Skip to content

gitlab-runner: Add explicit become directives #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

gitlab-runner: Add explicit become directives #521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4990d11
gitlab-runner: Update molecule tests to catch missing become directives
Normo Nov 10, 2025
0d5cdf4
gitlab-runner: Add explicit become directives
Normo Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions molecule/gitlab_runner/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
---
- name: "Converge"
hosts: "all"
become: false
tasks:
- name: "Include gitlab_runner role"
ansible.builtin.include_role:
Expand Down
1 change: 1 addition & 0 deletions molecule/gitlab_runner/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ provisioner:
hosts:
all:
vars:
ansible_user: "ansible"
gitlab_runner_concurrent: 4
gitlab_runner_hide_sensitive_changes: false
host_vars:
Expand Down
1 change: 1 addition & 0 deletions molecule/gitlab_runner/prepare.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
---
- name: "Prepare"
hosts: "all"
become: true
tasks:
- name: "Install necessary packages"
when: "ansible_facts.os_family == 'Debian'"
Expand Down
8 changes: 8 additions & 0 deletions molecule/gitlab_runner/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
failed_when: "'0.16.2-gitlab.25' not in machine_version.stdout"

- name: "Identify installed fleeting plugins"
become: true
ansible.builtin.command: "gitlab-runner fleeting list"
register: "fleeting_cmd"
changed_when: false
Expand All @@ -64,6 +65,7 @@
- "gitlab_runner_version is defined"

- name: "Assert that ignition.json file was created"
become: true
ansible.builtin.stat:
path: "/etc/gitlab-runner/ignition.json"
register: "ignition"
Expand All @@ -73,12 +75,14 @@
when: "gitlab_runner_ssh_public_key | default('') | length == 0 or gitlab_runner_ssh_public_key | default('') | length == 0"
block:
- name: "Assert that SSH key pair was created"
become: true
ansible.builtin.stat:
path: "/etc/gitlab-runner/gitlab_runner_key"
register: "ssh_key"
failed_when: "not ssh_key.stat.isreg or ssh_key.stat.mode != '0600'"

- name: "Read generated SSH public key"
become: true
ansible.builtin.command: "cat /etc/gitlab-runner/gitlab_runner_key.pub"
register: "generated_pub_key"
changed_when: false
Expand All @@ -95,6 +99,7 @@
- "gitlab_runner_ssh_private_key | default('') | length > 0"

- name: "Read flatcar linux config"
become: true
ansible.builtin.command: "cat /etc/gitlab-runner/ignition.json"
register: "flatcar_linux_config"
changed_when: false
Expand All @@ -109,6 +114,7 @@
gitlab_runner_authentication_token: "{{ lookup('env', 'AUTHENTICATION_TOKEN') }}"

- name: "Assert that the runner was registered successfully"
become: true
ansible.builtin.command: "gitlab-runner list"
changed_when: false
register: "runners"
Expand All @@ -117,6 +123,7 @@
when: "gitlab_runner_authentication_token | length > 0"

- name: "Assert that the verify command is successful"
become: true
ansible.builtin.command: "gitlab-runner verify"
changed_when: false
register: "runners_verify"
Expand All @@ -131,6 +138,7 @@
failed_when: '"# TYPE gitlab_runner_version_info" not in metrics.content'

- name: "Unregister GitLab-Runner"
become: true
ansible.builtin.command: "gitlab-runner unregister --all-runners"
changed_when: false
# Do not verify runner registration in forks
Expand Down
2 changes: 2 additions & 0 deletions roles/gitlab_runner/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@
---

- name: "Transpile the flatcar linux configuration"
become: true
ansible.builtin.command: "butane -o /etc/gitlab-runner/ignition.json /etc/gitlab-runner/butane-config.bu"
changed_when: true

- name: "Restart GitLab-Runner"
become: true
ansible.builtin.service:
name: "gitlab-runner"
state: "restarted"
Expand Down
7 changes: 7 additions & 0 deletions roles/gitlab_runner/tasks/install.debianlike.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
---

- name: "Install GitLab-Runner dependencies"
become: true
ansible.builtin.apt:
pkg:
- "debian-archive-keyring"
Expand All @@ -20,6 +21,7 @@

block:
- name: "Add packages repository packages.gitlab.com/runner/gitlab-runner"
become: true
ansible.builtin.deb822_repository:
name: "gitlab-runner"
types: "deb"
Expand All @@ -31,6 +33,7 @@
enabled: true

- name: "Use APT pinning for Debian os"
become: true
ansible.builtin.template:
src: "pin-gitlab-runner.pref.j2"
dest: "/etc/apt/preferences.d/pin-gitlab-runner.pref"
Expand All @@ -40,6 +43,7 @@
when: "ansible_facts.distribution == 'Debian'"

- name: "Install gitlab-runner-helper-images with downgrade option"
become: true
ansible.builtin.apt:
name: "{{ gitlab_runner_helper_images_package_name }}"
state: "present"
Expand All @@ -50,6 +54,7 @@
- "gitlab_runner_version is version('17.7.0', 'ge') or gitlab_runner_version | length == 0"

- name: "Install gitlab-runner with downgrade option"
become: true
ansible.builtin.apt:
name: "{{ gitlab_runner_package_name }}"
state: "present"
Expand All @@ -69,12 +74,14 @@
block:

- name: "Install gitlab-runner-helper-images from a .deb file"
become: true
ansible.builtin.apt:
deb: "{{ gitlab_runner_helper_images_deb_file }}"
allow_downgrade: true
when: "gitlab_runner_version is version('17.7.0', 'ge') or gitlab_runner_version | length == 0"

- name: "Install gitlab-runner from a .deb file"
become: true
ansible.builtin.apt:
deb: "{{ gitlab_runner_deb_file }}"
allow_downgrade: true
Expand Down
3 changes: 3 additions & 0 deletions roles/gitlab_runner/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
loop_var: "gitlab_runner"

- name: "Slurp ignition json"
become: true
ansible.builtin.slurp:
src: "/etc/gitlab-runner/ignition.json"
register: "__ignition_json"
Expand All @@ -56,6 +57,7 @@
- "not __gitlab_runner_is_initial_dryrun"

- name: "Template config file"
become: true
ansible.builtin.template:
src: "config.toml.j2"
dest: "{{ gitlab_runner_config_path }}"
Expand All @@ -69,6 +71,7 @@
when: "not __gitlab_runner_is_initial_dryrun"

- name: "Start GitLab-Runner"
become: true
ansible.builtin.service:
name: "gitlab-runner"
state: "started"
Expand Down
Loading