The problem Link to heading
Runner fails to remove files from previous builds or from previous CI stages.
Using Shell executor... Running on centos-512mb-nyc1-01... rm: cannot remove ‘/home/gitlab-runner/builds/fcdcff7a/0/grupoirona/turnateme/turnateme/__pycache__/__init__.cpython-35.pyc’: Permission denied rm: cannot remove ‘/home/gitlab-runner/builds/fcdcff7a/0/grupoirona/turnateme/turnateme/__pycache__/urls.cpython-35.pyc’: Permission denied rm: cannot remove ‘/home/gitlab-runner/builds/fcdcff7a/0/grupoirona/turnateme/turnateme/__pycache__/api_urls.cpython-35.pyc’: Permission denied rm: cannot remove ‘/home/gitlab-runner/builds/fcdcff7a/0/grupoirona/turnateme/turnateme/settings/__pycache__/__init__.cpython-35.pyc’: Permission denied .... .... .... goes on and on for every single file
The root cause Link to heading
For small enterprises or personal projects, usually,
gitlab-runner daemon is installed on the system and is using the user
gitlab-runner and group
This is OK, but when the pipelines are using Docker behind the scenes (to spin up a container to build an image for instance), things are getting complicated.
99% percent of the time, these temp Docker containers are using
root permissions inside the container to do stuff and is highly possible your Dockerfile is mounting files inside (bind) that will have
gitlab-runner’s permissions. Docker is doing its work and when it’s done, gitlab runner has to clean the things up and this is the step that these errors are showing up.
The solution Link to heading
TLDR; Linux ACLs
Just run these commands as root to make the
gitlab-runners home directory, collaborative. It means that whatever file is created under this directory, it will have the same group,
gitlab-runner and at least read and write permissions:
chmod g+s $(eval echo ~gitlab-runner) setfacl -m "default:group::rwx" $(eval echo ~gitlab-runner) getfacl $(eval echo ~gitlab-runner)
You should see the below output:
Go to that directory and verify the above change by creating a
poc file as root:
cd $(eval echo ~gitlab-runner) touch poc ls -l
As you can see the file is owned by the user
root and group
gitlab-runner and has read and write permissions: