Bitbucket pipelines authorization denied by plugin pipelines

Marian Terchila September 28, 2022

I am currently trying to build a bitbucket pipeline which is supposed to run a docker-compose file to test a microservice before deployment. The docker compose file is supposed to build my microservice image and run it.

This all seems to work fine locally, however, when I move things to the pipeline I constantly keep getting this error:

#1 [internal] booting buildkit
#1 pulling image moby/buildkit:buildx-stable-1
#1 pulling image moby/buildkit:buildx-stable-1 2.4s done
#1 creating container buildx_buildkit_default 0.0s done
#1 ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
------
 > [internal] booting buildkit:
------
Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed

Dockerfile

FROM node:12-alpine
WORKDIR /app/playground
RUN npm install npm@7.1.2
RUN rm -rf /usr/local/lib/node_modules/npm
RUN mv node_modules/npm /usr/local/lib/node_modules/npm
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
CMD [ "npm", "run", "start" ]

docker-compose.yml

version: "3"
services:
  playground:
    build: .
    ports:
      - 9111:9111
    env_file:
      - ./envs/test.env

I understand that bitbucket pipelines have some mechanism to prevent certain operations from executing for security reasons, but as far as I am aware I am not doing that here.

Any idea of how I could possibly fix this error?

6 comments

Alexander Prams September 29, 2022

I'm currently having the same error, could you resolve it?

Marian Terchila October 7, 2022

I have managed to find a working solution to this.

Instead of using build: . in your docker-compose.yml, build the image from the Dockerfile as part of the pipeline and use that image tag in your docker-compose.yml

docker-compose.yml becomes

version: "3"

services:
cases-ms:
image: cases-ms

 pipeline becomes

- step:
name: Unit tests and Snyk scan
image: alpine:3.12
runs-on:
- self.hosted
- linux
services:
- docker
script:
- apk add nodejs npm curl
- chmod +x /usr/local/bin/docker-compose
- echo //registry.npmjs.org/:_authToken=$NPM_TOKEN_READ_ONLY >> .npmrc
- docker build . -t $BITBUCKET_REPO_SLUG
Alexander Prams October 11, 2022

Thanks for the followup! I actually also resorted to building with docker build but am also running my 3 containers with docker run separately now, so I was basically rebuilding docker-compose. That was feasible for just 3 containers, but yeah. 

I will try your approach as well :) 

wrc92 October 25, 2022

I was able to get a docker-compose build working by adding this at the beginning of my script:

- export DOCKER_BUILDKIT=0
Like # people like this
Stephan Hohn February 14, 2023

Added 

DOCKER_BUILDKIT=0

as build/repository variable 

Like # people like this
Alessandro Muraro June 1, 2023

Thanks Stephan

Rich Kalsky June 2, 2023

I too was getting this error:

+ docker build --build-arg SSH_PRIVATE_KEY -t $IMAGE_NAME .
WARNING: No output specified with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load
#1 [internal] booting buildkit
#1 pulling image moby/buildkit:buildx-stable-1
#1 pulling image moby/buildkit:buildx-stable-1 3.4s done
#1 creating container buildx_buildkit_default 0.0s done
#1 ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
------
> [internal] booting buildkit:
------
ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed

So I added the "export DOCKER_BUILDKIT=0" and that allowed it to build, BUT it says it's deprecated. So now what do I need to do to future-proof my pipeline?

+ docker build --build-arg SSH_PRIVATE_KEY -t $IMAGE_NAME .
bash: warning: command substitution: ignored null byte in input
bash: warning: command substitution: ignored null byte in input
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
environment-variable.
Like # people like this
Matheus Eble June 2, 2023

up

Somarjun Chandolu June 4, 2023

up

Mark Bence Kiss June 5, 2023

Same here! 

Tuomas Pesola June 5, 2023

Same here. Any suggestions?

Fabio Parlascino June 6, 2023

Suddenly having the same issue.

Andreas Friesicke June 6, 2023

up

Thanakorn Khuntum June 6, 2023

I had the same problem 14 days ago still working.

Like mattchatterley likes this
Patrick Nelson June 12, 2023

Check out Theodora's solution (from Atlassian) in this answer here: https://community.atlassian.com/t5/Bitbucket-questions/Re-Docker-build-failing-for-buildkit-with-error-authori/qaq-p/2381177/comment-id/94515#M94515

Basically, another good solution might be to update the $PATH to point to /usr/bin so you don't have to manually disable BuildKit (especially useful if the legacy builder ever ends up going away, possibly breaking things again).

Like claytonjy likes this
Sean Sedman June 6, 2023

Adding export DOCKER_BUILDKIT=0 to the build pipeline resolved my issue but as already mentioned in a previous comment, the legacy builder is deprecated and will be removed eventually.

More information about BuildKit can be found in the Docker Documentation.

Like matteo.angiari likes this
Thanakorn Khuntum June 6, 2023

OMG

add

export DOCKER_BUILDKIT=0

in bitbucket-pipelines.yml

- export DOCKER_BUILDKIT=0
- docker build -t ...
it working for me
Takudzwa Shumbamhini July 6, 2023

Hi all

Neither adding export DOCKER_BUILDKIT=0 nor editing $PATH in bitbucket pipelines worked for me. Anyone has a solution outside of these? I tried adding either one, and both of them at the same time and still did not resolve the problem.

 

- export DOCKER_BUILDKIT=0
- echo "BuildKit ${DOCKER_BUILDKIT}"

- export USR=/usr/bin
- export PATH=$USR:$PATH
- echo "Path ${PATH}"
But im still getting

#1 [internal] booting buildkit
12
#1 pulling image moby/buildkit:buildx-stable-1
13
#1 pulling image moby/buildkit:buildx-stable-1 2.8s done
14
#1 creating container buildx_buildkit_default done
15
#1 ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
16
------
17
 [internal] booting buildkit:
18
------
19
ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed
20
Daniel Engelhardt February 14, 2024

For anybody who stumbles upon this, my issue was that I was trying to mount a named volume to one of my containers, which apparently isn't allowed in bitbucket.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events