GitLab CI: Build docker image with docker executor

I’m fiddling around with docker for a couple of days since the GitLab runner in my setup uses the docker executor.
After understanding the fundamentals and got it running on my Mac I tried to create my own docker image. And my test subject was this blog. I basically took the nginx:alpine-mainline image and added the compiled page files I already have thanks to my first CI project. The full content of my Dockerfile:

FROM nginx:mainline-alpine
EXPOSE 80/tcp

COPY .docker/nginx.conf /etc/nginx/nginx.conf
ADD website.tar.gz /var/www/html/

CMD ["nginx", "-g", "daemon off;"]

All’s set to be built using docker build. So I commited everything so it could be built on a GitLab Runner using a base/archlinux image. But the job failed because you apparently can’t build a docker image without a running docker daemon. So I’ve read online about it and there is an image with an installed docker environment called dind. Firstly created by a community member, now an official image called docker:dind.
Another commit and job run later: Failed.

Why? Well, the docker daemon is not running and thus the docker image can’t be built. So I turned detective again and searched the internet. To build docker images you have to connect to the running docker dameon from the inside. And to call out of a running docker container it has to run in privileged mode. To start a container in privileged mode the GitLab runner has to be registered with --docker-privileged. So I created an addition GitLab runner with the this flag set and added the tag privileged to it. The existing runner got an addition tag called unprivileged. The plan is to use the unprivileged runner for the obvious reason as much as possible.

So I added the privileged tag to the job building the docker container and waited for the job to be successfull. But it failed again. After reading the documentation till the end I found out that I was missing some variables. I added DOCKER_HOST: tcp://docker:2375/ and DOCKER_DRIVER: overlay2 as variables plus a service. That has done the trick for me. The docker image was built successfully.

Here is the full job inside my .gitlab-ci.yml file:

create_docker_image:
    variables:
        DOCKER_HOST: tcp://docker:2375/
        DOCKER_DRIVER: overlay2
        GIT_DEPTH: 1
    image: docker:dind
    stage: create_docker_image
    artifacts:
        name: "blog-docker-image_$CI_PIPELINE_ID.tar"
        paths:
            - myblog.tar
    services:
        - docker:dind
    tags:
        - docker
        - privileged
    dependencies:
        - build
    script:
        - ls
        - "docker --version"
        - docker build -t myblog -f Dockerfile .
        - docker save -o myblog.tar myblog

The part where final docker image is pushed to the registry is missing. I don’t have one at the moment and I’m currently not serving this blog using a docker image. That’s a future task. I bet there is a docker image providing a docker registry :-)