Jack Moore

Email: jack(at)jmoore53.com
Project Updates

Dependabot, A Migration

20 Oct 2020 » automation, system configuration, sysadmin, jenkins, dependabot

It started with not catching the latest Bootstrap 4.5 release. It has now turned into full blown depenedncy management and madness.

The plan is to create a cron job to run a docker run against a dependabot container that will check my repos for out of date dependencies on my projects, but I want this managed from Ansible (aka I want to deploy this to other machines besides my local workstation and I want this somewhere in version control).

Right now I have a forked dependabot


I am very lost on ansible. For now. This is a playbook, which might migrate into a role, but who knows.

Here’s the steps I have:

  • Pull Gitlab-Runner Image
  • Pull Dependabot Image
  • Check if images exist on machine
  • Clone Dependabot Repo to /tmp folder
  • Start Gitlab Runner Container & Save Container Name as Result
  • Copy Docker exec-script over to container
    • docker cp exec-script.sh eager_mahavira:/app/exec-script.sh
    • docker exec -i eager_mahavira /bin/sh -c /app/exec-script.sh

Running Docker From Docker, Socket Style

Getting Running:

docker run \
  -v /tmp/dependabot:/app \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /home/jack/ansible/gitlab-runner/gitlab-ci.yml:/app/gitlab-ci.yml \
  -v /home/jack/ansible/gitlab-runner/exec-script.sh:/app/exec-script.sh \
  -d gitlab/gitlab-runner:alpine-v13.5.0 \

Gitlab Runner Hack

gitlab-runner exec docker \
  --docker-privileged \
  --pre-clone-script "umount /myproject; mv myproject myproject_copy; cp -r myproject_tmp myproject;" \
  --docker-volumes absolute/path/to/myproject:/myproject_tmp

From Within the Gitlab-Runner(0) Docker Container:

gitlab-runner exec docker \
--docker-privileged \
--pre-clone-script "umount /app; mv app app_copy; cp -r app_tmp app;" \
--docker-volumes /tmp/dependabot:/app_tmp Build

Note the 4th line pointing to the absolute path on my host machine.

See This Issue opened on gitlab-runner exec docker command and the answer in the comments below on the issue for the fix.

Stepping back in Docker Time

docker pull dependabot/dependabot-core:0.118.7

This is way behind master, but it works for me. Why?.. Because the upstream Github Project uses Ruby 2.6.6 and I forked it at 2.6.5. Bundler does not like this.

Plans for improvement include a straight up clone of a tagged branch from github, patching in one gitlab-ci.yml file using ansible, and running against the dependabot-core latest docker image.

Full Blown API Keys

OFC general api read/write didn’t work so I just granted everything.. By the time you read this the Full keys expired. I just needed to confirm everything worked.

Dependabot Core Image

Holy Shit. Your image is 3.31Gb. Please refactor.. or I could trim the fat using only what I need (ruby for now).

© Jack Moore