gitlab-ci-pipeline-php
gitlab-ci-pipeline-php copied to clipboard
MySQL 8 support broken
The image uses mariadb-client
instead of mysql-client
. This means that anything trying to connect to MySQL 8.0 server will fail by default because the mariaDB client does not include support for the caching_sha2_password
plugin. This is a fatal error that can't easily be fixed from outside because MariaDB does not support this authentication mechanism, so in a testing scenario like this, it is not an appropriate substitution. This is how it is configured in CI:
db-seeding:
stage: build
services:
- mysql:8.0
and here's an example of how it fails in a pipeline:
The command "mysql --user="${:LARAVEL_LOAD_USER}" --password="${:LARAVEL_LOAD_PASSWORD}" --host="${:LARAVEL_LOAD_HOST}" --port="${:LARAVEL_LOAD_PORT}" --database="${:LARAVEL_LOAD_DATABASE}" < "${:LARAVEL_LOAD_PATH}"" failed.
Exit Code: 1(General error)
Working directory: /builds/myapp
Output:
================
Error Output:
================
ERROR 1045 (28000): Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
This was fixed once before in a PR, but that was never merged.
A possible workaround would be to manually install the mysql client package prior to running the pipeline, but that should not be something we need to do in a default config.
I remember back in the time that there's a reason to this change to mariadb-client, but was a long time ago and i don't remember why anymore, so, i think we can change back to mysql-client again and see
I found that reference. I checked, and it's correct – Debian buster does not provide a MySQL package (which I'm a bit surprised by). MySQL's policy on this is that they provide a repo for Debian packages that you should use instead. Unfortunately this implies a certain amount of inconvenience as per this guide, though the problem here is with the client; we don't need the server. I'll have a go at scripting that in my PR, which won't work in its current state.
I have found a workaround for this. In the gitlab.ci.yml file, instead of saying:
services: mysql:8.0
say:
services:
- name: mysql:8.0
command: [ "--default-authentication-plugin=mysql_native_password" ]
which makes the client use old-style authentication. Bear in mind that this is very much a workaround as it involves a security downgrade.