Gitlab-ci: Building docker image - add chrome browser - NO_PUBKEY Error

I am trying to install chrome browser to node container (to use with puppeteer)

.gitlab-ci.yml

image: docker:19.03.12
services:
  - docker:19.03.12-dind

stages:
  - build

variables:
  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest

before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

build:
  stage: build
  script:
    - docker build -t $CONTAINER_RELEASE_IMAGE .
    - docker push $CONTAINER_RELEASE_IMAGE

my dockerfile:

FROM node:slim
# We don't need the standalone Chromium
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
ENV chrome_launchOptions_args --no-sandbox,--disable-dev-shm-usage
# Install Google Chrome Stable and fonts
# Note: this installs the necessary libs to make the browser work with Puppeteer.
RUN apt-get update && apt-get install gnupg wget -y && \
    wget --quiet --output-document=- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg && \
    sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' && \
    apt-get update && \
    apt-get install google-chrome-stable -y --no-install-recommends && \
    rm -rf /var/lib/apt/lists/*
# app location in docker container
WORKDIR /usr/src/app
COPY package*.json ./
COPY public/pdf ./public/pdf
COPY public/resized ./public/resized
# RUN npm install
# If you are building your code for production
RUN npm ci --only=production
COPY . .
EXPOSE 3000
CMD [ "node", "src/index.js" ]

And the error I am getting:

Running with gitlab-runner 16.6.0~beta.105.gd2263193 (d2263193)
  on blue-5.saas-linux-small-amd64.runners-manager.gitlab.com/default -AzERasQ, system ID: s_4cb09cee29e2
  feature flags: FF_USE_IMPROVED_URL_MASKING:true
Preparing the "docker+machine" executor 00:12
Using Docker executor with image docker:19.03.12 ...
Starting service docker:19.03.12-dind ...
Pulling docker image docker:19.03.12-dind ...
Using docker image sha256:66dc2d45749a48592f4348fb3d567bdd65c9dbd5402a413b6d169619e32f6bd2 for docker:19.03.12-dind with digest docker@sha256:674f1f40ff7c8ac14f5d8b6b28d8fb1f182647ff75304d018003f1e21a0d8771 ...
Waiting for services to be up and running (timeout 30 seconds)...
Pulling docker image docker:19.03.12 ...
Using docker image sha256:81f5749c9058a7284e6acd8e126f2b882765a17b9ead14422b51cde1a110b85c for docker:19.03.12 with digest docker@sha256:d41efe7ad0df5a709cfd4e627c7e45104f39bbc08b1b40d7fb718c562b3ce135 ...
Preparing environment 00:00
Running on runner--azerasq-project-50903053-concurrent-0 via runner-azerasq-s-l-s-amd64-1702710011-dae0fce3...
Getting source from Git repository 00:03
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/biostrefa/bionode/.git/
Created fresh repository.
Checking out 76d38a4a as detached HEAD (ref is main)...
Skipping Git submodules setup
$ git remote set-url origin "${CI_REPOSITORY_URL}"
Executing "step_script" stage of the job script 00:07
Using docker image sha256:81f5749c9058a7284e6acd8e126f2b882765a17b9ead14422b51cde1a110b85c for docker:19.03.12 with digest docker@sha256:d41efe7ad0df5a709cfd4e627c7e45104f39bbc08b1b40d7fb718c562b3ce135 ...
$ docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build -t $CONTAINER_RELEASE_IMAGE .
Step 1/12 : FROM node:slim
slim: Pulling from library/node
1f7ce2fa46ab: Pulling fs layer
be65943961fd: Pulling fs layer
09a8a363f8ea: Pulling fs layer
fa6c282b0246: Pulling fs layer
f70b00b58b71: Pulling fs layer
fa6c282b0246: Waiting
f70b00b58b71: Waiting
be65943961fd: Verifying Checksum
be65943961fd: Download complete
fa6c282b0246: Verifying Checksum
fa6c282b0246: Download complete
1f7ce2fa46ab: Verifying Checksum
1f7ce2fa46ab: Download complete
f70b00b58b71: Verifying Checksum
f70b00b58b71: Download complete
09a8a363f8ea: Verifying Checksum
09a8a363f8ea: Download complete
1f7ce2fa46ab: Pull complete
be65943961fd: Pull complete
09a8a363f8ea: Pull complete
fa6c282b0246: Pull complete
f70b00b58b71: Pull complete
Digest: sha256:3a3b69c7013ac1233d4570f14108572e3f6dac3e2cefa8ef63be2885f702d033
Status: Downloaded newer image for node:slim
 ---> c255b9a71d20
Step 2/12 : ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
 ---> Running in d3c2a03736bd
Removing intermediate container d3c2a03736bd
 ---> 410f8bfaec56
Step 3/12 : ENV chrome_launchOptions_args --no-sandbox,--disable-dev-shm-usage
 ---> Running in eb4e4c71f274
Removing intermediate container eb4e4c71f274
 ---> 6090766fd245
Step 4/12 : RUN apt-get update && apt-get install gnupg wget -y &&     wget --quiet --output-document=- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg &&     sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' &&     apt-get update &&     apt-get install google-chrome-stable -y --no-install-recommends &&     rm -rf /var/lib/apt/lists/*
 ---> Running in 48c4bfa0be76
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists...
W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code
The command '/bin/sh -c apt-get update && apt-get install gnupg wget -y &&     wget --quiet --output-document=- https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg &&     sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' &&     apt-get update &&     apt-get install google-chrome-stable -y --no-install-recommends &&     rm -rf /var/lib/apt/lists/*' returned a non-zero code: 100
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: exit code 100

What am I doing wrong?

Hi, any updates on this problem ? I’m facing a similar issue with python:3.7^ image

here is my docker file:

FROM python:3.7
 
ENV TZ=America/Sao_Paulo
 
RUN apt-get update -y && \
    apt-get -qq -y install default-jdk ant git

In 3.6 works though.

Here is my Pipeline:

.build_image:
  image: docker:stable
  services:
    - docker:stable-dind
  before_script:
    - docker login
        -u $CI_REGISTRY_USER
        -p $CI_REGISTRY_PASSWORD
        registry.gitlab.com
  script:
    - docker build $BUILD_CONTEXT
        --file $BUILD_FILE
        --tag $TAG
        --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG
        $EXTRA_ARGS
  after_script:
    - docker push $TAG