Gitlab-runner run without sudo

Hi Guys,

I followed Install GitLab Runner on macOS | GitLab and installed gitlab-runner via manual installation as it is advised as recomended.

So I download gitlab-runner, change permissions, install it. Enable auto-login…

If I top | grep gitlab I can see something like

01  gitlab-runner    0.0  00:01.00 8     0   17     7972K  0B    0B    101  1    sleeping *0[1]     0.00000 0.00000    0   5853    159   44      21      16279   98      12836   3097    2364    0.0   0      0      root            N/A    N/A   N/A   N/A   N/A   N/A 

If I start the pipeline it does not get picked. (Because it is sleeping?)

If I run gitlab-runner run I get warning about running only in user space. And the job is not picked.

Finally when I run sudo gitlab-runner run everything works.

What is wrong? What should I check? And how to configure the gitlab runner to work on MacOs without any user input? (The MacOs machine might be stopped, turned off, restarted…)

Hi @KapitanPL :wave: :slightly_smiling_face: I’ll repost my comments from our discussion on gitter in here to better visibility :slightly_smiling_face:

I faced the exact same issue and what I discovered was this:

  • it’s not really well explained, but only certain commands need to be run as sudo when setting up the runner. These commands are only the first ones in the documentation

    • the command to download the runner executable
    • the command to change the executable permissions, in order to make it, well, executable

    All the subsequent commands (gitlab-runner register, gitlab-runner install, gitlab-runner start, …) need to be run as the user that will “run the runner”.

  • There is a missing folder on the Mac system and this will prevent the runner service from registering (and maybe even starting). This was found and reported in this issue comment, where is also explained a solution.

Since I was already creating one, I’ll share a script that does all of the above and sets up a runner on a MacOS system :slightly_smiling_face:

#!/bin/sh

GREEN='\033[0;32m'
NO_COLOR='\033[0m'

if test $(which gitlab-runner); then
    echo "${GREEN}Removing existing runner${NO_COLOR}"
    gitlab-runner unregister --all-runners
    gitlab-runner stop
    gitlab-runner uninstall
fi

echo "${GREEN}Downloading latest runner${NO_COLOR}"
sudo curl --output /usr/local/bin/gitlab-runner "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-darwin-arm64"
sudo chmod +x /usr/local/bin/gitlab-runner

echo ""
echo "${GREEN}"
echo "The registration process will now begin."
echo "${NO_COLOR}"
echo ""

read -rsp $'Press any key to continue...\n' -n1 key

gitlab-runner register 

# We need to make sure that the /usr/local/var/log folder exists and it has write access
sudo mkdir -p /usr/local/var/log
sudo chmod 777 /usr/local/var/log

echo "${GREEN}All the builds for the runner will take place inside ~/gitlab-runner-builds${NO_COLOR}"
mkdir -p ~/gitlab-runner-builds
chmod 777 ~/gitlab-runner-builds

echo "${GREEN}We will now register the runner as service so it will start automatically after a reboot.${NO_COLOR}"
gitlab-runner install -d ~/gitlab-runner-builds
gitlab-runner start

And how to configure the gitlab runner to work on MacOs without any user input? (The MacOs machine might be stopped, turned off, restarted…)

If the MacOS machine is stopped, I’m afraid there’s not much you can do automatically, but otherwise, the above script will setup the gitlab-runner service to start as soon as you login to the Mac :slightly_smiling_face: Also, to make the script fully automatic, you can provide additional switches to the gitlab-runner register command (for example --registration-token or a list of tags or the name of the runner). For a full list of options you can run gitlab-runner register --help.

Finally tested, thanks, it works.

I guess the main issue are rights to different folders. Upon closer inspect a better solution then just 777 mitght be found. But as it works I have no complaints. Thanks again.

Awesome :slightly_smiling_face: Glad to know it worked for you too :smile: