gitlab runner The requested URL returned error: 403

git msbuild gitlab gitlab-ci gitlab-ci-runner
Todd S picture Todd S · Oct 12, 2016 · Viewed 24.7k times · Source

I'm currently using gitlab.com (not local installation) with their multi-runner for CI integration. This works great on one of my projects but fails for another.

I'm using 2012R2 for my host with MSBuild version 14.0.23107.0. I know the error below shows 403 which is an access denied message. My problem is finding the permission setting to change.

Error message:

Running with gitlab-ci-multi-runner 1.5.3 (fb49c47) Using Shell executor... Running on WIN-E0ORPCQUFHS...

Fetching changes...

HEAD is now at 6a70d96 update runner file remote: Access denied fatal: unable to access 'https://gitlab-ci-token:[email protected]/##REDACTED##/ADInactiveObjectCleanup.git/': The requested URL returned error: 403 Checking out 60ea1410 as Production...

fatal: reference is not a tree: 60ea1410dd7586f6ed9535d058f07c5bea2ba9c7 ERROR: Build failed: exit status 128

gitlab-ci.yml file:

variables:
  Solution: ADInactiveObjectCleanup.sln

before_script:
  #- "echo off"
  #- 'call "%VS120COMNTOOLS%\vsvars32.bat"'
  ## output environment variables (usefull for debugging, propably not what you want to do if your ci server is public)
  #- echo.
  #- set
  #- echo.

stages:
  - build
  #- test
  #- deploy

build:
  stage: build
  script:
  - echo building...
  - '"%ProgramFiles(x86)%\MSBuild\14.0\Bin\msbuild.exe" "%Solution%" /p:Configuration=Release'
  except:
  #- tags

Answer

Todd S picture Todd S · Oct 14, 2016

To resolve this issue I had to add myself as a project member. This is a private repo. I'm not sure if that caused the runner to fail with the different permission setup or not, but it is highly possible.

This help article at gitlab outlines this issue.

With the new permission model in place, there may be times that your build will fail. This is most likely because your project tries to access other project's sources, and you don't have the appropriate permissions. In the build log look for information about 403 or forbidden access messages.

As an Administrator, you can verify that the user is a member of the group or project they're trying to have access to, and you can impersonate the user to retry the failing build in order to verify that everything is correct.

From the project page click the settings gear and then click members. Add yourself (or user generating builds) as a member to the project. I used the "Master" Role, but based off of this document you can probably use the "Reporter" role as a minimum. The reporter role is the least privilege that still has access to "Pull project code." This removed my 403 error and allowed me to continue on.

Related questions

How do I get TeamCity to create the .git directory when cloning a repo for build?

I'm trying to run a custom command in my MSBuild file; it basically runs 'git log -10' and stores that commit info into a text file. The problem is, when I try to run the build, it errors saying "…

Read More
How do I undo the most recent local commits in Git?

I accidentally committed the wrong files to Git, but didn't push the commit to the server yet. How can I undo those commits from the local repository?

Read More
How do I delete a Git branch locally and remotely?

I want to delete a branch both locally and remotely. Failed Attempts to Delete a Remote Branch $ git branch -d remotes/origin/bugfix error: branch 'remotes/origin/bugfix' not found. $ git branch -d origin/bugfix error: branch 'origin/bugfix' not …

Read More