CMake fails parsing only when called in GitLab CI job with "Instead found unterminated bracket with text ..."
I have a repository that builds and supplies artifacts to other projects. In order to get the latest artifacts the GitLab Job Artifacts API offers two options based on the source of the request - inside a CI job or elsewhere. The URL I am using is
https://gitlab.example.com/api/v4/projects/${proj_id}/jobs/artifacts/${branch_tag}/download?job=${job_name}
I have a separate download.cmake files inside a cmake directory of my project (all of which is configured using CMake), where FetchContent_Declare() and FetchContent_MakeAvailable() are being executed to ensure that the project is setup for both development (locally) and deployment (on-premise premium GitLab instance).
Among other function inside download.cmake the following is what I use for downloading any artifact from my GitLab:
function(download_file_gitlab_latest name token proj_id branch_tag job_name)
set(_URL "https://gitlab.example.com/api/v4/projects/${proj_id}/jobs/artifacts/${branch_tag}/download?job=${job_name}")
set(_HEADER "PRIVATE-TOKEN: ${token}")
message("GET Request: ${_URL}")
message("Destination prefix: ${name}")
FetchContent_Declare(
${name}
#QUIET
URL "${_URL}"
HTTP_HEADER ${_HEADER}
DOWNLOAD_NO_EXTRACT 0
DOWNLOAD_EXTRACT_TIMESTAMP 1
DOWNLOAD_NO_PROGRESS 0
)
if(NOT ${name}_POPULATED)
FetchContent_MakeAvailable(${name})
endif()
endfunction(download_file_gitlab_latest)
The header of the request contains an single parameter PRIVATE-TOKEN that contains a group/project/personal access token required for authenticating any request against the GitLab API (more on that parameter later on).
The token is supplied by a token.txt file, which has a single line with the respective token and is loaded in the CMakeLists.txt that calls the download function from above líke this:
file(READ "${CMAKE_SOURCE_DIR}/token.txt" TOKEN) #<---- the token is loaded from the token.txt and stored inside the TOKEN variable
...
download_file_gitlab_latest(
"${DOWNLOAD_DIR_PREFIX}"
${TOKEN} #<---------------------------------------- supplied by token.txt
68522
"${config}"
"build-all-${config}"
)
where config's value is a single value from CMAKE_CONFIGURATION_TYPES (debug, release etc.).
Both locally and in my CI job I configure the project (which also triggers the fetching of the artifacts) using
cmake -Bbuild -G "Visual Studio 16 2019" -S.
The only difference is the passing of CMAKE_CONFIGURATION_TYPES in the CI job to ensure that only the artifacts for the respective build type are downloaded.
Configuring the project locally shows no signs of a problem and the artifacts are downloaded, extracted, copied to a specific directory, included in the project and the build step is executed, producing a working EXE. However, remotely I am getting the following error:
CMake Error at D:/Software/CMake/share/cmake-3.30/Modules/FetchContent.cmake:1416:EVAL:1:
Parse error. Function missing ending ")". Instead found unterminated
bracket with text "JOB-TOKEN: ��g".
Call Stack (most recent call first):
D:/Software/CMake/share/cmake-3.30/Modules/FetchContent.cmake:1416 (cmake_language)
cmake/download.cmake:32 (FetchContent_Declare)
CMakeLists.txt:41 (download_file_gitlab_latest)
CMake Error at D:/Software/CMake/share/cmake-3.30/Modules/FetchContent.cmake:1416 (cmake_language):
cmake_language unknown error.
Call Stack (most recent call first):
cmake/download.cmake:32 (FetchContent_Declare)
CMakeLists.txt:41 (download_file_gitlab_latest)
-- Configuring incomplete, errors occurred!
Respectively the build steps never takes place.
There are two crucial steps that I have in my CI job that ensure the proper setup for the download and can be seen in the CI job below:
build-imgui-dx11-demo:
stage: build
rules:
- if: $CI_COMMIT_REF_NAME == "main"
allow_failure: true
artifacts:
untracked: true
paths:
- build
- cmake # Allows me to verify that PRIVATE-TOKEN has been replaced with JOB-TOKEN
- token.txt # Allows me to verify that the CI_JOB_TOKEN is stored in the token.txt and it's not just an empty file
when: always # Allows me to see the artifacts even if the CI job fails
before_script:
- echo $CI_JOB_TOKEN > token.txt
- |
(Get-Content ./cmake/download.cmake).Replace('PRIVATE-TOKEN', 'JOB-TOKEN') | Set-Content ./cmake/download.cmake
script:
- cmake -Bbuild -G "Visual Studio 16 2019" -S. -DCMAKE_CONFIGURATION_TYPES="release"
- cmake --build build --target ALL_BUILD --config release
For local download I use PRIVATE-TOKEN as also described in the download.cmake function. Since it's really bad practice to upload passwords and personal tokens to a repo, the token.txt is listed in .gitignore and therefore needs to be generated in the CI job
echo $CI_JOB_TOKEN > token.txt
Further, since the project is configured in a CI job, I also replace PRIVATE-TOKEN with JOB-TOKEN in the header for FetchContent_Declare(), which I have verified by checking the changed download.cmake that indeed has
set(_HEADER "JOB-TOKEN: ${token}")
Since I have a premium subscription I do know that I can use needs: project to interconnect multiple repositories and their artifacts. However, I would like to do it this way since it does not depend on premium features and (with minimal changes) mirrors the local setup.
UPDATE: First I added a message() inside my download function
message("Token: ${token}") # token is the parameter of the function and not the TOKEN variable where the contents of token.txt are stored!
but got empty message. Even Token: substring was gone.
I then added a similar message
message("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++")
message("------------------------Found token ${TOKEN}---------------------")
message("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++")
right after the file(READ "${CMAKE_SOURCE_DIR}/token.txt" TOKEN). A screen shot of the GitLab CI log can be seen below:
It appears that contents of token.txt, while correct, are not properly read. I downloaded a couple of versions of that file from different CI job failed runs and it always consists of a different token string and an empty second line. I do believe that the second terminating empty line is what messes up the processing of the token. I need to see how to write the CI_JOB_TOKEN to a TXT file without automatically adding a new line or use some option provided by file(READ ...) in CMake.
The problem here was that echoing a text to a file automatically adds a new line to it (similar to Out-File powershell command).
I changed my CI job accordingly:
- |
$CI_JOB_TOKEN | Out-File token.txt -NoNewline
(Get-Content ./cmake/download.cmake).Replace('PRIVATE-TOKEN', 'JOB-TOKEN') | Set-Content ./cmake/download.cmake
Notice the -NoNewline parameter, which ensures that the file contains a single line (the token).
While this fixes the issue, I made another change to make my CMake project configuration less prone to such an error (I am actually already checking if the file exists and is empty) by replacing file(READ ...) with
file(
STRINGS
"${CMAKE_SOURCE_DIR}/token.txt"
TOKEN
LIMIT_COUNT 1
)
According to the file() the STRINGS mode reads ASCII strings, which in this specific case - GitLab tokens - is not an issue. In addition the LIMIT_COUNT restricts how many strings are read (documentation doesn't state it but I assume that string == line). This change ensures that token.txt will not break the configuration if echoed or otherwise created locally/inside CI job.
The failing of the download is also due to the project not being whitelisted in the project, where the request for download is targeted at. This can be accomplished by adding it to the Limit access to list.
- Missing signing identifier when creating an archive for an ios app containing a static library built with cmake
- How to share variables between different CMakeList.txt?
- Cuda nvJitLink error because fatbin does not contains the correct function
- CMake: How do I change properties on subdirectory project targets?
- How to run tests and debug Google Test project in VS Code?
- How to include bluez latest version library using CMake in project
- Build specific modules in Qt6 (i.e. QtMqtt)
- Cmake: using conan pybind11 package
- How to use Boost libraries directly from github using cmake FetchContent or any simpler solution?
- cmake add_library with set_property can not found fmt dll on windows
- cmake Python: Cannot use the interpreter
- Successful build of Kicad 4.0.6 in Linux Mageia 5 via fixing a wx-3.0 symbol
- How to have Makefile generated by CMake check if an environment variable is set
- Qt Creator doesn't understand a valid QML module import
- STM32 ARM GCC Toolchain CMake target_compile_features no known features for CXX compiler
- Cmake not found
- CMake cannot find Qt5LinguistTools in Docker / Ubuntu 18.04
- How to Prevent CMake from Generating Library Symlinks when Using VERSION and SOVERSION
- C++ Cmake: How to test if compiler exists and select it
- Output executable with clang, cmake and ninja on Windows
- Bazel - How do I troubleshoot a cmake failure? Foreign Cc - CMake:not all outputs were created or valid
- How to dynamically expand a variable in CPP
- Prevent clang-tidy from running on generated files
- CMake: generate header using custom tool output
- Building a multiple module project with dependencies in CMake
- What are CMAKE_BUILD_TYPE: Debug, Release, RelWithDebInfo and MinSizeRel?
- CMake ARCHIVE_CREATE with relative paths
- Issues compiling with Asio 1.30.2 on macOS using Clang 15.0.0
- Does CMake support converting headers to header modules?
- How to build and use CMake C++ libraries with Premake?