Look into Kata Containers for GitLab runners
We can't easily build arch-boxes in a safe way. We need access to either a loop device (which isn't safe) or use libguestfs (require FUSE + unprivileged user namespaces + qemu).
Either solutions is messy. It would be easier if could run docker with --privileged and be done with it. Kata Containers could probably allow us to do that.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information