generate-iso fails in GitLab CI #661
Description
I try to set up ISO generation as a CI job in GitLab CI adding to the example gitlab-ci.yml.
build-iso:
stage: deploy
tags:
- bluebuild
services:
- docker:dind
image:
name: ghcr.io/blue-build/cli:v0.9
entrypoint:
- ''
parallel:
matrix:
- RECIPE:
- recipe.yml
variables:
# skopeo
REGISTRY_AUTH_FILE: "/root/.docker/config.json"
before_script:
- curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
- export COSIGN_PRIVATE_KEY=$(cat .secure_files/cosign.key)
- echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
script:
- sleep 5
- bluebuild generate-iso -vv image $CI_REGISTRY_IMAGE/$IMAGE_NAME
after_script:
- docker logout $CI_REGISTRYThe project is a private project in our own GitLab instance. This fails late in the build, because skopeo used by the build-container-installer has no credentials to authenticate to the registry.
[15:58:10 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 15:58:10,560: rebuilding boot/initramfs-6.17.13-200.fc42.x86_64.img
[15:59:57 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 15:59:57,849: populating output tree and building boot images
[15:59:57 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 15:59:57,894: running x86.tmpl
[16:00:02 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 16:00:02,551: writing .treeinfo file
[16:00:05 g.i/j/build-container-installer:v1.4.0] => make -w -C container os-42
[16:00:05 g.i/j/build-container-installer:v1.4.0] => make[1]: Entering directory '/build-container-installer/container'
[16:00:05 g.i/j/build-container-installer:v1.4.0] => skopeo copy docker://registry.gitlab.com/path/to/project/os:42 oci:os-42
[16:00:06 g.i/j/build-container-installer:v1.4.0] => time="2025-12-29T16:00:06Z" level=fatal msg="initializing source docker://registry.gitlab.com/path/to/project/os:42: Requesting bearer token: received unexpected HTTP status: 403 Forbidden"
[16:00:06 g.i/j/build-container-installer:v1.4.0] => make[1]: Leaving directory '/build-container-installer/container'
[16:00:06 g.i/j/build-container-installer:v1.4.0] => make[1]: *** [Makefile:2: os-42] Error 1
[16:00:06 g.i/j/build-container-installer:v1.4.0] => make: *** [Makefile:148: container/os-42] Error 2
[16:00:06 ERROR blue_build::commands:32] => Failed:
× Failed to create ISOWe explicitly set the env var REGISTRY_AUTH_FILE to be picked up by skopeo, but bluebuild does not pass this to the build-container-installer spawned inside the dind setup.
Then, I tried to fall back to generating the ISO from the recipe, but ran into another problem. For some reason, it seems that the /tmp directory passed as a bind mount and mounted at /img_src into the build-container-installer container appears empty inside the build-container-installer container. I manually execed into the running container and was able to confirm this. Host OS is a Fedora 43.
[19:31:54 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:31:54,054: doing depmod and module-info for 6.17.13-200.fc42.x86_64
[19:32:03 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:32:03,557: cleaning unneeded files
[19:32:03 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:32:03,591: running runtime-cleanup.tmpl
[19:32:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:32:06,208: verifying the installroot
[19:32:10 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:32:10,569: creating the runtime image
[19:34:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:34:06,712: preparing to build output tree and boot images
[19:34:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:34:06,712: rebuilding initramfs images
[19:34:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:34:06,712: dracut args = ['--xz', '--install', '/.buildstamp', '--no-early-microcode', '--add', 'fips']
[19:34:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:34:06,713: anaconda args = ['--xz', '--install', '/.buildstamp', '--no-early-microcode', '--add', 'fips', '--add', 'anaconda pollcdrom qemu qemu-net prefixdevname-tools']
[19:34:06 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:34:06,756: rebuilding boot/initramfs-6.17.13-200.fc42.x86_64.img
[19:35:33 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:35:33,537: populating output tree and building boot images
[19:35:33 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:35:33,572: running x86.tmpl
[19:35:39 g.i/j/build-container-installer:v1.4.0] => 2025-12-29 19:35:39,612: writing .treeinfo file
[19:35:42 g.i/j/build-container-installer:v1.4.0] => make -w -C container base-42
[19:35:42 g.i/j/build-container-installer:v1.4.0] => make[1]: Entering directory '/build-container-installer/container'
[19:35:42 g.i/j/build-container-installer:v1.4.0] => skopeo copy oci-archive:/img_src/os.tar.gz oci:base-42
[19:35:42 g.i/j/build-container-installer:v1.4.0] => time="2025-12-29T19:35:42Z" level=fatal msg="initializing source oci-archive:/img_src/os.tar.gz:: creating temp directory: archive file not found: \"/img_src/os.tar.gz\""
[19:35:42 g.i/j/build-container-installer:v1.4.0] => make[1]: *** [Makefile:2: base-42] Error 1
[19:35:42 g.i/j/build-container-installer:v1.4.0] => make[1]: Leaving directory '/build-container-installer/container'
[19:35:42 g.i/j/build-container-installer:v1.4.0] => make: *** [Makefile:148: container/base-42] Error 2
[19:35:43 ERROR blue_build::commands:32] => Failed:
× Failed to create ISOSo this currently makes it impossible to generate an ISO for a private project in GitLab CI.