Variable expansion with default no longer works with Artifacts (since 15.5 / 15.4.1)
Status update (2022-11-06)
-
As of today, the only option (workaround) is to use an earlier version of Runner. GitLab Runner 15.4 or earlier does not include the code update that prevents the host operating system from expanding variables outside of the script section.
-
Note The proposed solution moving forward is a new feature in Runner that will enable the passing of values between jobs. Follow issue Pass values between jobs steps (#29391 - closed)
Summary
Using variable expansion with defaults (i.e. things like ${ROOT:-.}
) as part of an artifact
path no longer works.
See variable defaults epic: &7437
Steps to reproduce
Here's a simple ci file to reproduce:
stages:
- build
variable-issue:
stage: build
script:
- mkdir -p ${ROOT:-.}/output
- echo "wibble" > ${ROOT:-.}/output/file.txt
- find .
artifacts:
paths:
- ${ROOT:-.}/output
Actual behavior
I see the following on 15.5.0 and 15.4.1:
Uploading artifacts...
WARNING: /output: no matching files. Ensure that the artifact path is relative to the working directory
Expected behavior
I see this on 15.4.0
Uploading artifacts for successful job
Uploading artifacts...
output: found 2 matching files and directories
Possible fixes
Seems related to a bunch of security fixes (which I'm not privy to): https://gitlab.com/gitlab-org/security/gitlab-runner/-/merge_requests/38