Add DOCKER_TLS_CERTDIR to update-paths job

What does this MR do and why?

Describe in detail what your merge request does and why.

Content

• Fix update-paths job template

Add required variable DOCKER_TLS_CERTDIR to run Docker-in-docker (dind).

Root cause analysis

The update-paths job failed with the error:

[May 07 2025 16:04:51 UTC (Gitlab QA)] ERROR -- Shell command output:
Failed to initialize: unable to resolve docker endpoint: open /certs/client/ca.pem: no such file or directory

• I retried many times and the result was the same

• There was no change in runner version:

  Running with gitlab-runner 17.10.0~pre.41.g5c23fd8e (5c23fd8e)

• Check the GitLab Runner doc:

    # Specify to Docker where to create the certificates. Docker
    # creates them automatically on boot, and creates
    # `/certs/client` to share between the service and job
    # container, thanks to volume mount from config.toml
    DOCKER_TLS_CERTDIR: "/certs"

  So it seems we need to specify that var to make sure the dir is created at runner's startup

• I created a monthly pipeline with this single stage from this branch, it works now: https://ops.gitlab.net/gitlab-org/release/tools/-/pipelines/4476511

So, please note that even though it is not 100% sure that this change will fix the issue, it is a right configuration to set to the job's parameters.

Blue 🔵 and green 🟢 runners

Ops instance has blue 🔵 and green 🟢 runners to perform tests as their names suggest. From my investigation, the failed jobs ran on green 🟢 runners (example job), while the successful ones ran on the blue 🔵 ones (example job).

In an internal Slack thread, there is a speculation that there is a change in the green runners. I will follow that discussion, but as mentioned above, it doesn't block us from making the change in the MR.

Ref:

• gitlab-com/gl-infra/delivery#21073 (closed)
• gitlab-com/gl-infra/delivery#21074 (closed)