Support building images with rootless podman
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
This introduces a new CI/CD variable AUTO_DEVOPS_PODMAN, when set to true it will not start any dind services, but instead run a rootless podman pod to build and push a container image.
To achieve this we created a new podman image that can build containers from a Dockerfile or by using a buildpack. The MR for the image is gitlab-org/cluster-integration/auto-build-image!201 (merged).
References
- #23706 (dindless typefeature work item)
- Example repository: https://gitlab.com/hairmare/container-image-just-the-dockerfile
- gitlab-org/cluster-integration/auto-build-image!201 (merged) (proposed runner image)
- gitlab-org/cluster-integration/auto-build-image!210 (merged) (fix for pushing the image)
- gitlab-org/cluster-integration/auto-build-image#84 (documentation issue for image)
- AppSec review notes for image: gitlab-org/cluster-integration/auto-build-image!201 (comment 2323468050)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
An example of how we envision this to be run is in https://gitlab.com/hairmare/container-image-just-the-dockerfile. The example skips most of AutoDevops by calling the Build job directly.
How to set up and validate locally
- Create a repo that contains a simple Dockerfile
- Include the forked Build pipeline from the repo:
variables:
AUTO_DEVOPS_PODMAN: true
include:
- project: 'gitlab-community/gitlab-org/gitlab'
ref: dev/build-with-podman
file: 'lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml'- watch it build and push an image without dind