How to have a single cache by pipeline?

LordFPL · September 15, 2017, 9:43am

Hi all,

I’m trying to set up a pipeline that would have the following logic of jobs :

first tests in the runner
signing an ssh key for external server access (copy in a cache folder)
new tests on external server thanks to the key
deploy on server thanks to the key

I was thinking of using the cache mechanism … but it’s persistent between different pipelines:

“By default caching is enabled and shared between pipelines and jobs, starting from GitLab 9.0”

I do not want to trust of the users by asking to think well to delete the cache at the end of the pipeline (some actions are manual … and therefore entails a risk of access to the cache).

I tried to use the artifacts … but they become available via the interface … and I can only define their duration.

Is there a way to pass between certain jobs of a pipeline some files in a secure way and limited to this single pipeline?

Thanks in advance

1oglop1 · September 26, 2017, 7:27am

Hello Lord,
do you have any progress with this? I have exactly same question.

LordFPL · September 26, 2017, 8:01am

Hi,

No progress on this : i have choose to not use any cache pour theses operation… i’m re-signing a key on each stage, only way to secure my access

sweisgerber.dev · November 7, 2017, 11:03am

You can do it by specifying a cache key, that is unique to your current pipeline.

A suitable key for a specific pipeline, that shares between jobs of a particular pipeline would be: $CI_PIPELINE_ID

In Context:

build:
  stage: build
  before_script:
  - echo Hello Before
  script:
  - echo Hello Script
  cache:
    key: "$CI_PIPELINE_ID"
    paths:
    - my/path

Subsequent jobs in the current pipeline than have access to the stuff in my/path, Other pipelines won’t.

Further Resources

LordFPL · November 8, 2017, 9:48am

Hello,

Thanks for your answer, but i don’t see how to remove cache when pipeline ended.
If i add in script :

- find /cache -ls

You will have :

$ find /cache -ls
 39425    0 drwxrwxrwx   3 root     root           60 Nov  8 09:08 /cache
 62503    0 drwx------   3 root     root           60 Nov  8 09:08 /cache/group
 62504    0 drwx------   4 root     root           80 Nov  8 09:21 /cache/group/test-pipelines
 64359    0 drwx------   2 root     root           60 Nov  8 09:21 /cache/group/test-pipelines/989
 64360    4 -rw-------   1 root     root          388 Nov  8 09:21 /cache/group/test-pipelines/989/cache.zip
 62505    0 drwx------   2 root     root           60 Nov  8 09:12 /cache/group/test-pipelines/988
 63237    4 -rw-------   1 root     root          600 Nov  8 09:12 /cache/group/test-pipelines/988/cache.zip

I am in $CI_PIPELINE_ID 989… but cache from $CI_PIPELINE_ID 988 is accessible.

How can we purge cache when pipeline ended ?

ashumkin · November 17, 2017, 11:14am

I guess if to remove files from a cached folder on a final “cleanup” step they will be removed from a cache…

I did not test it

LordFPL · November 17, 2017, 3:22pm

Hi, thanks for the idea of a final “cleanup” step… but as it’s in the gitlab-ci file, user can remove it… change it… as i say in my first post :

IMHO (sysop side), this task must be done by gitlab/gitlab-runner for the sake of pure security

Topic		Replies	Views
How to use the "cache" in gitlab when trying to use files from two previously run jobs? GitLab CI/CD	5	9478	November 19, 2021
Gitlab CI carry cache between stages/steps GitLab CI/CD	0	1764	November 2, 2017
GitLab runner using same old cache and not clearing up cache and executing and resulting in the pipeline with the same old result GitLab CI/CD runner	2	3907	March 25, 2022
Caching CI Artifacts How to Use GitLab	1	401	May 13, 2020
How use global cache with multiple runner(machines) for store common datafile with gitlab How to Use GitLab	1	379	January 24, 2019

How to have a single cache by pipeline?

Further Resources

Related topics