How can I make Gitlab runner merge code into a branch on a successful build
Solution 1
I tried @jakub-kania solution but I was always getting id_rsa invalid format
. I think that gitlab secret variables are screwed somehow.
I made it working by directly passing the deployment key into ssh-add without creating ssh keys. Here is working solution:
merge to master:
stage: deploy
image: alpine
only:
- dev-branch
before_script:
- apk add --update git openssh-client
- mkdir ~/.ssh
- ssh-keyscan -p 2222 <gitlab.domain.com> > ~/.ssh/known_hosts
- eval `ssh-agent -s`
- ssh-add <(echo "$GITLAB_DEPLOY_KEY")
- ssh -T git@<gitlab.domain.com> -p 2222
- git config --global user.email "$GITLAB_USER_EMAIL"
- git config --global user.name "$GITLAB_USER_ID"
- git remote set-url origin ssh://git@<gitlab.domain.com>:2222/path/to/repo.git
script:
- git checkout master
- git reset --hard origin/master
- git merge $CI_BUILD_REF
- git push origin master
Solution 2
The easiest solution is to make a Merge Request and click the "Merge When Pipeline Succeeds" button, this will merge the branch after the build. This is the one I would recommend.
Below is the working solution that I do not recommend for an automatic merge. It requires you to create a deploy key with write access and save the private key as a project variable GITLAB_DEPLOY KEY
, also do ssh-keyscan
on the server and save it to GITLAB_PUBLIC_KEY
variable.
mergetomaster:
stage: deploy
image: alpine
only:
- dev
script:
- apk add --update git openssh-client
- mkdir ~/.ssh
- echo $GITLAB_DEPLOY_KEY > ~/.ssh/id_rsa
- chmod 400 ~/.ssh/id_rsa
- echo $GITLAB_PUBLIC_KEY > ~/.ssh/known_hosts
// Steal the identity of person that triggered the build
- git config --global user.email "$GITLAB_USER_EMAIL"
- git config --global user.name "$GITLAB_USER_ID"
- git remote set-url origin <ssh-repository-url>
- git checkout master
- git reset --hard origin/master
- git merge $CI_BUILD_REF
- git push origin master
Solution 3
There is no easy way to do this as of GitLab version 8.15. The only way to do this is to leverage the API and webhooks.
This is the basic gist of what you have to do:
1.Create a webhook which hooks push events.
2.Check if the push belongs to the branch you want to do the merging on.
3.Create a merge request and immediately accept it with the option "merge_when_build_succeeds": true
.
This way it will merge the the branch, should the build succeed. Not really the most comfortable thing to setup but it should work.
Comments
-
StLia almost 2 years
Well the title is pretty much self-explanatory.
In summary, I want a branch (i.e. dev) to be merged to another branch (i.e. production) IF the build is successful.
-
Jakub Kania about 7 yearsActually there are now deploy keys with write access that can be used for this. In earlier versions that would be possible by creating a user account just for this purpose..
-
StLia about 7 yearsI've got a similar set up for deployment that uses a custom alpine image with the key "burned" there already. Your solution seems more elegant and I would like to adopt it, but I need you to clarify some points. Could you explain in detail all these variables(GITLAB_DEPLOY_KEY, GITLAB_PUBLIC_KEY, private key) , where to generate them and please use dummy examples (id_rsa_gitlab_server.pub, id_rsa_my_key.pub, "Deploy keys" or "Variables")? I guess GITLAB_USER_EMAIL, GITLAB_USER_ID and CI_BUILD_REF are auto generated. Never worked with project's vars and deploy keys before and it's confusing
-
StLia over 6 yearsIt looks good, but I can't confirm this, just because I have deleted my gitlab server and switched to bitbucket :/
-
holms about 6 yearsI've got invalid format anyway. And actually outputing that private key via echo misses new line after ----- BEGIN RSA KEY -----
-
Dylan over 5 yearsIt may be worth mentioning that $CI_BUILD_REF has been depreciated and you should use $CI_COMMIT_REF_NAME instead.
-
Lightheaded over 5 yearsAlso
<(...)
is a bash feature and won't work in alpine as it has ash
shell. Useecho "$GITLAB_DEPLOY_KEY" | ssh-add -
instead -
zypA13510 over 5 yearsI don't think
ssh-keyscan
on-the-fly is a good security practice, it's the same as telling ssh to skip verifying the host's public key. It would be better if you run the command on your local machine and save the result to a variable, as Jakub mentioned in his answer. -
k6ps over 5 yearsI also got the invalid format error. In my case the issue disappeared when using the key format correction as described in the docs docs.gitlab.com/ce/ci/ssh_keys/README.html I'm using gitlab.com and ed25519 keys.
-
Mitch almost 3 years@StLia i guess you do not need to change/create those vars yu meantioned. These vars are always there in the runner. So you just need to ceate a deploy key and go for it.