Use IPAddress in URL to locate proxy container

We've encountered some friction when running Dependabot on Actions
runners in Kubernetes clusters. We're thinking the friction has to do
with DNS resolution, and that using an IP address will prevent that step
from needing to happen.

__tests__/proxy-integration.test.ts

@@ -35,9 +35,6 @@ integration('ProxyBuilder', () => {
     const proxy = await builder.run(jobId, credentials)
     await proxy.container.start()
 
-    expect(proxy.networkName).toBe('dependabot-job-1-internal-network')
-    expect(proxy.url).toMatch(/^http:\/\/1:.+job-1-proxy:1080$/)
-
     const containerInfo = await proxy.container.inspect()
     expect(containerInfo.Name).toBe('/dependabot-job-1-proxy')
     expect(containerInfo.Config.Entrypoint).toEqual([
@@ -46,6 +43,16 @@ integration('ProxyBuilder', () => {
       '/usr/sbin/update-ca-certificates && /update-job-proxy'
     ])
 
+    expect(proxy.networkName).toBe('dependabot-job-1-internal-network')
+
+    const proxyUrl = await proxy.url()
+    expect(proxyUrl).toMatch(/^http:\/\/1:.+:1080$/)
+
+    const proxyIPAddress =
+      containerInfo.NetworkSettings.Networks[proxy.networkName].IPAddress
+    expect(proxyIPAddress.length).toBeGreaterThan(0)
+    expect(proxyUrl).toContain(proxyIPAddress)
+
     const networkInfo = await proxy.network.inspect()
     expect(networkInfo.Name).toBe('dependabot-job-1-internal-network')
     expect(networkInfo.Internal).toBe(true)

__tests__/updater.test.ts

@@ -49,7 +49,9 @@ describe('Updater', () => {
     },
     network: jest.fn(),
     networkName: 'mockNetworkName',
-    url: 'http://localhost',
+    url: () => {
+      'http://localhost'
+    },
     cert: 'mockCertificate',
     shutdown: jest.fn()
   }

src/proxy.ts

@@ -49,7 +49,7 @@ export type Proxy = {
   container: Container
   network: Network
   networkName: string
-  url: string
+  url: () => Promise<string>
   cert: string
   shutdown: () => Promise<void>
 }
@@ -111,7 +111,19 @@ export class ProxyBuilder {
       errStream('  proxy')
     )
 
-    const url = `http://${config.proxy_auth.username}:${config.proxy_auth.password}@${name}:1080`
+    const url = async (): Promise<string> => {
+      const containerInfo = await container.inspect()
+
+      if (containerInfo.State.Running === true) {
+        const ipAddress =
+          containerInfo.NetworkSettings.Networks[`${internalNetworkName}`]
+            .IPAddress
+        return `http://${config.proxy_auth.username}:${config.proxy_auth.password}@${ipAddress}:1080`
+      } else {
+        throw new Error("proxy container isn't running")
+      }
+    }
+
     return {
       container,
       network: internalNetwork,

src/updater-builder.ts

@@ -32,6 +32,7 @@ export class UpdaterBuilder {
       /usr/sbin/update-ca-certificates &&\
        $DEPENDABOT_HOME/dependabot-updater/bin/run ${updaterCommand}`
 
+    const proxyUrl = await this.proxy.url()
     const container = await this.docker.createContainer({
       Image: this.updaterImage,
       name: containerName,
@@ -47,10 +48,10 @@ export class UpdaterBuilder {
         `DEPENDABOT_REPO_CONTENTS_PATH=${REPO_CONTENTS_PATH}`,
         `DEPENDABOT_API_URL=${this.jobParams.dependabotApiDockerUrl}`,
         `SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`,
-        `http_proxy=${this.proxy.url}`,
-        `HTTP_PROXY=${this.proxy.url}`,
-        `https_proxy=${this.proxy.url}`,
-        `HTTPS_PROXY=${this.proxy.url}`,
+        `http_proxy=${proxyUrl}`,
+        `HTTP_PROXY=${proxyUrl}`,
+        `https_proxy=${proxyUrl}`,
+        `HTTPS_PROXY=${proxyUrl}`,
         `ENABLE_CONNECTIVITY_CHECK=1`
       ],
       Cmd: ['sh', '-c', cmd],

src/updater.ts

@@ -51,7 +51,7 @@ export class Updater {
       this.apiClient.params.jobId,
       this.credentials
     )
-    proxy.container.start()
+    await proxy.container.start()
 
     try {
       const files = await this.runFileFetcher(proxy)