You have two mechanisms by which you can attempt to isolate a new runner for testing:
- use tags and private runner attachment (already called out)
- use the gitlab-runner exec verb directly on the runner
- canary the runner for a single build only
Option 1
use tags and private runner attachment (already called out).
To further expand on this... even in a draconian setup where you can't alter tags and whatnot -- you can always FORK the project.
In your new private fork, you can go to Settings >> CI/CD and override the .gitlab-ci.yml file in the Custom CI Configuration Path under the General Pipelines Settings. This allows you to git cp .gitlab-ci.yml .mycustomgitlab-ci.yml
and then simply git add
/git commit
/git push
and you're in business.
Opinion: If you cannot use the mechanisms in place to adjust the tags on the questionable runner and isolate a new forked project, this isn't a technical problem, it is a political problem.
Option 2
Gitlab-runner exec....
Assuming you're using a shell gitlab runner...
- SSH to the questionable gitlab runner box you're trying to test
- Clone the repo for the project in question to ... say ...
/tmp/myrepo
- Execute Gitlab-Runner:
/path/to/gitlab-runner exec shell {.gitlab-ci.yml target}
See https://docs.gitlab.com/runner/commands/#gitlab-runner-exec and a blog about it at https://substrakt.com/how-to-debug-gitlab-ci-builds-locally/
Option 3
Canary the gitlab-runner for a single build.
You can spin up the gitlab-runner process to do N number of builds and then go back offline. See: https://docs.gitlab.com/runner/commands/#gitlab-runner-run-single
... This is not zero-impact, but will definitely limit the blast radius of any problems.