try kaniko for unprivileged build

2023-06-14 13:20:05 +01:00 · 2023-06-14 13:20:05 +01:00 · d2836f5305
commit d2836f5305
parent b9bc6d423c
1 changed files with 8 additions and 22 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,25 +1,11 @@
-# https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-alternatives
-# Some details from https://major.io/2019/05/24/build-containers-in-gitlab-ci-with-buildah/
-
 build:
  stage: build
-  image: quay.io/buildah/stable
-  variables:
-    # Use vfs with buildah. Docker offers overlayfs as a default, but buildah
-    # cannot stack overlayfs on top of another overlayfs filesystem.
-    STORAGE_DRIVER: vfs
-    # You may need this workaround for some errors: https://stackoverflow.com/a/70438141/1233435
-    BUILDAH_ISOLATION: chroot
-    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/tcpproxy:$CI_COMMIT_SHORT_SHA"
-    FQ_IMAGE_REF_NAME: "$CI_REGISTRY_IMAGE/tcpproxy:$CI_COMMIT_REF_NAME"
-  before_script:
-    # Log in to the GitLab container registry
-    - export REGISTRY_AUTH_FILE=$HOME/auth.json
-    - echo "$CI_REGISTRY_PASSWORD" | buildah login --isolation=chroot -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
+  image:
+    name: gcr.io/kaniko-project/executor:v1.9.0-debug
+    entrypoint: [""]
  script:
-    - buildah images
-    - buildah build -t $FQ_IMAGE_NAME
-    - buildah tag $FQ_IMAGE_NAME $FQ_IMAGE_REF_NAME
-    - buildah images
-    - buildah push $FQ_IMAGE_NAME
-    - buildah push $FQ_IMAGE_REF_NAME
+    - /kaniko/executor
+      --context "${CI_PROJECT_DIR}"
+      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
+      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"
+      --destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"