#How to run integration tests inside the container?

First I'm here say Go SDK is absolutely game changer. Thank you dev team for all the hard work!

We've been using Earthly to develop our CI pipelines to test and build servers, and we really like the WITH DOCKER feature with which a docker environment is provided during the test so that we can side run something like mysql to test integration.

However I'm not very sure how a similar process can be done for now with dagger. It seems that at least it should allow running privileged container so that dind is able to run. Is this a thing yet?

Hi, for native support you have to wait this issue https://github.com/dagger/dagger/issues/3037#issue-1376410765

Not sure if a dedicated services concept is very helpful. It's too ideal to assume an a-mysql-here-and-a-mongo-there experience is enough. There will be times you need kind create cluster so a nested docker environment is better in terms of flexibility.

Hi @pale cipher , in the very short term (hopefully by next week) we will add support for mounting unix sockets from the host into the container. This will allow connecting to an external docker engine, which I think is what you need

See https://github.com/dagger/dagger/issues/3850\

Hi thanks for the quick reply but still I'm a bit confused 1) how does it work when buildkit is hosted on a remote dockerd? 2) how to access container spawned by host docker from dagger container?

how does it work when buildkit is hosted on a remote dockerd?

unix socket is forwarded to/from the client host machine, using the buildkit streaming protocol. So this will work with remote workers as well. As long as there is a unix socket on the client's host filesystem of course

how to access container spawned by host docker from dagger container?

Use the Dagger API to execute a container with 1) a docker client installed (for example the docker CLI but could be anything), and 2) a valid docker socket mounted at /var/run/docker.sock

Let me know if that's not clear (can be confusing when talking about multiple layers of container engines 🙂

So if it's the local's docker.sock forwarded and mounted on remote's container, running docker run mysql inside a dagger container will actually spawn mysql container on local? Speaking of "access" actually I meant to connect to the mysql port, is it really possible without some sort of network setup? lol

The reason I care so much about the remote dockerd madness is that our corp CI platform is based on unprivileged container instead of vm like github actions, so we have to make a machine to be a shared dockerd in order to use docker commands on CI runs. Therefore there is no docker.sock on local but on remote.

cc @rigid sinew @vocal shale 👆

Yeah access the mysql container itself is an additional problem... Mostly because the Docker API doesn't have an infrastructure-agnostic way to access a port (something we are fixing with Dagger 🙂

@pale cipher how do you access the docker.sock from your CI contsiner currently?

By DOCKER_HOST=ssh://xxxx

There is probably a short-term fix, and a longer-term solution.

• Longer-term, assuming you like Dagger and want to use it in your CI: setup a shared Dagger runner running on top of your shared docker; have your unprivileged CI runners connect to that (no more remote docker.sock), and use the Dagger API to run mysql directly.

• Short-term: I need to understand your setup a bit better to be sure 🙂

@pale cipher Is the goal to run a fresh mysql container for tests, only for the duration of tests?

(mysql or any other long running service alongside your pipeline)

Is the goal to run a fresh mysql container for tests, only for the duration of tests?

Yes, but could be as complicated as kind create cluster.

assuming you like Dagger and want to use it in your CI

No I don't like dagger. I love dagger.

a shared Dagger runner running on top of your shared docker

Is there a dagger runner with Go SDK? I didn't notice. How are my repo files transfered this way?

It's complicated 🙂 Remote engine is in the works and not yet fully complete / documented. But it's coming!

See https://github.com/dagger/dagger/issues/3595 for some context

And then how do you connect to the containers from CI?

We use Earthly's WITH DOCKER feature. Basically it starts a docker-in-docker inside the container.

Huh.

Well Earthly runs on buildkit too, so if they can do it, I'm sure Dagger could? Had no idea this is something they did, or that it would be something people need 🙂

I see. Long term, we're going to have services as @tawny geyser pointed out. Basically it will allow you to run long running containers directly from the SDK (equivalent of docker run but in code)

With that, you could run a docker-in-docker with dagger

@rigid sinew could it be done in userland now, within an exec?

I think it can be as easy as allowing Exec with privileged. Haven't dug into it yet.

A bit hacky but should be possible (minus the privileged part).

We have an example of that in our own tests where we run a long-running registry container:

https://github.com/dagger/dagger/blob/main/core/integration/suite_test.go#L138-L162

Basically a never ending .Exec() in a goroutine

Could also be all wrapped in a shell script inside a "regular" exec? Not sure which is more hacky

https://github.com/dagger/dagger/blob/main/core/integration/suite_test.go#L138-L162

This is interesting. Do dagger containers share the same bridge? How's it able to connect to the registry service with 127.0.0.1:5000?

Currently, yes. But we plan to change that. When we do, it will be controlled via the SDK: https://github.com/dagger/dagger/pull/3691#issuecomment-1311145961

So it will break at some point, but when it'll break we'll have a better alternative

So what do you think about adding privileged exec support? Along with the never-ending-exec hack my problem seems to be solved in the short term.