Gitlab Runner collapsed multi-line command for docker executor

Question

I am getting this error for one of the gitlab ci jobs when the gitlab-runner is using docker executor and one of the images I built.

This is the job getting failed in gitlab-ci.yml

image:
  name: 19950818/banu-terraform-ansible-cicd
.
.
.
create-ssh-key-pair:
  stage: create-ssh-key-pair
  script:
    - pwd
    - mkdir -p ~/.ssh

    # below lines gives the error
    - |
      # !/bin/bash
      FILE=~/.ssh/id_rsa
      if [ -f "$FILE" ]; then
        echo "$FILE exists."
      else 

        ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
      fi

But these lines DON'T MAKE the error when the executor is shell

This is the Dockerfile for the image 19950818/banu-terraform-ansible-cicd

FROM centos:7

ENV VER "0.12.9"

RUN yum update -y && yum install wget -y && yum install unzip -y
RUN yum install epel-release -y && yum install ansible -y

RUN wget https://releases.hashicorp.com/terraform/${VER}/terraform_${VER}_linux_amd64.zip
RUN unzip terraform_${VER}_linux_amd64.zip
RUN mv terraform /usr/local/bin/  
RUN rm -rf terraform_${VER}_linux_amd64.zip

Can someone please tell me what is happening and how to overcome this problem?

My doubt is ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null <<< y >/dev/null line cause the error.

Answer 1

Change - | to - >.

See also GitLab Runner Issue #166.

Answer 2

# below lines gives the error
- |
  # !/bin/bash
  FILE=~/.ssh/id_rsa
  if [ -f "$FILE" ]; then
    echo "$FILE exists."
  else 

    ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
  fi

Despite the # !/bin/bash, that part of the command is most likely being parsed by /bin/sh. The various parts of the script are passed to the entrypoint of the container, which will be /bin/sh -c, and that will read the first line as a comment. If it was passed as a script to run, you'd at least need to remove the space, so #!/bin/bash, but I suspect it would still be read as a comment depending on host gitlab calls the script and merges with the other scripts to run.

Why would that break with /bin/sh? <<< y is a bash specific syntax. That could be changed to:

echo y | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null >/dev/null

If you want to see error messages from the command to make debugging easier, then eliminate the output redirections

echo y | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa

Or if you really want to use bash for other reasons, then change the entrypoint of the image:

image:
  name: 19950818/banu-terraform-ansible-cicd
  entrypoint: ["/bin/bash", "-c"]