fenollp
commented
1 month ago @tonistiigi Any documentation on how to DinD (Docker-in-Docker) for docker build?
Maybe one can SSH from guest RUN into the host (or connect to the host by less private means than a socket)? Maybe through $DOCKER_HOST?
Hm, for my use case, being able to run a guest build that uses a host builder instance (e.g. a docker-container builder) would be perfect! I'll look into how to do that.
tonistiigi
Description
I know that it's possible to run Docker outside of Docker (DooD) by bind-mounting the daemon socket, e.g:
docker run -v /var/run/docker.sock:/var/run/docker.sock <container>.However, I would like to run DooD during build time so we can leverage unit tests using TestContainers during the image build process. This would mean that our CI pipeline wouldn't have to build one "testing" image, spin up a container from said image to run DooD tests, and if all tests pass, then create the final image which would be pushed to our registry. Instead, the pipeline would just consist of a single image being built, tests running during the build process and the resulting image (leveraging a multi-layer Dockerfile to avoid bloat) would be pushed out.
With the latest support for buildtime volumes with secrets, I was hoping we could just mount /var/run/docker.sock as a secret but that doesn't appear to work on Windows.
When I run:
docker build . -t <container> --secret id=dockersock,src=/var/run/docker.sockI get the error:could not parse secrets: [id=dockersock,src=/var/run/docker.sock]: failed to stat /var/run/docker.sock: CreateFile /var/run/docker.sock: The system cannot find the path specifiedThis makes sense as /var/run/docker.sock isn't a file on Windows, but there seems to be logic in the CLI to handle mounting the socket with the -v flag during runtime so I was hoping the same could be extended to --secret during buildtime.