Simple runner to pull

im beginner to Gitlab so please apologize for my fundamental question. Im trying to solve the following problem.
We have a PS scripts in project DEMO on our internal Gitlab server
Project is cloned to Windows machine TEST in folder D:\Automation\DEMO
Im trying to setup runner on the same Windows box which would basically pull the DEMO project everytime there is a change.

So far i tried to create .gitlab-ci.yml file
- pshell
script: “git -C D:\Automation\DEMO pull”

but getting error saying that

Running with gitlab-runner 12.5.0 (577f813d)
  on AUTOM Nr1vUDWn
Using Shell executor...
Running on TEST...
Fetching changes...
Reinitialized existing Git repository in C:/Gitlab-Runner/builds/Nr1vUDWn/0/root/DEMO/.git/
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@TEST/root/DEMO/': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit status 1

We use SSH for git operations between Windows box and Gitlab server

Any suggestion how i fix this problem ?


the git CLI command uses https against the central GitLab repository server.

fatal: unable to access 'https://gitlab-ci-token:[MASKED]@TEST/root/DEMO/': SSL certificate problem: unable to get local issuer certificate

The problem here is with the TLS/SSL certificate. Can you share the GitLab server configuration for the SSL/TLS bits? I suspect that you’re using a self-signed certificate, or something is broken with Let’s Encrypt.


Hello Michael, thanks for such a speedy reply :slight_smile:

We actually use SSH for communication between git client and Gitlab server - not SSL.
Basically this is the path to used to clone the project git@TEST:root/DEMO.git
So our certificates are not setup properly for https right now. Is there a way to force ssh over https ?


then the script section is wrong, this is invoked inside the GitLab runner which has the Git repository pre-configured in there. Also, the CI token allows to clone the repository with authorization access, that’s hidden from you and very comfortable.

The following command basically uses the runner’s Git configuration, with the repository already cloned and fetched into the job’s workspace.

git pull

This just again invokes a pull in this regard, which likely is not even necessary.

Before you step into modifying the Git transport to SSH, may I ask why you want to fire another pull after the implicit clone in the runner?


Hi Michael,
well it goes back to my lack of knowledge and understanding of Gitlab runner functionality.
Somehow i wasnt aware that runner does the pull implicitly.
So if we dont need to initiate another pull, what should then the script part look like ? I read that Script is mandatory of the gitlab-ci.yml file


Hi Marek,

you can e.g. run unit tests in the script section, or just invoke the scripts with Powershell to see whether they are valid.

You could also go with a more advanced analysis and linting, e.g. with


Thanks Michael for your suggestions and your prompt responses.
Seems i need to get back to reading more manuals and forums on runners in general. Somehow i expected to be much simpler to achieve this small task. :frowning:
Changing runner clone from HTTP to SSH is not easy at all as far as i could find - so i guess we need to somehow first implement the SSL certificates on our Gitlab server to use HTTPS and then do the runner configuration part
i will close this topic and thanks again