I'll preface this by saying I have precious little experience with Docker, so I might be missing things / misstating things / etc. Mostly just writing this down because it's taking me longer than I was expecting to resolve.
We're currently looking for a clean way to package up extractrepo for deployment. An obvious choice there is docker. All well and good, except, oh wait, extractrepo itself builds and runs docker images:
$ bazel build kythe/go/platform/tools/extraction/extractrepo:extractrepo
$ cp ^ that thing -> some directory with a Dockerfile that just copies in the binary and runs it, along with any deps it needs (git commandline, kythe extraction scripts, etc)
$ docker build --tag test-extract aforementioned-directory
^ The above 3 steps can be replaced with a docker file that handles pulling in kythe, running tools/modules/update, building the extractrepo binary, etc. But that (a) takes a long time, and (b) results in a much larger binary.
Anyways that's not the difficulty, the problem is then:
$ docker run -i -t test-extract -local ~/some/repo ~/some/output/dir
... exec: "docker": executable file not found in $PATH
There's various posts on how to do Docker in Docker, indicating this is technically possible to do:
https://github.com/jpetazzo/dind
But apparently it's not a great idea for all situations:
https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
https://stackoverflow.com/questions/27879713/is-it-ok-to-run-docker-from-inside-docker
Particularly damning is that link from jpetazzo, since they're the one who came up with docker-in-docker in the first place.
I suppose one other alternative might be docker API?
https://godoc.org/github.com/docker/docker/client