Skip to content

Install Docker CLI in codex-universal image #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
krzemienski opened this issue May 17, 2025 · 1 comment
Open

Install Docker CLI in codex-universal image #10

krzemienski opened this issue May 17, 2025 · 1 comment

Comments

@krzemienski
Copy link

krzemienski commented May 17, 2025
edited
Loading

🐳 Feature Request β€” Install Docker CLI (and Compose v2) in codex-universal

Why this matters

Modern production services rarely run directly on the host:

  • Micro-services are packaged as Docker images.
  • Integration tests spin up service meshes with docker compose.
  • CI pipelines rely on container isolation to mirror prod.

When Codex checks out a repo that contains a Dockerfile or a docker-compose.yml, it currently fails at the first docker build … or docker compose up because the base image lacks the Docker CLI. That forces users to:

  1. Rewrite build scripts to fall back to plain Python commands.
  2. Mount a host socket in hackshell mode, losing reproducibility.
  3. Skip container-level integration tests entirely.

What this change does

Add a single line to the Dockerfile:

RUN apt-get update -qq  && apt-get install -y --no-install-recommends docker.io

(On distros where Compose v2 is packaged separately, also add docker-compose-plugin.)

This provides:

  • docker client β€” so the repo can docker build .
  • docker compose β€” for multi-container test stacks (Postgres, Redis, etc.)

No daemon is started; the CLI simply talks to a socket that the Codex runtime can mount (/var/run/docker.sock) or to any rootless daemon the user chooses. The security posture is unchanged while container workflows become possible.

Use-cases enabled

Scenario in repo Current behaviour Behaviour after fix
make test builds an image and runs pytest in it docker: not found Image builds β†’ tests run
npm run dev spins up API & DB with Compose fails immediately Both containers start, enabling end-to-end tests
Mono-repo loop building multiple Dockerfiles crashes on first build All images build; Codex can parse logs

Scope & impact

  • Zero breaking changes for repos that never call Docker.
  • Adds β‰ˆ 25 MB compressed to the image (Ubuntu docker.io package).
  • No need for privileged mode; standard socket pass-through suffices.

Alternatives considered

  • DIND sidecar β€” heavier, requires --privileged.
  • Podman / Buildah β€” different CLI, breaks existing scripts.
  • Kaniko / img β€” build-only, doesn’t address docker compose.

Installing the canonical Docker CLI is the simplest, least intrusive path to parity with real-world dev environments.

Proposed acceptance criteria

  • Inside the codex-universal container, docker --version and docker compose version exit 0.
  • A sample repo containing docker-compose.yml launches successfully inside the sandbox.
  • Image size increase ≀ 30 MB.

Enabling basic Docker tooling lets Codex build, test, and reason about the vast majority of repositories that expect it.
@krzemienski krzemienski mentioned this issue May 17, 2025
Draft
3 tasks
@Fakamoto
Copy link

YES PLEASE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krzemienski @Fakamoto