Releases: simp/gitlab-beaker-cleanup-driver
Releases · simp/gitlab-beaker-cleanup-driver
0.6.1
Fixed
- Fixed root cause of
pids: unbound variable
messages in base.sh- These were caused by referencing empty arrays, which is considered unset in
Bash >= 4.1 < 4.4 - For reference:
OS Bash version EL7 4.2 EL8 4.4 Fedora >= 30 5.0+
- These were caused by referencing empty arrays, which is considered unset in
Changed
- Updated
ci_job_pids()
to only return tagged processes that have a
cmdline and aren't the executing script (e.g.,cleanup_exec.sh
) or its
functions - Simplified logic in
ci_job stop()
andci_stop_tagged_jobs()
Removed
- Unused
ci_job_kill_procs()
function - Unused
ci_job_cmdlines()
function
0.6.0
Added
- Documentation for environment variables
Fixed
- Rewrote non-priv user stage script execution logic
- Fixes failures on hardened systems where
/tmp
is mounted withnoexec
- Fixes security vulnerability that could be exploited to leak secrets to
malicious code from other jobs/projects - For details, see note in
base.sh
comments about [gitlab-runner#4804]
- Fixes failures on hardened systems where
- Fixed missing logs in some systems' journald by preferring
systemd-cat
when it is available- If
system-cat
is not available, system logging falls back tologger
- If
Removed
ci_job_ensure_user_can_access_script
function (no longer needed)
0.5.0
Added
- Various bash local touch-ups (to be extra careful)
- pipe_warn function to stream and log output from important commands
Changed
- Consolidated stop() logic in base.sh
- Build path uses CI_CONCURRENT_ID instead of CI_CONCURRENT_PROJECT_ID
- Build path uses CI_PROJECT_NAMESPACE/CI_PROJECT_NAME instead of
CI_PROJECT_PATH_SLUG - ci_job_pids() gives $1 precedence over $_CI_JOB_TAG
Fixed
- Fixed bug in ci_job_pids to set local __CI_JOB_TAG
- Fixed line 56: _CI_JOB_TAG: unbound variable message at the end of base.sh
- Fixed line 84: _CI_JOB_TAG: unbound variable message at the end of base.sh
- Fixed line 133: _CI_JOB_TAG: unbound variable message at the end of base.sh
- Script no longer terminates if /proc/$pid/cmdline doesn't exist
- Error checking and logging for various commands
- Fixed logger choking on strings beginning with -
0.4.1
0.4.0
Added
- Builds are now executed as an unprivileged user (default:
gitlab-runner
) - base.sh:
- Added variables with defaults:
$CI_RUNNER_USER
and$CI_RUNNER_USER_DIR
- These specify the non-privileged build user & build/cache parent path
- Added
banner()
function
- Added variables with defaults:
Changed
- Custom executor bumped to version 0.4.0
*_exec.sh
scripts now report only their basenames without extensions- config_exec.sh now sources
base.sh
for default variable values - base.sh is now silent on stdout as it is being sourced
Fixed
- Tagged release version has been advanced to match the custom executor (
0.4.0
) - Safety checks in
ci_job()
0.1.1
Initial release
0.1.0 Fixups in README