CI_SERVER_TLS_CA_FILE file not available at service start

Summary

Up to gitlab-runner 16.5.0 the $CI_SERVER_TLS_CA_FILE contained the CA certificate as text, now starting with 16.6.0 it contains the path to a certificate file, but the file doesn't exist (at service start).

Steps to reproduce

Until now we did a echo of the $CI_SERVER_TLS_CA_FILE to add our selfsigned CA

.gitlab-ci.yml

build:
  image: docker:git
  services:
    - name: docker:dind
      command: ['sh', '-c', "echo \"${CI_SERVER_TLS_CA_FILE}\" > /usr/local/share/ca-certificates/myca.crt ; update-ca-certificates ; dockerd-entrypoint.sh"]
      alias: docker
  script:
     - ...
     - echo ${CI_REGISTRY_PASSWORD} | docker login -u ${CI_REGISTRY_USER} ${CI_REGISTRY} --password-stdin
     - ...

Now we have to do a copy of the file. However, when starting the service, the specified file in /builds/docker/... is not available, thus a copy command fails:

.gitlab-ci.yml

build:
  image: docker:git
  services:
    - name: docker:dind
      command: ['sh', '-c', "cp \"${CI_SERVER_TLS_CA_FILE}\" /usr/local/share/ca-certificates/myca.crt ; update-ca-certificates ; dockerd-entrypoint.sh"]
      alias: docker
  script:
     - ...
     - echo ${CI_REGISTRY_PASSWORD} | docker login -u ${CI_REGISTRY_USER} ${CI_REGISTRY} --password-stdin
     - ...

If you add a delay with sleep for at least ~35(!) seconds before the copy command everything works fine.

Actual behavior

The Service starts to early; docker login fails

Expected behavior

• The service should start after your "init-container" or at least CI_SERVER_TLS_CA_FILE should be already there
• You could add a new variable with the certificate as text

Environment description

System: Debian 12
Omnibus installation Version: 16.6.0 (6d558d71eba)

Used GitLab Runner version

Version:      16.6.1
Git revision: f5da3c5a
Git branch:   16-6-stable
GO version:   go1.20.10
Built:        2023-11-24T21:11:36+0000
OS/Arch:      linux/amd64

Executor:     docker+machine