Until the creation of this README (July 2021), GitLab lacks the feature of assigning a CI runner to multiple groups (see issue #23722 in the GitLab code repository). This project circumvents this limitation by assigning runners to all projects of given groups with the GitLab API.
This tool can be used as a command line program from any machine which has network access to your GitLab instance. Alternatively, you setup it as a custom GitLab runner which is triggered from a configuration repository.
This tool needs administrator access to your GitLab instance.
gitlab-multi-group-runner is available on PyPI for Python 3.5+ and can be installed with pip:
python3 -m pip install gitlab-multi-group-runnerpip will create an executable gitlab-multi-group-runner.
If you use Arch Linux or one of its derivatives, you can also install gitlab-multi-group-runner from the
AUR:
yay -S python-gitlab-multi-group-runnerYou also find self-contained executables for 64-bit Linux distributions and macOS High Sierra and newer on the releases page. They are created with PyInstaller and only require glibc >= 2.17 on Linux (should be fine on any recent Linux system).
This is the recommended setup.
You can follow these steps:
-
Create a new empty GitLab repository which will contain the configuration file.
-
Install GitLab runner on a dedicated host as described in the GitLab runner documentation (of course a virtual machine or an LXC is also sufficient).
-
Go to the webpage of your fresh GitLab repository and navigate to Settings -> CI/CD -> Runners and copy the registration token from the Specific runners section. Disable Shared runners.
-
Run the
registercommand on the GitLab runner hostgitlab-runner register
and enter these values:
Field Value GitLab instance URL URL to your GitLab instance Registration token Copied before Description multi-group-configuration-runnerTags Empty Executor custom -
Clone the GitHub repository https://github.com/sciapp/gitlab-multi-group-runner onto your GitLab runner host and run the installation:
git clone https://github.com/sciapp/gitlab-multi-group-runner cd gitlab-multi-group-runner make installBy default, the
make installcommand will install a custom GitLab runner driver to/opt/multi-group-runner-driver. You can passPREFIXto the make command to change the installation destination. -
Edit
/etc/gitlab-runner/config.toml:-
Configure the
builds_dirandcache_dirsettings:[[runners]] builds_dir = "/home/gitlab-runner/builds" cache_dir = "/home/gitlab-runner/cache"
-
Configure the
runstage:[runners.custom] run_exec = "/opt/multi-group-runner-driver/bin/run_stage" run_args = [ "-f", "/opt/multi-group-runner-driver/etc/gitlab_multi_group_runnerrc.yml" ]
-
-
Create a configuration file
/opt/multi-group-runner-driver/etc/gitlab_multi_group_runnerrc.yml. See the section Configuration for more details. -
Restart the GitLab runner service:
sudo systemctl restart gitlab-runner
-
Create a configuration file
multi-group-runner-config.ymlin the top level directory of the GitLab repository. See Configuration for more details. -
Create a CI configuration file
.gitlab-ci.ymlnext tomulti-group-runner-config.ymlwith the content:stages: - apply-config apply-config: stage: apply-config script: noop
This minimal configuration file is needed to trigger a CI pipeline when new commits are pushed to the repository and to activate the custom CI runner.
-
(Optional) Go to the webpage of your fresh GitLab repository and navigate to CI/CD -> Schedules and create a repeating event to configure new projects automatically in a defined interval.
When the CI pipeline is triggered, the configuration file in the repository is read and the runner will reconfigure the runners in the configured groups and projects. You should see something like
Running on multi-group-configuration-runner...
[INFO] Disable shared runners in project "mygroup/myproject"
[INFO] Enable runner "intel-docker", (id: 10, tags: ["docker", "intel"]) in project "mygroup/myproject"
[...]
in your CI job log.
gitlab-multi-group-runner uses two configuration files:
-
The first configuration file must be located on the same machine as the executable
gitlab-multi-group-runner. It contains parameters which are needed for the GitLab API access and specifies which runners and groups are allowed to be configured and which configuration repositories are accepted (see next step). This is an example configuration file (can also be printed withgitlab-multi-group-runner --print-example-config):general: disable_shared_runners: true gitlab: auth_token: xxxxxxxxxxxxxxxxxxxx url: https://mygitlab.com runners: - allowed_projects_rules: one_member_of: - my-group-name - my-user-name ids: - 1 - 3 config_repo: branch: master path: administration/my-multi-group-runners
Some notes:
-
disable_shared_runnersspecifies if shared runners will be disabled in all repositories which are reconfigured by this tool. Set it tofalse, to not touch shared runners. -
The
auth_tokenmust be a token for the administrator account withapiandread_repositoryaccess. Login asrootand go to Preferences -> Access Tokens to generate a new token. -
allowed_projects_rulesis a set of rules to identify projects which are allowed to be configured. Currently, only the ruleone_member_ofis supported. The value is a list of groups and users from which it least one user must be a member of the project which shall be configured.Example: If
foois given, then all projects in the groupfooare allowed to be configured. If another projectbarhas a member of groupfoo, the projectbarcan be configured as well. -
idsis a list of runner ids which are allowed to be assigned to the projects defined byallowed_projects_rules. The Admin Area of your GitLab instance contains a Runners section which lists all runners and their ids.Important: Only specific runners can be used (so group runners must be re-registered as specific runners first). It does not matter if specific runners are locked or not.
-
config_repospecifies the GitLab repository which contains the second configuration file. The configuration repository specifies concretely which runners are assigned to which groups and projects. -
Note that
allowed_projects_rules,idsandconfig_repoform a list item of therunnerslist. You can specify as much triples as you need to describe which configuration repositories can configure which combinations of runners, groups and projects.
-
-
As noted before, the second configuration part is located in a Git repository on your GitLab instance. It must be located in the top level root and must be named
multi-group-runner-config.yml. This is an example configuration (can also be printed withgitlab-multi-group-runner --print-example-repo-config):runners: - groups_and_projects: - mygroup - myusername/myproject ids: - 1 - 3
The
runnerssection is a list of group/project and runner combinations. It configures which runners will be assigned to which concrete projects and groups.
Run gitlab-multi-group-runner with a local configuration file and a configuration repository path:
gitlab-multi-group-runner -f my_config.yml administration/my-multi-group-runnersgitlab-multi-group-runner will read both configuration files, check if the settings in
administration/my-multi-group-runners are allowed and make the appropriate GitLab API calls to add the runners to the
given projects.
You can run with the --all parameter to fetch all configuration repositories which are defined in my_config.yml.
Push a new commit to your configuration repository and wait for the CI pipeline to complete. That's it!
Please open an issue on GitHub if you experience bugs or miss features. Please consider to send a pull request if you can spend time on fixing the issue yourself. This project uses pre-commit to ensure code quality and a consistent code style. Run
make git-hooks-installto install all linters as Git hooks in your local clone of gitlab-multi-group-runner.