I have a number of projects that use a docker-compose.yml to setup an app + db service. I can build them with
docker compose build or
podman-compose build just fine. I have my gitlab-ci setup using fedora:latest as the base and podman-compose to build the container so I don’t need dind. Privileged runners are not an option due to security concerns, so I will not be using dind.
My goal currently it to have a build stage the builds the container (with it’s 2+ images) and pushes it to the GitLab project container registry. Then a test stage that uses the container to run tests. In practice I’ll have many jobs in the test stage for different things, but to keep it simple right now just one.
I’m currently able to build the container,
podman-compose push executes without error, but nothing appears in the container registry. The test job attempts to pull it and errors out.
The documentation on avoiding
dind references buildah and kaniko but kaniko for sure doesn’t support docker-compose and buildah I couldn’t find an example.
build: stage: build image: fedora:latest tags: - docker before_script: - yum -y install podman podman-compose - podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY script: - podman-compose build - podman-compose push $CI_REGISTRY_IMAGE/$CI_COMMIT_SHORT_SHA test: stage: test image: $CI_REGISTRY_IMAGE/$CI_COMMIT_SHORT_SHA variables: RAILS_ENV: test tags: - docker before_script: - cd /app - bundle exec rails db:drop db:create db:schema:load script: - bundle exec rails test
build output (intesting parts):
$ podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY Login Succeeded! $ podman-compose build podman-compose version: 1.0.6 ['podman', '--version', ''] using podman version: 4.5.0 podman build -f ./Dockerfile -t docker.io/ruby:3.2.2 . STEP 1/10: FROM docker.io/ruby:3.2.2 Trying to pull docker.io/library/ruby:3.2.2... Getting image source signatures Copying blob sha256:dcf5010fd812b13dc34d7d69ce3c12a142728204d4cb6f48f1b156b7b4278fed ... COMMIT docker.io/ruby:3.2.2 --> 80bbb61098ec Successfully tagged docker.io/library/ruby:3.2.2 80bbb61098ec700587d02975fb7647811b87af5b4f5f0f99aeafceedf18cd9c4 exit code: 0 $ podman-compose push $CI_REGISTRY_IMAGE/$CI_COMMIT_SHORT_SHA podman-compose version: 1.0.6 ['podman', '--version', ''] using podman version: 4.5.0 Cleaning up project directory and file based variables 00:01 Job succeeded
Running with gitlab-runner 15.8.3 (080abeab) on gitlab-aws-autoscaler 560fb87c, system ID: s_c41a39b95300 Resolving secrets 00:00 Preparing the "docker+machine" executor 00:02 Using Docker executor with image registry.doit.wisc.edu/smph/smph-it/appdev/deploy-test/cf11d408 ... Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.doit.wisc.edu/smph/smph-it/appdev/deploy-test/cf11d408 ... WARNING: Failed to pull image with policy "always": Error response from daemon: manifest for registry.doit.wisc.edu/smph/smph-it/appdev/deploy-test/cf11d408:latest not found: manifest unknown: manifest unknown (manager.go:237:0s) ERROR: Job failed: failed to pull image "registry.doit.wisc.edu/smph/smph-it/appdev/deploy-test/cf11d408" with specified policies [always]: Error response from daemon: manifest for registry.doit.wisc.edu/smph/smph-it/appdev/deploy-test/cf11d408:latest not found: manifest unknown: manifest unknown (manager.go:237:0s)