Allow specifying gitlab runner token from file for `run-single` (!4755) · Merge requests · GitLab.org / gitlab-runner

Tobias Ribizel requested to merge upsj/gitlab-runner:run_single_token_file into main May 01, 2024

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

Why was this MR needed?

In the current setting, run-single can't really be used safely in a multi-user system, since process arguments are visible to all users, so the token value gets leaked to all other active users.

What does this MR do?

This can be avoided by loading the token from a file instead. So I added a --token-file flag that can be used instead of -t to safely load a token without leaking it to the entire system.

What's the best way to test this MR?

Executing run-single with -t <token> and --token-file <filename> picks up a job from the corresponding runner. There doesn't seem to be extensive testing of run-single, so there was no good place to test this feature automatically.

What are the relevant issue numbers?

This doesn't seem to have been reported before, so I created #37511 (closed)

close #37511 (closed)

Edited May 07, 2024 by Romuald Atchadé - OOO from 2024-12-23 to 2025-01-03

Allow specifying gitlab runner token from file for `run-single`

Why was this MR needed?

What does this MR do?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports