From ad846be2c7b8ff8ed4475ec8fb77a151aff88f79 Mon Sep 17 00:00:00 2001
From: vikingowl <christian@nachtigall.dev>
Date: Sat, 18 Apr 2026 03:51:33 +0200
Subject: [PATCH] fix(ci): create docker context before buildx to handle dind
 TLS

buildx create --driver docker-container cannot inherit TLS env vars
from docker:dind directly; it needs a named context. Create 'tls-env'
from the ambient DOCKER_HOST/DOCKER_CERT_PATH, then point buildx at it.
---
 .gitlab-ci.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 86f9753..e846ccf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,8 @@ backend:docker:
     DOCKER_TLS_CERTDIR: "/certs"
   before_script:
     - docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
-    - docker buildx create --name ci-builder --driver docker-container --use
+    - docker context create tls-env
+    - docker buildx create --name ci-builder --driver docker-container --use tls-env
   script:
     - docker buildx build --output "type=image,push=true,rewrite-timestamp=true" -f backend/deploy/Dockerfile -t "$BACKEND_IMAGE:${CI_COMMIT_SHORT_SHA}" backend/
   rules:
@@ -58,7 +59,8 @@ web:docker:
     DOCKER_TLS_CERTDIR: "/certs"
   before_script:
     - docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
-    - docker buildx create --name ci-builder --driver docker-container --use
+    - docker context create tls-env
+    - docker buildx create --name ci-builder --driver docker-container --use tls-env
   script:
     - |
       docker buildx build --output "type=image,push=true,rewrite-timestamp=true" \