Can't run script file - Permission Denied

I’ve got a CI pipeline that builds a docker image, pushes it to the Gitlab registry and then I’d like to automatically update the image in the staging environment.

The docker environment is hosted in Rancher, I can call the Rancher API to upgrade the docker image through a simple script.

#!/bin/sh
set -x #echo on
while getopts ":k:s:a:" opt; do
  case $opt in
    k) RANCHERACCESS="$OPTARG"
    ;;
    s) RANCHERSECRET="$OPTARG"
    ;;
    a) APPID="$OPTARG"
    ;;
    \?) echo "Invalid option -$OPTARG" >&2
    ;;
  esac
done
curl -u $RANCHERACCESS:$RANCHERSECRET \
-X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{"inServiceStrategy":null, "toServiceStrategy":"\"batchSize\":1, \"finalScale\":1, \"intervalMillis\":2000, \"toServiceId\":\"reference['$APPID']\", \"updateLinks\":false"}' \
'http://rancher.hosting.com:8080/v2-beta/projects/1a5/services/'$APPID'/?action=upgrade'

I’m calling this script in the gitlab-ci.yml file like this

deploy_Staging:
  stage: deploy
  script: 
    - ls -lsa ./scripts
    - whoami
    - ./scripts/RancherDeploy.sh -k $RANCHERACCESS -s $RANCHERSECRET -a $STAGING_ID
  environment:
    name: Staging
    url: https://Staging.app.net

However, when this phase always fails
This is my output

$ ls -lsa ./scripts
total 12
     4 drwxrwxrwx    2 root     root          4096 Mar 24 12:45 .
     4 drwxrwxrwx   13 root     root          4096 Mar 24 14:30 ..
     0 -rw-rw-rw-    1 root     root             0 Mar 24 11:27 .gitkeep
     4 -rw-rw-rw-    1 root     root           629 Mar 24 12:45 RancherDeploy.sh
$ whoami
root
$ ./scripts/RancherDeploy.sh -k $RANCHERACCESS -s $RANCHERSECRET -a $STAGING_ID
/bin/sh: eval: line 58: ./scripts/RancherDeploy.sh: Permission denied
ERROR: Job failed: exit code 126

I tried running the curl command directly from the YAML file, but the mashup of single and double quotes messes everything up

What part am I missing to get this to work?

Hi Maxim, in my CI pipelines I do exactly the same, I just don’t use a script. Instead I build an Alpine linux image with Rancher CLI binary.

Now to the point; You should add a chmod +x I guess, give that a try:

deploy_Staging:
  stage: deploy
  script: 
    - ls -lsa ./scripts
    - whoami
    - chmod +x ./scripts/RancherDeploy.sh
    - ./scripts/RancherDeploy.sh -k $RANCHERACCESS -s $RANCHERSECRET -a $STAGING_ID
  environment:
    name: Staging
    url: https://Staging.app.net

Hi Stefan,

That worked indeed. Thanks for that.

When you say you build an Alpine image, am I correct in understanding you have an image based of alpine that has the docker binaries and the rancher-cli embedded within them. And the CI-runner uses this image to build and interact with the Rancher environment?

Thanks in advance!

While the chmod +x in the gitlab-ci.yml works fine, I think the better solution is to tell git that the file should be executable. Then git will set the executable permission for the file when it checks it out.

I think this happens automatically if the file already has the permission when it is added to git.
If the file was added to git without the permission, you can set the permission manually afterwards. See https://stackoverflow.com/questions/21691202/how-to-create-file-execute-mode-permissions-in-git-on-windows