1

I want to build an application. For testing it uses testcontainers. The build will run on CI and on the developers' machines. The Dockerfile is more or less:

FROM amazoncorretto:17-alpine as builder
add . .
run ./gradlew build

from amazoncorretto:17-alpine
copy --from=builder build/libs/*.jar app.jar
ENTRYPOINT ["java","-jar","/app.jar"]

And I run the build using docker build .

Part of the ./gradlew build runs tests with Testscontainers and uses

val sftpDocker = GenericContainer(DockerImageName.parse("atmoz/sftp:alpine"))

And it returns

java.lang.IllegalStateException: Could not find a valid Docker environment. Please see logs and check configuration

I know that:

  • Testcontainers has its own docker API client and doesn't requires installed docker inside the Alpine container 3
  • Someone made it using "docker:20.10.14-dind" image. But I don't know how it fits in my problem 4
  • I can mount the /var/run/docker.sock during docker run ... but I'm using RUN command inside dockerfile and docker build ... instead
  • I can expose DOCKER_HOST and testcontainers should use the default gateway's IP address. But it's way less secure than using socket

So is there a way to use a socket in this setup? If not, how should I run my host Docker to expose TCP instead of a socket?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
piotrek
  • 13,982
  • 13
  • 79
  • 165
  • when running testcontainers it will be using the docker in your host machine and in your case, the container is where you are building the image and doesn't have a socker. See this documentation https://www.testcontainers.org/supported_docker_environment/continuous_integration/dind_patterns/#docker-only-example – Eddú Meléndez Nov 03 '22 at 21:24
  • The build sequence can't usually mount anything or call across to other containers. Can you modify your tests to have pure unit tests without dependencies on external resources, or modify your build sequence to not run these tests during the image build? – David Maze Nov 03 '22 at 21:33
  • (Also remember that anyone who can access the Docker socket can very easily root the host it's running on. My local security team is a little uncomfortable with Testcontainers for all but giving developers unrestricted root access on the CI systems.) – David Maze Nov 03 '22 at 21:34
  • For the security aspect podman can be a solution. It would limit the impact, but if a CI/CD system is running everything with the same user it almost shows the same problem. – Queeg Nov 03 '22 at 22:16
  • You can use Testcontainers with a remote Docker host as well, so there is no need to give "root access" to the CI system. In a similar way, you can also use rootless Docker. Regarding the original question, using Testcontainers as part of the Docker build is more complicated and works probably best when using a remote Docker daemon from outside the build process, using `DOCKER_HOST`. – Kevin Wittek Nov 07 '22 at 14:38

0 Answers0