Gitlab instructions do not just work.

[jonathanmetzman]

I had to make this config file which borrowed from https://gitlab.com/securitykernel/cflite-example/-/blob/main/.gitlab-ci.yml#L7 because the docs were incomplete.
CC @catenacyber

[catenacyber]

Do you mean you had to use Docker in Docker instead of sibling docker ?
cf https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner
cf https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

[jonathanmetzman]

Do you mean you had to use Docker in Docker instead of sibling docker ? cf https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner cf https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-socket-binding

I think so yeah. And there was an issue about clusterfuzzlite [address] not being a stage

[catenacyber]

So, what do you expect ?
To document the docker-in-docker setup ?
If I remember correctly, at one point, you said you did not want it documented, because it was poor performance compared to sibling docker...

And there was an issue about clusterfuzzlite [address] not being a stage

Right, my workaround was to use stage: build as it is ont of de the default stages
Do you want a PR about this ?

[tesslinger]

This issue blocks me also.
But @jonathanmetzman your CI/CD is also not working after using the new gitlab-ci.yaml?

[catenacyber]

This issue blocks me also.

@tesslinger did you change the stage to be test ?
What version of Gitlab are you using ?

[tesslinger]

@catenacyber thanks, the problem was my gitlab shared runner which was configured wrong

[jonathanmetzman]

More people complaining to me about this on discord.

So, what do you expect ?

I expect that the example file can be copied and pasted into a repo and works.
The instructions need to be self contained and explain exactly how to get CFL working...even if it uses the less performant technique (docker in docker), it's much more important that it works than it telling people how to optimize the set up.

[catenacyber]

I expect that the example file can be copied and pasted into a repo and works.

So, I gather that you want it to work on gitlab.com shared runners.

I do not think that there exists a gitlab shared runner with Docker socket binding as required in https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner

Do you want me to highlight more this requirement in the doc ?

Furthermore, we can document the Docker-in-docker process. (cf #70 (comment) )

I can try it next week.

That is likely adding to the right place in .gitlab-ci.yml

  variables:
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_IN_DOCKER: "true"
  services:
    - docker:dind

But this does not work on hosted gitlab in my experience.

[catenacyber]

I can also do some example project on gitlab.com if you wish ;-)

[jonathanmetzman]

I expect that the example file can be copied and pasted into a repo and works.

So, I gather that you want it to work on gitlab.com shared runners.

Shared runners are the default for free users right? Then yes definitely!

I do not think that there exists a gitlab shared runner with Docker socket binding as required in https://google.github.io/clusterfuzzlite/running-clusterfuzzlite/gitlab/#gitlab-runner

Do you want me to highlight more this requirement in the doc ?

I think we need to make this doc as simple as possible for the main users, so if all free users use shared runners I think the example should just be copy-pastable based off that. If the solution for shared runners (docker-in-docker) is suboptimal and fancier users don't have to pay this cost that we can document that.

Furthermore, we can document the Docker-in-docker process. (cf #70 (comment) )

I can try it next week.

That is likely adding to the right place in .gitlab-ci.yml

  variables:
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_IN_DOCKER: "true"
  services:
    - docker:dind

I have a PR doing thsi I think #112

But this does not work on hosted gitlab in my experience.

again, i think it's more important that we support users using the default settings. We can have a section with copy-pastable exampels for enterprise users but I think it's critical that we support non-enterprise users (especially since people will probably try out CFL using a non-enterprise account and quit if it doesn't work for them)

[catenacyber]

I think the example should just be copy-pastable based off that

Some things need to be configured in the Gitlab UI (such as the schedules) and cannot be copy pasted

I did #113 to document the Gitlab.com as TL;DR and pushed further the fancy self-managed Gitlab stuff

[tesslinger]

so - for me basically the problem was the configuration of the Gitlab runner. If you want, I can provide a PR with the example Gitlab runner config to use docker in docker.

In my opinion not everyone uses the Gitlab shared runners, but a self hosted solution.
I think I will get to it next week.

[catenacyber]

@tesslinger Am I understanding correctly that you use a self-hosted solution ?
And you did not manage to configure a Gitlab runner with sibling dockers ?

[securitykernel]

Can we close this issue? Seems to be resolved.