How does the gitlab service container work?

Am struggling to understand how services work. Consider the following:

stage: build
image: docker:stable
- docker:dind
- docker image build -t $CONTAINER_IMAGE:$CI_BUILD_REF -t $CONTAINER_IMAGE:latest .
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN
- docker image push $CONTAINER_IMAGE:latest
- docker image push $CONTAINER_IMAGE:$CI_BUILD_REF

  • master

From the above, we will effectively have two containers - the build container created from docker:stable and the service container created from docker:dind linked to the first build container. I have the following question:

  1. The docker commands in the script section - in which of the two containers (docker:stable or docker:dind) are those commands run?