Running docker from a CommandLineTool

I have the same problem, the code below doesn’t work:

baseCommand: [docker, run, -v, /data:/data, --user, $(id -u):$(id -g), image1:v1]

Hi Locos,

This probably could have been a comment on the question you linked.

Regardless, in order for someone to assist you, please provide a fully reproducible example (not just the base command attribute) along with any errors that you’re seeing along with what you’re expecting to run?

Speculating with the limited code above, I think you ought to put the docker components in the DockerRequirement section of your CWL CommandLineTool, i.e

requirements:
  DockerRequirement:
    dockerpull: image1:v1

The baseCommand section should then represent the script inside the docker container you are wanting to run. i.e

baseCommand: [ "bash", "myscript.sh" ]

cwltool will handle the -v/--volume parameters based off your inputs and most implementations will assign a rootless random uid for the -u/--user parameter.

2 Likes

[Note: Locos’s question was originally a comment, but I moved their post to its own topic and added the link, so it could have its own answer and since so much time had passed since the original topic was answered. Thank you @alexiswl , as always, for helping out here!]

1 Like

@alexiswl answers the real question, how do I run a command that is inside an OCI image?.
Is it useful to add that the answer to the specific question, how do I run docker …? is probably: don’t?

I would think that running docker as the baseCommand would be an antipattern to be avoided, since it hides the intention of the step, The true command can only be found by inspecting the Entrypoint property of the config object in the in the OCI image. The name of the image might reflect that but might not.

Asking the tool to run docker explicitly also hinders portability, since it imposes a strong infrastructure requirement about the runtime. Whereas by separating the requirement from the command, in the way @alexiswl explains, one can use any executor that can resolve the requirement of running an OCI image, whether or not it is docker or something else.

(In the question the OCI image name is fortunately an immutable part of the command. A generic docker command line tool would go against the best practices, where it is recommended to reify even variants of the same executable in separate command line tool.)

1 Like