feat(core): add volumes-from option to docker run command for bundling

[webratz]

relates to #8799

Describe the feature

Ability to add --volumes-from flag when bundling assets with docker.
This enabled people using Docker in Docker to use CDKs bundling functionality, which is currently not possible.

Use Case

CICD systems often run within a docker container already. Many systems mount the /var/run/docker.sock from the host system into the CICD container. When running bundling within such a container it currently breaks, as docker assume the path is from the host system, not within the CICD container.
The options allows to mount the data from any other container. Very often it will be the current one which can be used by using the HOSTNAME environment variable

Proposed Solution

Add optional property to DockerRunOptions and BundlingOptions that would translate into --volumes-from {user provided option}

This change would not reflect in any CloudFormation changes, but only with the docker commands performed when bundling.

Due to using the --volumes-from option, docker will instead of trying to find the path on the host (where it does not exist) try to use the volume that is created by the container C1 that is actually running the CDK. With that it is able to access the files from CDK and can continue the build.

The following plain docker steps show how this works from the docker side, and why we need to adjust the --volumes-from parameter.

docker volume create builds
docker run -v /var/run/docker.sock:/var/run/docker.sock -v builds:/builds -it docker

Now within the just created docker container, run the following commands.

echo "testfile" > /builds/my-share-file.txt
docker run --rm --name DinDContainer --volumes-from="${HOSTNAME}" ubuntu bash -c "ls -hla /builds"

We see that the second container C2 (here DinDContainer) has the same files available as the container C1.

Alternative solutions

I'm not aware of alternative solutions for this docker in docker use cases, besides of not relying on docker at all, which is out of scope for this MR.

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

• This PR adds new unconventional dependencies following the process described here

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?
    I ran it, but it seems not to have generated something, i might need some guidance there.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[webratz]

I'm not sure how to make the tests work there, as they expect a specific way of how docker is set up, and in which the code is run to test it.
I assume we can not really change the build environment. Happy for any pointers how we could better test this. (The tests work locally, but of course they need to work in the CI env)

[aws-cdk-automation]

This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[webratz]

all tests, except for the probably not fixable docker integration tests, are now working.

[TheRealAmazonKendra]

Please make sure that your PR body describes the problem the PR is solving, and the design approach and alternatives considered. Explain why the PR solves the problem. A link to an issue is helpful, but does not replace an explanation of your thought process (See Contributing Guide, Pull Requests).

Additionally, we need integration tests for this. If they cannot be automatically run, we at least need steps for validation added to show how this was tested manually.

[TheRealAmazonKendra]

We shouldn't have tests commented out. If the tests are failing, that generally indicates something isn't quite right here.

[webratz]

Hey,
the problem here is, that the fix solves a problem for specific docker in docker situations which require that specific environment to be there to be tested.
From my tries i was unable to mock this docker within docker situation in the CDK test suite, as this heavily depends on where the tests are run.
I would remove the test here, as it mostly would test basically the docker configuration, but not tell much about the functionality of the CDK code.

[webratz]

I added some notes on how to reproduce the steps solely with docker in the issues description.
I'm still trying to find a way to make that testable, but as the CI environment is different than what is available local its very time consuming back and forth of seeing if a change works or not

[TheRealAmazonKendra]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[aws-cdk-automation]

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

[webratz]

Contributing Guide, Pull Requests

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

🤔 The name is: feat(core): add volumes-from option to docker run command for bundling
Looking at https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md#step-4-pull-request this seems to match the requirements. What am i missing here?

Pull Request updated. Dissmissing previous PRLinter Review.

[aws-cdk-automation]

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

Pull Request updated. Dissmissing previous PRLinter Review.

[aws-cdk-automation]

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

[Naumel]

The title issue can be easily written away, what is relevant is the build failing:

[jsii-rosetta] [INFO] Adding translations to /root/.s3buildcache/rosetta-cache.tabl.json
�[96m@aws-cdk.aws-lambda-python-alpha-README-L150.ts�[0m:�[93m15�[0m:�[93m5�[0m - �[91merror�[0m�[90m TS2304: �[0mCannot find name 'lambda'.

�[7m15�[0m new lambda.PythonFunction(this, 'function', {
�[7m  �[0m �[91m    ~~~~~~�[0m
[jsii-rosetta] [WARN] 1 diagnostics from assemblies with 'strict' mode on (and 410 more non-strict diagnostics)

Pull request has been modified.

[aws-cdk-automation]

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

Pull request has been modified.

[aws-cdk-automation]

The Pull Request Linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

[alekitto]

Hi @webratz,
This is a very useful addition, but unfortunately does not fix #8799, but only a very specific case.

In fact it is not useful when trying to build assets using a remote docker host (via docker-machine for example).
In addition you have to know exactly how the deployment environment is built and works and reflect it in your constructs, meaning that your constructs are dependent on a very specific environment.

Anyway, as I said, this is a useful addition as exposes another docker flag which is now hidden and that's good, but IMO is definitely not a fix of the linked issue.

[aws-cdk-automation]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[webratz]

Hi @webratz, This is a very useful addition, but unfortunately does not fix #8799, but only a very specific case.

In fact it is not useful when trying to build assets using a remote docker host (via docker-machine for example). In addition you have to know exactly how the deployment environment is built and works and reflect it in your constructs, meaning that your constructs are dependent on a very specific environment.

Anyway, as I said, this is a useful addition as exposes another docker flag which is now hidden and that's good, but IMO is definitely not a fix of the linked issue.

You are right, for the remote use case this one would not help

[webratz]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

Several changes have been made since the comments added by @TheRealAmazonKendra - but no further review happened. So I'm not really sure what to add additionally

[webratz]

The pull request linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

Its unclear to me what the problem here is actually.
The title of this is feat(core): add volumes-from option to docker run command for bundling which is to my understanding a valid title according to https://www.conventionalcommits.org/

Looking at previously merged PRs
https://github.com/aws/aws-cdk/pulls?q=is%3Apr+feat%28core%29+is%3Aclosed this actually seems to be following the same pattern. What am I missing here?

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: d6b0bd4
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

PRs must pass status checks before we can provide a meaningful review.