Why is my OAuth request from within docker being rejected?

Andrew Williamson May 1, 2022

I'm trying to run the Windows runner in a docker container. I've got the following dockerfile:

FROM chocolatey/choco
RUN choco install -y git
RUN choco install -y openjdk
RUN choco install -y dotnet-6.0-sdk
RUN choco install -y azure-cli
ADD https://product-downloads.atlassian.com/software/bitbucket/pipelines/atlassian-bitbucket-pipelines-runner-1.315.zip bitbucket-pipelines-runner.zip
RUN powershell -Command Expand-Archive bitbucket-pipelines-runner.zip C:\bitbucket-pipelines-runner
COPY start.ps1 /bitbucket-pipelines-runner/bin/start.ps1
ENV BITBUCKET_WORKING_DIRECTORY C:\\bitbucket-pipelines-runner\\temp
ENV BITBUCKET_RUNNER_ENVIRONMENT PRODUCTION
ENV BITBUCKET_INITIAL_DELAY 0
ENV BITBUCKET_UPDATE_PERIOD 30
ENV BITBUCKET_CLEAN_FOLDERS false
WORKDIR C:/bitbucket-pipelines-runner/bin
ENTRYPOINT ["powershell", "./start.ps1"]

The `start.ps1` powershell script has been modified to look for environment variables instead of command line parameters. When I start the container, the runner quickly fails with the message: 

[2022-05-02 12:46:40,152] Runner version: 1.315

[2022-05-02 12:46:40,199] Runner runtime: windows-powershell

[2022-05-02 12:46:42,902] Starting websocket listening to RUNNER_UPDATED events.

[2022-05-02 12:46:43,054] Updating runner status to "ONLINE" and checking for new steps assigned to the runner after 0 seconds and then every 30 seconds.

[2022-05-02 12:46:43,514] Updating runner state to "ONLINE".

[2022-05-02 12:46:45,179] An error occurred whilst updating runner state to "ONLINE".

org.springframework.web.reactive.function.client.WebClientResponseException$BadRequest: 400 Bad Request from POST https://auth.atlassian.com/oauth/token

at org.springframework.web.reactive.function.client.WebClientResponseException.create(WebClientResponseException.java:196)

Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:

Error has been observed at the following site(s):

*__checkpoint ⇢ 400 from POST https://auth.atlassian.com/oauth/token [DefaultWebClient]

...

 What could be causing this issue?

 

Motivation:

We have a mono-repo, with lots of small services that can be built in parallel. They are defined as parallel steps, but it seems the runner only handles one job at a time so our CPU is under-utilized and our builds are taking a very long time. I understand this limitation; tools like azure-cli have global state for the login details so it's not a good idea to run jobs in parallel on the same machine. As a workaround, I'm trying to set up multiple docker containers on the build server.

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
0 votes
Answer accepted
Andrew Williamson May 3, 2022

I had to install a proxy server and inspect the requests to see what was happening. It was simply a mistake in the environment variable configuration, stopping the BITBUCKET_OAUTH_ID variable from being used correctly

TAGS
AUG Leaders

Atlassian Community Events