Can I run a docker container in an exec job?

TL;DR : can I launch containers in an exec job?

More detail:

I’ve got a job which runs the Github Actions runner. It registers to Github and waits for workflow jobs. The jobs start and I see the runner running. So far so good.

Now: Many of the jobs invoke Docker containers via github actions, so my exec chroot needs access to the docker socket.

From what I’ve read, it seems that this is only possible with the raw_exec driver.

Can someone confirm this?


Can someone confirm this? No. There looks to be multiple misconceptions here.

Docker daemon is a process that runs docker commands. To run docker stuff, you have to connect to docker daemon.

You can connect via a socket file on the host to the docker daemon on the host. You can use this socket file with raw_exec driver. You can mount this socket file from host to exec driver and then use it.

You can also connect to docker daemon via TCP or SSH. From possibly any driver with network access. See docker daemon documentation, I like to refer to docker - What are the possible formats of the DOCKER_HOST URLs? - Stack Overflow .

Also, I think, but I am not 100% sure about this, you should be able to run your own separate private instance of docker daemon inside the exec driver and connect to that private docker daemon running inside exec driver within the exec driver.

We however use docker driver exclusively and run It runs a GitHub-actions-runner in docker, and then starts docker-in-docker instance. This works great (in not “EPHEMERAL” mode) and fine without autoscaling. You may want to research docker-in-docker.

There is however no “GitHub actions runner autoscaler” service written for Nomad that I could find publicly and would work. To achieve autoscaling and running GitHub-actions runner in “EPHEMERAL” modes, I had to write ~100 line script in python code. But we also wanted additional logic - to run a different GitHub-actions runner docker container in Nomad, depending on GitHub workflow tags. It was one to one rewritten in Python with additional logic.