$command_args --syslog" + else + export LOG_FORMAT="text" # format with timestamps + : ${error_log="/var/log/gitlab-runner.log"} + fi + if [ "${error_log:-}" ]; then + checkpath -f -m 644 -o "$command_user" "$error_log" || return 1 + fi +} + +# TODO: Shouldn't this be in start_pre and fail if the config doesn't exist? +start_post() { + if ! [ -e "$cfgfile" ]; then + einfo "Config file $cfgfile doesn't exist" + einfo "You need to register the runner with command: gitlab-runner register" + fi + return 0 +} + +reload() { + ebegin "Reloading $name configuration" + + if [ "$supervisor" ]; then + $supervisor "$RC_SVCNAME" --signal HUP + else + start-stop-daemon --pidfile "$pidfile" --signal HUP + fi + eend $? } diff --git a/community/gitlab-runner/gitlab-runner.logrotate b/community/gitlab-runner/gitlab-runner.logrotate new file mode 100644 index 00000000000..f6bacf4c124 --- /dev/null +++ b/community/gitlab-runner/gitlab-runner.logrotate @@ -0,0 +1,5 @@ +/var/log/gitlab-runner.log { + copytruncate + missingok + notifempty +} diff --git a/community/gitlab-runner/syslog-log-format.patch b/community/gitlab-runner/syslog-log-format.patch new file mode 100644 index 00000000000..63f6e1a00e7 --- /dev/null +++ b/community/gitlab-runner/syslog-log-format.patch @@ -0,0 +1,93 @@ +Add "syslog" log format. + +I didn't contribute this patch to the upstream because I don't wanna +contribute to any Go projects. However, if you find this patch useful, +feel free to send it to the upstream under your name. + +--- a/log/configuration.go ++++ b/log/configuration.go +@@ -12,6 +12,7 @@ + FormatRunner = "runner" + FormatText = "text" + FormatJSON = "json" ++ FormatSyslog = "syslog" + ) + + var ( +@@ -25,7 +26,7 @@ + }, + cli.StringFlag{ + Name: "log-format", +- Usage: "Choose log format (options: runner, text, json)", ++ Usage: "Choose log format (options: runner, text, json, syslog)", + EnvVar: "LOG_FORMAT", + }, + cli.StringFlag{ +@@ -39,6 +40,7 @@ + FormatRunner: new(RunnerTextFormatter), + FormatText: new(logrus.TextFormatter), + FormatJSON: new(logrus.JSONFormatter), ++ FormatSyslog: new(SyslogFormatter), + } + ) + +--- a/log/syslog_formatter.go ++++ b/log/syslog_formatter.go +@@ -0,0 +1,57 @@ ++package log ++ ++import ( ++ "bytes" ++ "fmt" ++ "time" ++ ++ "github.com/sirupsen/logrus" ++) ++ ++type SyslogFormatter struct { ++} ++ ++func (f *SyslogFormatter) Format(entry *logrus.Entry) ([]byte, error) { ++ var b *bytes.Buffer ++ if entry.Buffer != nil { ++ b = entry.Buffer ++ } else { ++ b = &bytes.Buffer{} ++ } ++ ++ if entry.Message != "" { ++ b.WriteString(entry.Message) ++ } ++ dataWritten := false ++ for key, val := range entry.Data { ++ if key == "now" { ++ continue ++ } ++ var stringVal string ++ ++ switch val := val.(type) { ++ case time.Time: ++ stringVal = val.Format(time.RFC3339) ++ default: ++ var ok bool ++ if stringVal, ok = val.(string); !ok { ++ stringVal = fmt.Sprint(val) ++ } ++ } ++ ++ // The format is inspired by RFC 5424 STRUCTURED-DATA. ++ if dataWritten { ++ b.WriteByte(' ') ++ } else { ++ b.WriteString(" [meta ") ++ dataWritten = true ++ } ++ b.WriteString(fmt.Sprintf("%s=%q", key, stringVal)) ++ } ++ if dataWritten { ++ b.WriteByte(']') ++ } ++ b.WriteByte('\n') ++ ++ return b.Bytes(), nil ++} diff --git a/community/gitlab-runner/update-pty-for-riscv64.patch b/community/gitlab-runner/update-pty-for-riscv64.patch deleted file mode 100644 index 48c244879f7..00000000000 --- a/community/gitlab-runner/update-pty-for-riscv64.patch +++ /dev/null @@ -1,25 +0,0 @@ -see: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27562 - -diff --git a/go.mod b/go.mod -index 5969f40..5159a38 100644 ---- a/go.mod -+++ b/go.mod -@@ -79,3 +79,5 @@ require ( - ) - - replace golang.org/x/sys => golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6 -+ -+replace github.com/kr/pty v1.1.1 => github.com/creack/pty v1.1.13 -diff --git a/go.sum b/go.sum -index 074287b..6351c83 100644 ---- a/go.sum -+++ b/go.sum -@@ -128,6 +128,8 @@ github.com/containerd/containerd v1.4.3 h1:ijQT13JedHSHrQGWFcGEwzcNKrAGIiZ+jSD5Q - github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= - github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= - github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -+github.com/creack/pty v1.1.13 h1:rTPnd/xocYRjutMfqide2zle1u96upp1gm6eUHKi7us= -+github.com/creack/pty v1.1.13/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= - github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= - github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= - github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/community/gitlab-runner/use-logrus-syslog-hook.patch b/community/gitlab-runner/use-logrus-syslog-hook.patch new file mode 100644 index 00000000000..676e65d4875 --- /dev/null +++ b/community/gitlab-runner/use-logrus-syslog-hook.patch @@ -0,0 +1,42 @@ +Replace gitlab-runner/log/system_logger with standard logrus/hooks/syslog. +There are two reasons: + +1. gitlab-runner/log/system_logger delegates the syslog initialization + (syslog.Dial) to kardianos/service, which doesn't set the syslog + facility. This results in messages logged with the "kern" facility. +2. gitlab-runner/log/system_logger maps Error, Panic, and Fatal levels + to the syslog's "err" level, but Panic and Fatal could be mapped to + the "crit" level. + +I didn't contribute this patch to the upstream because I don't wanna +contribute to any Go projects. However, if you find this patch useful, +feel free to send it to the upstream under your name. + +--- a/commands/multi.go ++++ b/commands/multi.go +@@ -30,6 +30,9 @@ + "gitlab.com/gitlab-org/gitlab-runner/log" + "gitlab.com/gitlab-org/gitlab-runner/network" + "gitlab.com/gitlab-org/gitlab-runner/session" ++ ++ "log/syslog" ++ lSyslog "github.com/sirupsen/logrus/hooks/syslog" + ) + + var ( +@@ -997,7 +1000,13 @@ + } + + if mr.Syslog { +- log.SetSystemLogger(logrus.StandardLogger(), svc) ++ hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_DAEMON | syslog.LOG_INFO, mr.ServiceName) ++ if err == nil { ++ logrus.AddHook(hook) ++ } else { ++ logrus.WithError(err). ++ Error("Error while setting up the system logger") ++ } + } + + logrus.AddHook(&mr.sentryLogHook) + |