In order to enforce build hygiene, I would like Gitlab CI to mark a build as failing if it modifies it's source directory. A common way to do this is to run the build in a container where the sources are mounted read-only so that any attempt to write to the source directory would fail.
We're nowhere near ready to enforce hygienic build yet, but even the first few baby steps in that direction are showing me some surprises in Gitlab. Currently, sources are checked out in $CI_PROJECT_DIR, artifacts are required to be produced in $CI_PROJECT_DIR, and setting $CI_PROJECT_DIR isn't even respected.
Is the best way to deal with this just to move things around?