It started with not catching the latest Bootstrap 4.5 release. It has now turned into full blown depenedncy management and madness.
The plan is to create a cron job to run a docker run against a dependabot container that will check my repos for out of date dependencies on my projects, but I want this managed from Ansible (aka I want to deploy this to other machines besides my local workstation and I want this somewhere in version control).
Right now I have a forked dependabot
Ansible?
I am very lost on ansible. For now. This is a playbook, which might migrate into a role, but who knows.
Here’s the steps I have:
- Pull Gitlab-Runner Image
- Pull Dependabot Image
- Check if images exist on machine
- Clone Dependabot Repo to /tmp folder
- Start Gitlab Runner Container & Save Container Name as Result
- Copy Docker exec-script over to container
docker cp exec-script.sh eager_mahavira:/app/exec-script.shdocker exec -i eager_mahavira /bin/sh -c /app/exec-script.sh
Running Docker From Docker, Socket Style
Getting Running:
docker run \
-v /tmp/dependabot:/app \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /home/jack/ansible/gitlab-runner/gitlab-ci.yml:/app/gitlab-ci.yml \
-v /home/jack/ansible/gitlab-runner/exec-script.sh:/app/exec-script.sh \
-d gitlab/gitlab-runner:alpine-v13.5.0 \
run
Gitlab Runner Hack
gitlab-runner exec docker \
--docker-privileged \
--pre-clone-script "umount /myproject; mv myproject myproject_copy; cp -r myproject_tmp myproject;" \
--docker-volumes absolute/path/to/myproject:/myproject_tmp
test
From Within the Gitlab-Runner(0) Docker Container:
gitlab-runner exec docker \
--docker-privileged \
--pre-clone-script "umount /app; mv app app_copy; cp -r app_tmp app;" \
--docker-volumes /tmp/dependabot:/app_tmp Build
Note the 4th line pointing to the absolute path on my host machine.
See This Issue opened on gitlab-runner exec docker command and the answer in the comments below on the issue for the fix.
Stepping back in Docker Time
docker pull dependabot/dependabot-core:0.118.7
This is way behind master, but it works for me. Why?.. Because the upstream Github Project uses Ruby 2.6.6 and I forked it at 2.6.5. Bundler does not like this.
Plans for improvement include a straight up clone of a tagged branch from github, patching in one gitlab-ci.yml file using ansible, and running against the dependabot-core latest docker image.
Full Blown API Keys
OFC general api read/write didn’t work so I just granted everything.. By the time you read this the Full keys expired. I just needed to confirm everything worked.
Dependabot Core Image
Holy Shit. Your image is 3.31Gb. Please refactor.. or I could trim the fat using only what I need (ruby for now).