diff options
Diffstat (limited to 'doc/ci/jobs')
| -rw-r--r-- | doc/ci/jobs/ci_job_token.md | 20 | ||||
| -rw-r--r-- | doc/ci/jobs/index.md | 10 | ||||
| -rw-r--r-- | doc/ci/jobs/job_artifacts.md | 48 | ||||
| -rw-r--r-- | doc/ci/jobs/job_artifacts_troubleshooting.md | 4 | ||||
| -rw-r--r-- | doc/ci/jobs/job_control.md | 10 |
5 files changed, 58 insertions, 34 deletions
diff --git a/doc/ci/jobs/ci_job_token.md b/doc/ci/jobs/ci_job_token.md index cf8b4ccd092..ba2d63c12e4 100644 --- a/doc/ci/jobs/ci_job_token.md +++ b/doc/ci/jobs/ci_job_token.md @@ -1,7 +1,7 @@ --- stage: Verify group: Pipeline Security -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # GitLab CI/CD job token **(FREE ALL)** @@ -12,11 +12,11 @@ When a pipeline job is about to run, GitLab generates a unique token and injects You can use a GitLab CI/CD job token to authenticate with specific API endpoints: - Packages: - - [Package Registry](../../user/packages/package_registry/index.md#to-build-packages). + - [Package registry](../../user/packages/package_registry/index.md#to-build-packages). - [Packages API](../../api/packages.md) (project-level). - - [Container Registry](../../user/packages/container_registry/build_and_push_images.md#use-gitlab-cicd) + - [Container registry](../../user/packages/container_registry/build_and_push_images.md#use-gitlab-cicd) (the `$CI_REGISTRY_PASSWORD` is `$CI_JOB_TOKEN`). - - [Container Registry API](../../api/container_registry.md) + - [Container registry API](../../api/container_registry.md) (scoped to the job's project, when the `ci_job_token_scope` feature flag is enabled). - [Get job artifacts](../../api/job_artifacts.md#get-job-artifacts). - [Get job token's job](../../api/jobs.md#get-job-tokens-job). @@ -120,12 +120,12 @@ the following actions without being added to the allowlist: To limit access to these actions to only the projects on the allowlist, set the visibility of each feature to be only accessible to project members: -Prerequisite: +Prerequisites: - You must have the Maintainer role for the project. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. -1. On the left sidebar, select **Settings > General**. +1. On the left sidebar, select **Search or go to** and find your project. +1. Select **Settings > General**. 1. Expand **Visibility, project features, permissions**. 1. Set the visibility to **Only project members** for the features you want to restrict access to. - The ability to fetch artifacts is controlled by the CI/CD visibility setting. @@ -145,7 +145,7 @@ your maintainers, the job token could be used in an attempt to access your proje You can disable the job token scope allowlist for testing or a similar reason, but you should enable it again as soon as possible. -Prerequisite: +Prerequisites: - You must have at least the Maintainer role for the project. @@ -166,7 +166,7 @@ You can also disable the allowlist [with the API](../../api/graphql/reference/in You can add projects to the allowlist for a project. Projects added to the allowlist can make API calls from running pipelines by using the CI/CD job token. -Prerequisite: +Prerequisites: - You must have at least the Maintainer role in the current project. If the allowed project is internal or private, you must have at least the Guest role in that project. @@ -210,7 +210,7 @@ to make an API request to project `B`, then `B` must be added to the allowlist f > **Limit CI_JOB_TOKEN access** setting [renamed to **Limit access _from_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3. -Prerequisite: +Prerequisites: - You must not have more than 200 projects added to the token's scope. diff --git a/doc/ci/jobs/index.md b/doc/ci/jobs/index.md index b5fc32e69dc..f4836f93234 100644 --- a/doc/ci/jobs/index.md +++ b/doc/ci/jobs/index.md @@ -1,7 +1,7 @@ --- stage: Verify group: Pipeline Authoring -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Jobs **(FREE ALL)** @@ -375,6 +375,14 @@ job1: - echo -e "\e[0Ksection_end:`date +%s`:my_first_section\r\e[0K" ``` +### Full screen mode + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/363617) in GitLab 16.7. + +You can view the contents of a job log in full screen mode by clicking **Show full screen**. + +To use full screen mode, your web browser must also support it. If your web browser does not support full screen mode, then the option is not available. + ## Deployment jobs Deployment jobs are a specific kind of CI job in that they deploy code to diff --git a/doc/ci/jobs/job_artifacts.md b/doc/ci/jobs/job_artifacts.md index b6269918ed9..f93068faf01 100644 --- a/doc/ci/jobs/job_artifacts.md +++ b/doc/ci/jobs/job_artifacts.md @@ -1,7 +1,7 @@ --- stage: Verify group: Pipeline Security -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Job artifacts **(FREE ALL)** @@ -67,6 +67,8 @@ is used. To prevent artifacts from expiring, you can select **Keep** from the job details page. The option is not available when an artifact has no expiry set. +By default, the [latest artifacts are always kept](#keep-artifacts-from-most-recent-successful-jobs). + ### With a dynamically defined name You can use [CI/CD variables](../variables/index.md) to dynamically define the @@ -227,17 +229,21 @@ unless the report is added as a regular artifact with `artifacts:paths`. You can download the artifacts archive for a specific job with a publicly accessible URL for the [job artifacts API](../../api/job_artifacts.md#download-the-artifacts-archive). -For example, to download the latest artifacts of a job named `build` in the `main` branch of a project on GitLab.com: +For example: -```plaintext -https://gitlab.com/api/v4/projects/<project-id>/jobs/artifacts/main/download?job=build -``` +- To download the latest artifacts of a job named `build` in the `main` branch of a project on GitLab.com: -For example, to download the file `review/index.html` from the latest job named `build` in the `main` branch of a project on GitLab.com: + ```plaintext + https://gitlab.com/api/v4/projects/<project-id>/jobs/artifacts/main/download?job=build + ``` -```plaintext -https://gitlab.com/api/v4/projects/<project-id>/jobs/artifacts/main/raw/review/index.html?job=build -``` +- To download the file `review/index.html` from the latest job named `build` in the `main` branch of a project on GitLab.com: + + ```plaintext + https://gitlab.com/api/v4/projects/<project-id>/jobs/artifacts/main/raw/review/index.html?job=build + ``` + + Files returned by this endpoint always have the `plain/text` content type. In both examples, replace `<project-id>` with a valid project ID, found at the top of the project details page. @@ -327,15 +333,21 @@ With this configuration, GitLab adds **artifact 1** as a link to `file.txt` to t > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/16267) in GitLab 13.0. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/229936) in GitLab 13.4. > - [Made optional with a CI/CD setting](https://gitlab.com/gitlab-org/gitlab/-/issues/241026) in GitLab 13.8. +> - Artifacts for [blocked](https://gitlab.com/gitlab-org/gitlab/-/issues/387087) or [failed](https://gitlab.com/gitlab-org/gitlab/-/issues/266958) pipelines no longer kept indefinitely in GitLab 16.7. + +By default artifacts are always kept for successful pipelines for the most recent commit on each ref. +Any [`expire_in`](#with-an-expiry) configuration does not apply to the most recent artifacts. -By default artifacts are always kept for successful pipelines for the most recent commit on -each ref. This means that the latest artifacts do not immediately expire according -to the `expire_in` configuration. +A pipeline's artifacts are only deleted according to the `expire_in` configuration +if a new pipeline runs for the same ref and: -If a pipeline for a new commit on the same ref completes successfully, the previous pipeline's -artifacts are deleted according to the `expire_in` configuration. The artifacts -of the new pipeline are kept automatically. If multiple pipelines run for the most -recent commit on the ref, all artifacts are kept. +- Succeeds. +- Fails. +- Stops running due to being blocked by a manual job. + +Additionally, artifacts are kept for the ref's last successful pipeline even if it +is not the latest pipeline. As a result, if a new pipeline run fails, the last successful pipeline's +artifacts are still kept. Keeping the latest artifacts can use a large amount of storage space in projects with a lot of jobs or large artifacts. If the latest artifacts are not needed in @@ -352,7 +364,3 @@ Then the artifacts in the earlier pipeline for that ref are allowed to expire to You can disable this behavior for all projects on a self-managed instance in the [instance's CI/CD settings](../../administration/settings/continuous_integration.md#keep-the-latest-artifacts-for-all-jobs-in-the-latest-successful-pipelines). - -When **Keep artifacts from most recent successful jobs** is enabled, artifacts are always kept for [blocked](job_control.md#types-of-manual-jobs) -pipelines. These artifacts expire only after the blocking job is triggered and the pipeline completes. -[Issue 387087](https://gitlab.com/gitlab-org/gitlab/-/issues/387087) proposes to change this behavior. diff --git a/doc/ci/jobs/job_artifacts_troubleshooting.md b/doc/ci/jobs/job_artifacts_troubleshooting.md index f2efa8da9eb..0b7777d2d82 100644 --- a/doc/ci/jobs/job_artifacts_troubleshooting.md +++ b/doc/ci/jobs/job_artifacts_troubleshooting.md @@ -1,7 +1,7 @@ --- stage: Verify group: Pipeline Security -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Troubleshooting job artifacts @@ -29,7 +29,7 @@ If job artifacts are using too much disk space, see the This message appears in job logs when a the runner can't find the file to upload. Either the path to the file is incorrect, or the file was not created. You can check the job -log for other errors or warnings that specify the filename and why it wasn't +log for other errors or warnings that specify the file name and why it wasn't generated. For more detailed job logs, you can [enable CI/CD debug logging](../variables/index.md#enable-debug-logging) diff --git a/doc/ci/jobs/job_control.md b/doc/ci/jobs/job_control.md index 0c8e4fc593f..b432106a2d8 100644 --- a/doc/ci/jobs/job_control.md +++ b/doc/ci/jobs/job_control.md @@ -1,7 +1,7 @@ --- stage: Verify group: Pipeline Authoring -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Choose when to run jobs **(FREE ALL)** @@ -1080,6 +1080,14 @@ produce an `invalid expression syntax` error. Pattern matching is case-sensitive by default. Use the `i` flag modifier to make a pattern case-insensitive. For example: `/pattern/i`. +NOTE: +When using the `=~` character, make sure the right side of the comparison always contains +a valid regular expression. If the right side of the comparison is not a valid regular expression +enclosed with `/` characters, the expression evaluates in an unexpected way. In that case, +the comparison checks if the left side is a substring of the right side. For example, +`"23" =~ "1234"` evaluates to true, which is the opposite of `"23" =~ /1234/`, which evaluates to false. +You should not configure your pipeline to rely on this behavior. + #### Store the regex pattern in a variable > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35438) in GitLab 15.0 [with a flag](../../administration/feature_flags.md) named `ci_fix_rules_if_comparison_with_regexp_variable`, disabled by default. |