try kaniko for unprivileged build

2023-06-14 13:20:05 +01:00 · 2023-06-14 13:20:05 +01:00 · d2836f5305
commit d2836f5305
parent b9bc6d423c
1 changed files with 8 additions and 22 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,25 +1,11 @@
 # https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-alternatives
 # Some details from https://major.io/2019/05/24/build-containers-in-gitlab-ci-with-buildah/
 build:
  stage: build
-  image: quay.io/buildah/stable
+  image:
-  variables:
+    name: gcr.io/kaniko-project/executor:v1.9.0-debug
-    # Use vfs with buildah. Docker offers overlayfs as a default, but buildah
+    entrypoint: [""]
    # cannot stack overlayfs on top of another overlayfs filesystem.
    STORAGE_DRIVER: vfs
    # You may need this workaround for some errors: https://stackoverflow.com/a/70438141/1233435
    BUILDAH_ISOLATION: chroot
    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/tcpproxy:$CI_COMMIT_SHORT_SHA"
    FQ_IMAGE_REF_NAME: "$CI_REGISTRY_IMAGE/tcpproxy:$CI_COMMIT_REF_NAME"
  before_script:
    # Log in to the GitLab container registry
    - export REGISTRY_AUTH_FILE=$HOME/auth.json
    - echo "$CI_REGISTRY_PASSWORD" | buildah login --isolation=chroot -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
  script:
-    - buildah images
+    - /kaniko/executor
-    - buildah build -t $FQ_IMAGE_NAME
+      --context "${CI_PROJECT_DIR}"
-    - buildah tag $FQ_IMAGE_NAME $FQ_IMAGE_REF_NAME
+      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
-    - buildah images
+      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
-    - buildah push $FQ_IMAGE_NAME
+      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"
    - buildah push $FQ_IMAGE_REF_NAME