From dd69902fbfe4d2fe84c851d05eaf899fa70f89d2 Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordan@centricular.com>
Date: Tue, 26 Mar 2019 20:40:35 +0200
Subject: [PATCH] Replace docker-in-docker with buildah

This avoids the need of using privilledged namespaces and dind
as buildah are able to build images unprivilledged.

One thing to note is that buildah inside docker is not a
supported configuration and not tested in upstream podman,
but the possible fallout is still easier to deal with than
dind and requiring privileged runners.
---
 .gitlab-ci.yml | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 99c1fe7..9198870 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,18 +25,15 @@ test manifest:
         - "junit.xml"
 
 .base:
-  image: "docker:stable"
+  image: 'registry.fedoraproject.org/fedora:31'
   extends:
     - '.global_ci_policy'
   rules:
     - when: 'manual'
       allow_failure: true
-  services:
-    - docker:dind
   variables:
-    # When using dind, it's wise to use the overlayfs driver for
-    # improved performance.
-    DOCKER_DRIVER: "overlay2"
+    STORAGE_DRIVER: 'vfs'
+    BUILDAH_FORMAT: 'docker'
     GIT_STRATEGY: fetch
   script:
     - export DATE=$(date +"%Y-%m-%d")
@@ -44,24 +41,29 @@ test manifest:
     - export _UID="${IMAGE}:${DATE}-${CI_JOB_ID}"
     - export LATEST="${IMAGE}:latest"
 
-    - docker build --pull --build-arg DEFAULT_BRANCH=${GST_UPSTREAM_BRANCH} -f ${DOCKERFILE} -t ${LATEST} ${CONTEXT_DIR}
+    - dnf install -y buildah runc
+    # Newer versions of podman/buildah try to set overlayfs mount options when
+    # using the vfs driver, and this causes errors.
+    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
+
+    - buildah bud --build-arg DEFAULT_BRANCH=${GST_UPSTREAM_BRANCH} -f ${DOCKERFILE} -t ${LATEST} ${CONTEXT_DIR}
 
     # If we are in a fork, push the image to the reigstry regardless the branch
     - |
       if [ "$CI_PROJECT_NAMESPACE" != "gstreamer" ]; then
-        docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-        docker push ${LATEST}
+        buildah login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+        buildah push ${LATEST}
       fi
 
     # Push the images to the upstream registry
     - |
       if [ "$CI_PROJECT_NAMESPACE" = "gstreamer" ]; then
         # Tag the image with the git ref
-        docker image tag ${LATEST} ${_UID}-${CI_COMMIT_REF_NAME}
+        buildah image tag ${LATEST} ${_UID}-${CI_COMMIT_REF_NAME}
         # Push the tags
-        docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-        docker push ${_UID}-${CI_COMMIT_REF_NAME}
-        docker push ${LATEST}
+        buildah login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+        buildah push ${_UID}-${CI_COMMIT_REF_NAME}
+        buildah push ${LATEST}
       fi
 
 alpine amd64 manifest builder docker:
-- 
2.7.4