From 1b8748bc8c6622c9be95ea9b39943892d6b9b065 Mon Sep 17 00:00:00 2001
From: naskya <m@naskya.net>
Date: Tue, 7 May 2024 17:30:57 +0900
Subject: [PATCH] another attempt to build an image inside container inside
 container

---
 .gitlab-ci.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 276ba71db2..44a4ca36b6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,15 +61,17 @@ container_image_build:
   stage: build
   image: docker.io/debian:bookworm-slim
   services: []
-  before_script: []
   rules:
     - if: $CI_COMMIT_BRANCH == 'develop'
-  script:
+  before_script:
     - apt-get update && apt-get -y upgrade
-    - apt-get install -y --no-install-recommends buildah ca-certificates
+    - apt-get install -y --no-install-recommends buildah ca-certificates fuse-overlayfs
     - buildah login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
-    - buildah build --security-opt seccomp=unconfined --cap-add all --tag "${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production" --platform linux/amd64 .
-    - buildah push "${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production" "docker://${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production"
+    - export IMAGE_TAG="${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production"
+  script:
+    - buildah build --isolation chroot --device /dev/fuse:rw --security-opt seccomp=unconfined --security-opt apparmor=unconfined --cap-add all --tag "${IMAGE_TAG}" --platform linux/amd64 .
+    - buildah inspect "${IMAGE_TAG}"
+    - buildah push "${IMAGE_TAG}" "docker://${IMAGE_TAG}"
 
 cargo_unit_test:
   stage: test