I'm looking to trigger a script on my host system directly from a Docker container. I have a bash script that performs a git pull to update my docker-compose file, stops old containers, and starts new ones. Initially, I thought about just using cron for this, but I want to automate it further using a GitHub webhook to deploy changes as soon as the repository is updated.
Currently, I've set up a container with webhook functionality and a deploy-wrapper shell script that tries to execute the host script using 'nsenter', but I keep running into a 'Permission denied' error with the IPC namespace. Claude suggested running this as root, but I'm hesitant about making the container privileged. Is there a better way to approach this?
4 Answers
I get what you're trying to do, but it sounds like you're overcomplicating things. Instead of running everything from the container, think about using CI/CD tools to handle the building and deployment for you. Automation can often be handled better outside the container setup, especially if you're just managing a few containers.
You definitely need a way for your container to communicate back to the host. Consider running that webhook listener directly on the host instead of in a container. This way, when your container triggers it, the host can directly execute your script without dealing with permission issues. Another option is to use file watchers on the host that look for file changes the container makes.
You might want to check if you can SSH from your container to the host machine and execute your script that way. It can be a good workaround if you don't need to keep everything completely isolated.
Another approach is to have your container write a signal to a shared volume that the host monitors. The host can have a cron job or a simple script that checks this volume for changes and reacts accordingly. You could even use a lightweight database to keep track of changes more robustly.
But isn't that what Docker Swarm does? It’s supposed to orchestrate container deployments. I'm just working with a single host and I want a simple method to update and restart my containers right after I push changes.