GitLab: Docker CI pipeline

Optinal: Create nested LXD container
http://www.panticz.de/lxd/nesting

CONTAINER_NAME=gitlab-runner1-dev
lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true
#-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55
 
lxc exec ${CONTAINER_NAME} -- apt update
lxc exec ${CONTAINER_NAME} -- apt dist-upgrade
lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades
lxc exec ${CONTAINER_NAME} -- apt autoremove
 
lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys
lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml"
lxc exec ${CONTAINER_NAME} -- netplan apply
 
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
lxc restart ${CONTAINER_NAME}

Install Docker inside LXD container
# http://www.panticz.de/install-docker

apt update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get install -y docker-ce

Install GitLab-runner (as Docker container)
https://docs.gitlab.com/runner/install/docker.html

docker run -d \
  --name gitlab-runner \
  --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest

Configue GitLab-runner

docker run --rm -ti -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
  --non-interactive \
  --docker-privileged \
  --url https://git.example.com/ \
  --registration-token ${TOKEN} \
  --executor docker \
  --docker-image docker:latest \
  --description gitlab-runner1-dev \
  --run-untagged="true" \
  --tag-list "docker,dind" \
  --locked="false" \
  --docker-volumes "/certs/client"
 
  # --cache-dir "cache"

Create a .gitlab-ci.yml inside repository

variables:
  CONTAINER_IMAGE: registry.example.com/$CI_PROJECT_PATH
 
image: docker
 
services:
  - docker:dind
 
before_script:
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.example.com
 
build:
  stage: build
 
  script:
    - docker build
 
  tags:
    - dind

Links
https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/