Administration

This section provides documentation to support administering runners and servers targeting HPC environments. The information provided here is meant to supplement GitLab’s official documentation in areas where it may not address HPC-focused questions, while also providing comprehensive details on all Jacamar CI related enhancements and applications. For details on using the runners themselves, please see the Project Developer documentation or your site-local resources.

Jacamar CI

Jacamar CI is the HPC-focused CI/CD driver using GitLab’s custom executor model. The core goal of this project is to establish a maintainable, yet extensively configurable tool that will allow for the use of GitLab’s robust testing on unique resources, allowing code teams to integrate existing pipelines on powerful scientific development environments.

Server

GitLab offers a comprehensive development platform all within a single application. A major benefit to using this tool is that it’s both predominantly open source and allows for management of self-hosted instances. However, there are a number of features that necessitate the purchase of a license.

The documentation organized here is not written to replace any existing official documentation offered. We only seek to highlight specifics that are directly related to HPC centers.

Guides

This section highlights best practices as well as potential workflows you may wish to leverage when supporting CI on facility HPC/test resources.

Title

Jacamar CI

Server

Description

Non-Root Jacamar CI Downscoping (with Capabilities) via SetUID

Yes

No

How to deploy, configure, and run Jacamar CI with setuid downscoping as a non-root user.

Non-Root Jacamar CI Downscoping via Sudo

Yes

No

How to deploy, configure, and run Jacamar CI with sudo downscoping as a non-root user.

Tracing CI Jobs with Administrative Tools

Yes

No

Using recommended configurations for Jacamar CI along with server logs to properly trace job execution.

Seccomp Plugin Support - Introduction

Yes

No

Introduction to using Golang plugins to create deployment-specific seccomp filters.

Configuring and Troubleshooting Seccomp

Yes

No

Details on how Seccomp can be configured to meet deployment requirements.

Migrating to new id_tokens from CI_JOB_JWT

Yes

Yes

Prepare for breaking changes in GitLab server v17.0 with new id_tokens.

Deploying and Using the Podman Run Mechanism

Yes

No

Overview of the optional Podman run_mechanism, configurations, and user examples.

Deploying and Using the Charliecloud Run Mechanism

Yes

No

Overview of the optional Charliecloud run_mechanism, configurations, and user examples.

Latest Releases

Notes for all releases can be found here.