cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon dependabot

Dockerize the CLI

Open pilosoposerio opened this issue 10 months ago • 4 comments

I recently needed to run the CLI inside containers (due to our CI platform). Not sure if there's an existing solution to run the CLI inside Docker because the CLI also spawn containers. What I've temporarily done is to just use docker:dind to accomplish this.

Dockerfile goes like this:

FROM golang:1.24-alpine3.21 AS install-dependabot

RUN go install github.com/dependabot/cli/cmd/dependabot@latest \
    && cp $GOPATH/bin/dependabot /usr/local/bin/

FROM docker:28-dind AS runtime
COPY --from=install-dependabot /usr/local/bin/dependabot /usr/local/bin/
ENTRYPOINT ["dependabot"]

Then build: docker build -t dependabot-cli:latest.

And run below to run update on local folder:

docker run \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v $HOME/.docker/config.json:/root/.docker/config.json \
    -v $HOME/repos/repo:/repo \
    --network=host \
    -it \
    --rm \
    dependabot-cli update pip test/test --local /repo

If there's a better way, pls let me know. 🥺

pilosoposerio avatar Apr 04 '25 08:04 pilosoposerio

Hi @pilosoposerio , I'd like to ask you a question: With this Docker image, we won't need root permission to run it anymore, right? Thanks in advance

kennylam91 avatar Oct 06 '25 07:10 kennylam91

Hi @pilosoposerio , I'd like to ask you a question: With this Docker image, we won't need root permission to run it anymore, right? Thanks in advance

I do not understand the question. Pls share more details.

If it's about the user inside the container: I did not set up a non-root user in the image. You can check the base image if they are rootless.

pilosoposerio avatar Oct 06 '25 11:10 pilosoposerio

Hi @pilosoposerio , sorry for my unclear question. My issue is when I run dependabot-cli in the K8s cluster container, it requires securityContext: privileged =true. We want to get rid of it and think that maybe wrapping it in a Docker Image with docker-dind as you did can solve the issue.

kennylam91 avatar Oct 08 '25 01:10 kennylam91

Hi @pilosoposerio , sorry for my unclear question. My issue is when I run dependabot-cli in the K8s cluster container, it requires securityContext: privileged =true. We want to get rid of it and think that maybe wrapping it in a Docker Image with docker-dind as you did can solve the issue.

I am not knowledgeable in K8s so I cannot provide an answer.

pilosoposerio avatar Oct 10 '25 03:10 pilosoposerio