I'm aware, that one can run docker commands in a container by passing in the socket as described here as well as multistage builds as detailed here
My usecase is a bit different. I'm trying to build a Docker Container for SCION, which itself uses Docker.
A "quick & dirty" solution could be to simply run ./scion.sh topology on startup of the container, with passed in Docker socket, however that wouldn't be the most efficient way, since the command takes some time to run.
Therefore the question is, can I run Docker commands during the build phase?
Yes, you can.
The examples below will print out the running containers on the host during build phase.
If your docker daemon is already accepting tcp connections on 2375 then here is an example of how to do it:
docker build -t docker-test --network host - << EOF
FROM docker:latest
# if 0.0.0.0 doesn't work for you then replace it with host IP
ARG DOCKER_HOST=tcp://0.0.0.0:2375
RUN docker container ls
EOF
If your host is not accepting TCP connections and you don't want to enable that, then you can run a parallel SOCAT container that will forward traffic on 2375 to the docker socket. Here is how you start it:
docker run -d --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 127.0.0.1:2375:12345 \
bobrik/socat TCP-LISTEN:12345,fork UNIX-CONNECT:/var/run/docker.sock
Check the container starts and then run the docker build command to see it work.
I tested this on MacOS and Linux.
UPDATE:
Based on the comments, here is a more secure solution:
docker run -d --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
--hostname socat \
--name socat \
bobrik/socat TCP-LISTEN:12345,fork UNIX-CONNECT:/var/run/docker.sock
docker build -t docker-test --network container:socat - << EOF
FROM docker:latest
# if 0.0.0.0 doesn't work for you then replace it with host IP
ARG DOCKER_HOST=tcp://socat:12345
RUN docker container ls
EOF
This way your build process connects to a different container and no need to join the host network.