From eca6e1fbba9d14b4102d7e4883317772d66f26eb Mon Sep 17 00:00:00 2001
From: Nicolas Richart <nicolas.richart@epfl.ch>
Date: Wed, 29 May 2024 19:39:28 +0200
Subject: [PATCH] Limiting interaction between host and container

---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c80e0a4..07064a6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,7 +44,7 @@ variables:
     COMMAND_OPTIONS_SBATCH: ${slurm_options}
     STACK_CONFIG: ${CI_PROJECT_DIR}/stacks/${stack}/config.json
     MOUNT_POINT: /stack
-    APPTAINER_EXEC_OPTIONS: ${apptainer_options} --bind ${BUILDCACHE}:/buildcache:rw --bind ${CI_PROJECT_DIR}:${MOUNT_POINT}
+    APPTAINER_EXEC_OPTIONS: ${apptainer_options} --cleanenv -H $(mktemp -d):$HOME --bind ${BUILDCACHE}:/buildcache:rw --bind ${CI_PROJECT_DIR}:${MOUNT_POINT}
     SPACK_USER_CACHE_PATH: "/tmp/spack_cache_${CI_JOB_ID}"
     SPACK_USER_CONFIG_PATH: "/tmp/spack_user_${CI_JOB_ID}"
     BUILDCACHE: "/work/scitas-ge/richart/ci/buildcache"
@@ -85,6 +85,7 @@ spack:install_compilers:
     - .spack_cache
   script:
     - ci/install_compilers.sh
+    - source stack_env.sh
     - cd ${STACK_LOCATION}
     - spack/bin/spack -e ${SPACK_SYSTEM_CONFIG_PATH} config blame compilers
   after_script:
-- 
GitLab