« Gitlab » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
 
(62 versions intermédiaires par le même utilisateur non affichées)
Ligne 2 : Ligne 2 :
= Links =
= Links =
* [https://wiki.archlinux.org/title/GitLab archlinux wiki]
* [https://wiki.archlinux.org/title/GitLab archlinux wiki]
= [https://docs.gitlab.com/ee/ci/ Continuous Integration (CI)] =
= [https://docs.gitlab.com/ee/ci/quick_start Pipeline] =
* [https://docs.gitlab.com/ee/development/cicd/templates.html Development guide for GitLab CI/CD templates]
* [https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/dotNET-Core.gitlab-ci.yml .NET Gitlab CI template]
* [https://medium.com/tuimm/net-code-coverage-on-gitlab-3e35f08d0f44 .NET Code coverage on GitLab]
* [https://docs.gitlab.com/ee/ci/testing/unit_test_report_examples.html#net Unit test report examples]
{{warn | Ensure you have installed and registered [[Gitlab#Runner|runners]]}}
{{warn | Gitlab runs each job in a new container}}
{{info | Default stages are {{boxx|.pre}}, {{boxx|build}}, {{boxx|test}}, {{boxx|deploy}}, {{boxx|.post}}}}
Gitlab → top left menu → Projects → My project → left column: Repository → Files
<filebox fn='.gitlab-ci.yml'>
include:
  template: Template1.gitlab-ci.yml
# define the docker image to use
image: mcr.microsoft.com/dotnet/sdk:7.0
variables:
  VAR1: value
job1:
  variables:
    VAR2: "The $VAR1 is invalid"
    GIT_STRATEGY: none  # skips all Git operations. Useful for deployment jobs.
  script:
    - local_var=value
    - 'echo "$local_var ${VAR2}"'
    - echo ${VAR2}
  rules:  # the jib is executed only if one of the rules matches
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      when: manual  # manual job
      allow_failure: true  # the pipeline continues running even if the manual job is not run
    - if: $CI_PIPELINE_SOURCE == "schedule"  # if the first rule doesn’t match, then the second rule is evaluated
      when: on_success  # default
      allow_failure: false  # default
  artifacts:
    name: "$CI_JOB_NAME"  # name of the current job
    name: "$CI_COMMIT_REF_SLUG"  # name of the current branch or tag
    untracked: true  # add all Git untracked files as artifacts
    paths:
      - binaries/
    exclude:
      - binaries/**/*.o  # Unlike artifacts:paths, exclude paths are not recursive
  # jobs download all artifacts from the completed jobs in previous stages by default
  dependencies: []  # prevent a job from downloading any artifacts
cache:
  key: $CI_COMMIT_REF_SLUG  # Share caches between jobs in the same branch
  key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"  # per-job and per-branch caching
  key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"  # per-stage and per-branch caching
  key: one-key-to-rule-them-all  # share a cache across all branches and all jobs, use the same key for everything
  key: $CI_JOB_NAME  # share a cache between branches, but have a unique cache for each job
  paths:
    - '$NUGET_PACKAGES_DIRECTORY'
  policy: pull-push  # pull-push for changes to the default branch, pull for changes to other branches.
</filebox>
== [https://learn.microsoft.com/en-us/azure/devops/pipelines/ecosystems/dotnet-core .NET pipeline] ==
* [https://www.codecentric.de/wissens-hub/blog/dotnet-ci-cd-with-gitlab DOTNET CI/CD with Gitlab]
<filebox fn='.gitlab-ci.yml' collapsed>
# merge request pipeline
workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
image: mcr.microsoft.com/dotnet/sdk:7.0
cache:
  key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"  # Per-stage and per-branch caching.
  paths:
    - obj/project.assets.json
    - obj/*.csproj.nuget.*
    - .nuget
    - 'tools'
  policy: pull-push
build:
  stage: build
  script:
    - 'dotnet build'
test:
  stage: test
  script:
    # run unit tests with Coverlet data collector and log the results
    # JunitXML.TestLogger nuget package has to be added to the unit tests projects
    - 'dotnet test --collect="XPlat Code Coverage" --logger:"junit;LogFilePath=TestResults.xml"'
    # install reportgenerator
    - '[[ -x tools/reportgenerator ]] || dotnet tool install dotnet-reportgenerator-globaltool --tool-path tools'
    # merge the code coverage reports into 1 Cobertura report file and generate a text summary report file
    - 'tools/reportgenerator -reports:"*/TestResults/*/coverage.cobertura.xml" -targetdir:CoverageReport -reporttypes:"Cobertura;TextSummary"'
    # print the text summary report file
    - "sed -n '/Summary/,/^$/p' CoverageReport/Summary.txt"
  # read the line coverage from the printed text summary report file
  coverage: '/Line coverage: [0-9.]+%/'
  artifacts:
    reports:
      junit:
        - "*/TestResults.xml"
      coverage_report:
        coverage_format: cobertura
        path: "CoverageReport/Cobertura.xml"
quality:
  stage: test
  script:
    - 'dotnet build'
    - '[[ -x tools/roslynator ]] || dotnet tool install roslynator.dotnet.cli --tool-path tools'
    - 'tools/roslynator analyze -o roslynator.xml || true'
    - '[[ -x tools/cq ]] || dotnet tool install CodeQualityToGitlab --tool-path tools'
    - 'tools/cq roslynator roslynator.xml gl-code-quality-report.json "$CI_BUILDS_DIR/$CI_JOB_ID/$CI_PROJECT_NAME"'
  artifacts:
    paths:
      - roslynator.xml
      - gl-code-quality-report.json
    expose_as: 'code_quality_reports'
    reports:
      codequality: gl-code-quality-report.json
deploy:
  stage: deploy
  environment: production
  script:
    - 'dotnet publish --configuration Release'
    - 'mv bin/Release/net7.0/publish ./dotnetcore'
  artifacts:
    paths:
      - dotnetcore
</filebox>
== [https://docs.gitlab.com/ee/ci/variables/predefined_variables.html Predefined variables] ==
{| class="wikitable wtp wtmono1"
! Name
! Description
|-
| CI_COMMIT_REF_NAME || The branch or tag name for which project is built
|-
| CI_COMMIT_REF_SLUG || {{boxx|CI_COMMIT_REF_NAME}} in lowercase, shortened to 63 bytes, and with everything except {{boxx|0-9}} and {{boxx|a-z}} replaced with {{boxx|-}}
|}
== [https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html Merge request pipeline] ==
{{info | Branch pipelines are the default pipelines, they run when you push a new commit to a branch.}}
<filebox fn='.gitlab-ci.yml'>
# the entire pipeline will only run on a merge request
workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
# job1 will only run on a merge request
job1:
  script:
    - echo "This job runs in merge request pipelines"
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
</filebox>
== [https://docs.gitlab.com/ee/ci/environments/index.html Environments and deployments] ==
<filebox fn='.gitlab-ci.yml'>
deploy_staging:
  stage: deploy
  script:
    - echo "Deploy to staging server"
  environment:
    name: staging
    url: https://staging.example.com
</filebox>
== [https://docs.gitlab.com/ee/ci/testing/code_quality.html Code Quality] ==
{{warn | [https://docs.gitlab.com/ee/ci/testing/code_quality.html#pipeline-details-view Pipeline details view] is not available in Gitlab Free.}}
= Log =
Log files are in {{boxx|/var/log/gitlab}}
== Change sidekiq log level ==
<filebox fn='/usr/share/webapps/gitlab/config/initializers/sidekiq.rb'>
Sidekiq.configure_server do |config|
  # force WARN level
  config.logger.level = Logger::WARN
  # or set the same log level as Rails
  config.logger.level = Rails.logger.level
</filebox>
= [https://docs.gitlab.com/ee/administration/operations/rails_console.html#starting-a-rails-console-session Rails Console Session] =
<kode lang='bash'>
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production
</kode>
= [https://docs.gitlab.com/ee/user/profile/account/create_accounts.html Add new user] =
# from admin account → menu → admin
# Overview → Users
# click on the button New user (top right)
Resend confirmation email: {{boxx|<nowiki>https://gitlab.domain.net/users/confirmation/new</nowiki>}}


= [https://wiki.archlinux.org/index.php/GitLab#Installation Installation] =
= [https://wiki.archlinux.org/index.php/GitLab#Installation Installation] =
Ligne 32 : Ligne 230 :
   otp_key_base: [secret]
   otp_key_base: [secret]
   openid_connect_signing_key: [secret]
   openid_connect_signing_key: [secret]
  encrypted_settings_key_base: [secret]
</filebox>
</filebox>


Ligne 40 : Ligne 239 :
sudo gpasswd -a gitlab redis
sudo gpasswd -a gitlab redis
</kode>
</kode>
[https://wiki.archlinux.org/title/Redis Listen on socket]
<filebox fn='/etc/redis/redis.conf'>
unixsocket /run/redis/redis.sock
unixsocketperm 770
# don't listen on TCP
#port 6379
port 0
</filebox>


<filebox fn='/etc/webapps/gitlab/resque.yml'>
<filebox fn='/etc/webapps/gitlab/resque.yml'>
Ligne 77 : Ligne 286 :
psql -U gitlab -d gitlabdb
psql -U gitlab -d gitlabdb
</kode>
</kode>
<filebox fn='/etc/webapps/gitlab/database.yml'>
production:
  main:
    adapter: postgresql
    encoding: unicode
    database: gitlabdb
    username: gitlab
    password: [password]
    # host: localhost
    # port: 5432
    socket: /run/postgresql/.s.PGSQL.5432
</filebox>
<kode lang='bash'>
# start redis and gitlab-gitaly
sc-start redis
sc-start gitlab-gitaly
cd /usr/share/webapps/gitlab
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:setup
</kode>
== Check ==
<kode lang='bash'>
# Adjust modifier bits
sudo chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
sudo chmod -R ug-s /var/lib/gitlab/repositories
sudo find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 sudo chmod g+s
sc-start postgresql
sc-start redis
sc-start gitlab.target
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:env:info
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:check
</kode>
== Nginx ==
<filebox fn='/etc/nginx/sites-available/gitlab.conf' collapsed>
upstream gitlab-workhorse {
  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
}
server {
  listen 80;                  # IPv4 HTTP
  #listen 443 ssl http2;      # uncomment to enable IPv4 HTTPS + HTTP/2
  #listen [::]:80;            # uncomment to enable IPv6 HTTP
  #listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
  server_name gitlab.localhost;
  access_log  /var/log/gitlab/nginx_access.log;
  error_log  /var/log/gitlab/nginx_error.log;
  #ssl_certificate ssl/example.com.crt;
  #ssl_certificate_key ssl/example.com.key;
  location ~ ^/(assets)/ {
    root /usr/share/webapps/gitlab/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }
  location / {
      # unlimited upload size in nginx (so the setting in GitLab applies)
      client_max_body_size 0;
      # proxy timeout should match the timeout value set in /etc/webapps/gitlab/puma.rb
      proxy_read_timeout 60;
      proxy_connect_timeout 60;
      proxy_redirect off;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      #proxy_set_header X-Forwarded-Ssl on;
      proxy_pass http://gitlab-workhorse;
  }
  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    root /usr/share/webapps/gitlab/public;
    internal;
  }
}
</filebox>
== [https://wiki.archlinux.org/title/GitLab#Enable_fast_SSH_key_lookup Fast lookup of authorized SSH keys] ==
<filebox fn='/etc/ssh/sshd_config' lang='bash'>
# Gitlab fast SSH key lookup
AuthorizedKeysCommand /var/lib/gitlab/gitlab-shell/bin/gitlab-shell-authorized-keys-check gitlab %u %k
AuthorizedKeysCommandUser gitlab
</filebox>
<kode lang='bash'>
# generate private and public keys: ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub
ssh-keygen -t ed25519 -C "$(whoami)@$(hostname)"
# start ssh daemon
sc-start sshd
</kode>
Add the public key to Gitlab:
# click on the user icone top right → edit profile
# SSH Keys on left menu
# paste the public key (~/.ssh/id_ed25519.pub)
# click on the Add key button
== [https://docs.gitlab.com/omnibus/settings/smtp.html#email-not-sent SMTP] ==
<filebox fn='/etc/webapps/gitlab/smtp_settings.rb'>
if Rails.env.production?
  Rails.application.config.action_mailer.delivery_method = :smtp
  secrets = Gitlab::Email::SmtpConfig.secrets
  ActionMailer::Base.delivery_method = :smtp
  ActionMailer::Base.smtp_settings = {
    address: "smtp.domain.net",
    port: 587,
    user_name: secrets.username,
    password: secrets.password,
    domain: "domain.net",
    authentication: :login,
    enable_starttls_auto: true,
    openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options
  }
end
</filebox>
<kode lang='bash'>
# add the username and password to the smtp:secret
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:smtp:secret:edit EDITOR=nano
# open a Rails Console Session
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production
# check the configuration
ActionMailer::Base.delivery_method
# => :smtp
ActionMailer::Base.smtp_settings
# => {:address=>"smtp.domain.net", :port=587, ...
# send a test email
Notify.test_email('user@domain.net', 'Hello World', 'This is a test message').deliver_now
</kode>
== [https://docs.gitlab.com/runner/register/#linux Runner] ==
<kode lang='bash'>
# install
sudo pacman -S gitlab-runner
# register
sudo gitlab-runner register
# GitLab instance URL: https://www.mygitlab.net/
# Registration token: Gitlab (admin) → top left menu → Admin → left column: CI/CD → Runners → right: Register an instance runner button → copy the registration token
# Executor: docker
# Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0
# Configuration (with the authentication token) is saved in "/etc/gitlab-runner/config.toml"
# bring runner online manually
sudo gitlab-runner run
# by running the service
sc-start gitlab-runner
</kode>
* [https://docs.gitlab.com/runner/configuration/ Advanced configuration options]
<filebox fn='/etc/gitlab-runner/config.toml' collapsed>
log_level = "debug"  # change the loglevel
[[runners]]
  url = "https://www.mygitlab.net/"
  clone_url = "https://www.mygitlab.net/"  # override the url defined in /etc/webapps/gitlab/gitlab.yml
  environment = ["ENV=value", "LC_ALL=en_US.UTF-8"]  # set environment variables
  [runners.docker]
    image = "mcr.microsoft.com/dotnet/sdk:7.0"  # default docker image, used if no docker image is defined in the pipeline
    extra_hosts = ["www.mygitlab.net:host-gateway"]  # map www.mygitlab.net with the host, so the runner can access the website www.mygitlab.net running on the host
</filebox>
== Errors ==
=== Number of Sidekiq processes (cluster/worker) ... 0/1 ===
<pre>
Sidekiq: ... Running? ... yes
Number of Sidekiq processes (cluster/worker) ... 0/1
  Try fixing it:
  sudo systemctl restart gitlab-sidekiq.service
  Please fix the error above and rerun the checks.
</pre>
=== All migrations up? ... Exception: No such file or directory - bundle ===
<pre>
Database config exists? ... yes
All migrations up? ... Exception: No such file or directory - bundle
</pre>
=== Cable config exists? ... no ===
<pre>
Cable config exists? ... no
  Try fixing it:
  Copy config/cable.yml.example to config/cable.yml
  Update config/cable.yml to match your setup
  For more information see:
  doc/install/installation.md in section "GitLab"
  Please fix the error above and rerun the checks.
</pre>

Dernière version du 20 juin 2023 à 17:28

Links

Continuous Integration (CI)

Pipeline

Ensure you have installed and registered runners
Gitlab runs each job in a new container
Default stages are .pre, build, test, deploy, .post

Gitlab → top left menu → Projects → My project → left column: Repository → Files

.gitlab-ci.yml
include:
  template: Template1.gitlab-ci.yml

# define the docker image to use
image: mcr.microsoft.com/dotnet/sdk:7.0

variables:
  VAR1: value

job1:
  variables:
    VAR2: "The $VAR1 is invalid"
    GIT_STRATEGY: none  # skips all Git operations. Useful for deployment jobs.
  script:
    - local_var=value
    - 'echo "$local_var ${VAR2}"'
    - echo ${VAR2}
  rules:  # the jib is executed only if one of the rules matches
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      when: manual  # manual job
      allow_failure: true  # the pipeline continues running even if the manual job is not run
    - if: $CI_PIPELINE_SOURCE == "schedule"  # if the first rule doesn’t match, then the second rule is evaluated
      when: on_success  # default
      allow_failure: false  # default
  artifacts:
    name: "$CI_JOB_NAME"  # name of the current job
    name: "$CI_COMMIT_REF_SLUG"  # name of the current branch or tag
    untracked: true  # add all Git untracked files as artifacts
    paths:
      - binaries/
    exclude:
      - binaries/**/*.o  # Unlike artifacts:paths, exclude paths are not recursive
  # jobs download all artifacts from the completed jobs in previous stages by default
  dependencies: []  # prevent a job from downloading any artifacts

cache:
  key: $CI_COMMIT_REF_SLUG  # Share caches between jobs in the same branch
  key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"  # per-job and per-branch caching
  key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"  # per-stage and per-branch caching
  key: one-key-to-rule-them-all  # share a cache across all branches and all jobs, use the same key for everything
  key: $CI_JOB_NAME  # share a cache between branches, but have a unique cache for each job
  paths:
    - '$NUGET_PACKAGES_DIRECTORY'

  policy: pull-push  # pull-push for changes to the default branch, pull for changes to other branches.

.NET pipeline

.gitlab-ci.yml
# merge request pipeline
workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

image: mcr.microsoft.com/dotnet/sdk:7.0

cache:
  key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"  # Per-stage and per-branch caching.
  paths:
    - obj/project.assets.json
    - obj/*.csproj.nuget.*
    - .nuget
    - 'tools'
  policy: pull-push

build:
  stage: build
  script:
    - 'dotnet build'

test:
  stage: test
  script:
    # run unit tests with Coverlet data collector and log the results
    # JunitXML.TestLogger nuget package has to be added to the unit tests projects
    - 'dotnet test --collect="XPlat Code Coverage" --logger:"junit;LogFilePath=TestResults.xml"'
    # install reportgenerator
    - '[[ -x tools/reportgenerator ]] || dotnet tool install dotnet-reportgenerator-globaltool --tool-path tools'
    # merge the code coverage reports into 1 Cobertura report file and generate a text summary report file
    - 'tools/reportgenerator -reports:"*/TestResults/*/coverage.cobertura.xml" -targetdir:CoverageReport -reporttypes:"Cobertura;TextSummary"'
    # print the text summary report file
    - "sed -n '/Summary/,/^$/p' CoverageReport/Summary.txt"
  # read the line coverage from the printed text summary report file
  coverage: '/Line coverage: [0-9.]+%/'
  artifacts:
    reports:
      junit:
        - "*/TestResults.xml"
      coverage_report:
        coverage_format: cobertura
        path: "CoverageReport/Cobertura.xml"

quality:
  stage: test
  script:
    - 'dotnet build'
    - '[[ -x tools/roslynator ]] || dotnet tool install roslynator.dotnet.cli --tool-path tools'
    - 'tools/roslynator analyze -o roslynator.xml || true'
    - '[[ -x tools/cq ]] || dotnet tool install CodeQualityToGitlab --tool-path tools'
    - 'tools/cq roslynator roslynator.xml gl-code-quality-report.json "$CI_BUILDS_DIR/$CI_JOB_ID/$CI_PROJECT_NAME"'
  artifacts:
    paths:
      - roslynator.xml
      - gl-code-quality-report.json
    expose_as: 'code_quality_reports'
    reports:
      codequality: gl-code-quality-report.json

deploy:
  stage: deploy
  environment: production
  script:
    - 'dotnet publish --configuration Release'
    - 'mv bin/Release/net7.0/publish ./dotnetcore'
  artifacts:
    paths:
      - dotnetcore

Predefined variables

Name Description
CI_COMMIT_REF_NAME The branch or tag name for which project is built
CI_COMMIT_REF_SLUG CI_COMMIT_REF_NAME in lowercase, shortened to 63 bytes, and with everything except 0-9 and a-z replaced with -

Merge request pipeline

Branch pipelines are the default pipelines, they run when you push a new commit to a branch.
.gitlab-ci.yml
# the entire pipeline will only run on a merge request
workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

# job1 will only run on a merge request
job1:
  script:
    - echo "This job runs in merge request pipelines"
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

Environments and deployments

.gitlab-ci.yml
deploy_staging:
  stage: deploy
  script:
    - echo "Deploy to staging server"
  environment:
    name: staging
    url: https://staging.example.com

Code Quality

Pipeline details view is not available in Gitlab Free.

Log

Log files are in /var/log/gitlab

Change sidekiq log level

/usr/share/webapps/gitlab/config/initializers/sidekiq.rb
Sidekiq.configure_server do |config|
  # force WARN level
  config.logger.level = Logger::WARN
  # or set the same log level as Rails
  config.logger.level = Rails.logger.level

Rails Console Session

Bash.svg
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production

Add new user

  1. from admin account → menu → admin
  2. Overview → Users
  3. click on the button New user (top right)

Resend confirmation email: https://gitlab.domain.net/users/confirmation/new

Installation

  1. install and configure PostgreSQL
Bash.svg
sudo pacman gitlab
/etc/webapps/gitlab/gitlab.yml
host: gitlab.domain.net
port: 443
https: true

Secret string

Fill the following files with a secret:

Bash.svg
hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab/secret
sudo chmod 640 /etc/webapps/gitlab/secret

hexdump -v -n 64 -e '1/1 "%02x"' /dev/urandom | sudo dd of=/etc/webapps/gitlab-shell/secret
sudo chmod 640 /etc/webapps/gitlab-shell/secret

Set secrets in the following configuration file:

/etc/webapps/gitlab/secrets.yml
production:
  secret_key_base: [secret]
  db_key_base: [secret]
  otp_key_base: [secret]
  openid_connect_signing_key: [secret]
  encrypted_settings_key_base: [secret]

Redis

Bash.svg
# Add user gitlab to group redis
cat /etc/group | grep redis
sudo gpasswd -a gitlab redis

Listen on socket

/etc/redis/redis.conf
unixsocket /run/redis/redis.sock
unixsocketperm 770

# don't listen on TCP
#port 6379
port 0
/etc/webapps/gitlab/resque.yml
development:
  url: unix:/run/redis/redis.sock
test:
  url: unix:/run/redis/redis.sock
production:
  url: unix:/run/redis/redis.sock

PostgreSQL database

Bash.svg
# switch to the PostgreSQL user
sudo -iu postgres

# create a user named gitlab with superuser rights
createuser --interactive

# login into the databases server
psql

# change the password of the gitlab user
\password gitlab

# create the database
create database gitlabdb OWNER gitlab;
/var/lib/postgres/data/pg_hba.conf
# TYPE  DATABASE        USER            METHOD
local   gitlabdb        gitlab          scram-sha-256
Bash.svg
# login as gitlab
psql -U gitlab -d gitlabdb
/etc/webapps/gitlab/database.yml
production:
  main:
    adapter: postgresql
    encoding: unicode
    database: gitlabdb
    username: gitlab
    password: [password]
    # host: localhost
    # port: 5432
    socket: /run/postgresql/.s.PGSQL.5432
Bash.svg
# start redis and gitlab-gitaly
sc-start redis
sc-start gitlab-gitaly

cd /usr/share/webapps/gitlab
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:setup

Check

Bash.svg
# Adjust modifier bits
sudo chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/
sudo chmod -R ug-s /var/lib/gitlab/repositories
sudo find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 sudo chmod g+s

sc-start postgresql
sc-start redis
sc-start gitlab.target

sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:env:info
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:check

Nginx

/etc/nginx/sites-available/gitlab.conf
upstream gitlab-workhorse {
  server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0;
}

server {
  listen 80;                  # IPv4 HTTP
  #listen 443 ssl http2;      # uncomment to enable IPv4 HTTPS + HTTP/2
  #listen [::]:80;            # uncomment to enable IPv6 HTTP
  #listen [::]:443 ssl http2; # uncomment to enable IPv6 HTTPS + HTTP/2
  server_name gitlab.localhost;

  access_log  /var/log/gitlab/nginx_access.log;
  error_log   /var/log/gitlab/nginx_error.log;

  #ssl_certificate ssl/example.com.crt;
  #ssl_certificate_key ssl/example.com.key;

  location ~ ^/(assets)/ {
    root /usr/share/webapps/gitlab/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  location / {
      # unlimited upload size in nginx (so the setting in GitLab applies)
      client_max_body_size 0;

      # proxy timeout should match the timeout value set in /etc/webapps/gitlab/puma.rb
      proxy_read_timeout 60;
      proxy_connect_timeout 60;
      proxy_redirect off;

      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      #proxy_set_header X-Forwarded-Ssl on;

      proxy_pass http://gitlab-workhorse;
  }

  error_page 404 /404.html;
  error_page 422 /422.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  location ~ ^/(404|422|500|502|503)\.html$ {
    root /usr/share/webapps/gitlab/public;
    internal;
  }
}

Fast lookup of authorized SSH keys

/etc/ssh/sshd_config
# Gitlab fast SSH key lookup
AuthorizedKeysCommand /var/lib/gitlab/gitlab-shell/bin/gitlab-shell-authorized-keys-check gitlab %u %k
AuthorizedKeysCommandUser gitlab
Bash.svg
# generate private and public keys: ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub
ssh-keygen -t ed25519 -C "$(whoami)@$(hostname)"

# start ssh daemon
sc-start sshd

Add the public key to Gitlab:

  1. click on the user icone top right → edit profile
  2. SSH Keys on left menu
  3. paste the public key (~/.ssh/id_ed25519.pub)
  4. click on the Add key button

SMTP

/etc/webapps/gitlab/smtp_settings.rb
if Rails.env.production?
  Rails.application.config.action_mailer.delivery_method = :smtp
  secrets = Gitlab::Email::SmtpConfig.secrets

  ActionMailer::Base.delivery_method = :smtp
  ActionMailer::Base.smtp_settings = {
    address: "smtp.domain.net",
    port: 587,
    user_name: secrets.username,
    password: secrets.password,
    domain: "domain.net",
    authentication: :login,
    enable_starttls_auto: true,
    openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options
  }
end
Bash.svg
# add the username and password to the smtp:secret
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rake gitlab:smtp:secret:edit EDITOR=nano

# open a Rails Console Session
sudo -u gitlab $(cat environment | xargs) bundle-2.7 exec rails console -e production

# check the configuration
ActionMailer::Base.delivery_method
# => :smtp
ActionMailer::Base.smtp_settings
# => {:address=>"smtp.domain.net", :port=587, ...

# send a test email
Notify.test_email('user@domain.net', 'Hello World', 'This is a test message').deliver_now

Runner

Bash.svg
# install
sudo pacman -S gitlab-runner

# register
sudo gitlab-runner register
# GitLab instance URL: https://www.mygitlab.net/
# Registration token: Gitlab (admin) → top left menu → Admin → left column: CI/CD → Runners → right: Register an instance runner button → copy the registration token
# Executor: docker
# Default Docker image: mcr.microsoft.com/dotnet/sdk:6.0

# Configuration (with the authentication token) is saved in "/etc/gitlab-runner/config.toml"

# bring runner online manually
sudo gitlab-runner run
# by running the service
sc-start gitlab-runner
/etc/gitlab-runner/config.toml
log_level = "debug"  # change the loglevel

[[runners]]
  url = "https://www.mygitlab.net/"
  clone_url = "https://www.mygitlab.net/"  # override the url defined in /etc/webapps/gitlab/gitlab.yml
  environment = ["ENV=value", "LC_ALL=en_US.UTF-8"]  # set environment variables
  [runners.docker]
    image = "mcr.microsoft.com/dotnet/sdk:7.0"  # default docker image, used if no docker image is defined in the pipeline
    extra_hosts = ["www.mygitlab.net:host-gateway"]  # map www.mygitlab.net with the host, so the runner can access the website www.mygitlab.net running on the host

Errors

Number of Sidekiq processes (cluster/worker) ... 0/1

Sidekiq: ... Running? ... yes
Number of Sidekiq processes (cluster/worker) ... 0/1
  Try fixing it:
  sudo systemctl restart gitlab-sidekiq.service
  Please fix the error above and rerun the checks.

All migrations up? ... Exception: No such file or directory - bundle

Database config exists? ... yes
All migrations up? ... Exception: No such file or directory - bundle

Cable config exists? ... no

Cable config exists? ... no
  Try fixing it:
  Copy config/cable.yml.example to config/cable.yml
  Update config/cable.yml to match your setup
  For more information see:
  doc/install/installation.md in section "GitLab"
  Please fix the error above and rerun the checks.