Hi
Not sure if this has been asked before, I could not find any reference to it...
My team is using a Dockerfile with experimental syntax, which basically allows using features from Docker build kit, allowing to mount secrets to the image during build phase for security reasons.
This buildkit feature has actually been available in Docker since 18.09, as the offical docs indicate.
Whenever we try and run a docker build inside our pipeline, we get the following error:
$ export DOCKER_BUILDKIT=1 && docker build --progress=plain -t "our-image-tag" --secret id=ourauth,src="$HOME/.xxx” .
#2 [internal] load build definition from Dockerfile
#2 digest: sha256:2afcf7d89ff49a08d90da71b3aba3930c8bb1cb8cdd728e3e4e31c1a573e1f8c
#2 name: "[internal] load build definition from Dockerfile"
#2 started: 2020-03-03 11:37:00.125995097 +0000 UTC
#2 completed: 2020-03-03 11:37:00.126086328 +0000 UTC
#2 duration: 91.231µs
#2 started: 2020-03-03 11:37:00.12622561 +0000 UTC
#2 completed: 2020-03-03 11:37:00.132543781 +0000 UTC
#2 duration: 6.318171ms
#2 error: "no active session for pdnh8ofawlvby9mkoc46ib94w: context canceled: context canceled"
#1 [internal] load .dockerignore
#1 digest: sha256:870dccb4e89095f80779748e699c4218a22a52db160ff1012487ca312d89299d
#1 name: "[internal] load .dockerignore"
#1 started: 2020-03-03 11:37:00.125995846 +0000 UTC
#1 completed: 2020-03-03 11:37:00.126194392 +0000 UTC
#1 duration: 198.546µs
#1 started: 2020-03-03 11:37:00.12628914 +0000 UTC
#1 completed: 2020-03-03 11:37:00.132486681 +0000 UTC
failed to dial gRPC: unable to upgrade to h2c, received 403
#1 duration: 6.197541ms
#1 error: "no active session for pdnh8ofawlvby9mkoc46ib94w: context canceled: context canceled"
I've also noticed some other people getting stuck with this issue
Is there any way that we can make this work in the pipeline?
Any feedback is appreciated.
I am sure you can understand the security benefits of allowing to use docker build kit for building images.
Kind regards,
Since there is already a request logged at https://jira.atlassian.com/browse/BCLOUD-17590 for this issue, it's best to follow that.
Is docker daemon needed in that version or would it suffice if the docker client is of a newer version?
Last time I've looked the docker client in Atlassion Bitbucket Cloud Pipelines Plugin would be in a matching version:
$ docker --version
Docker version 18.09.1, build 4c52b90
which might mean that there could be support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Currently, there does not seem to be support for this. I am guessing their docker daemon is just not allowing things like experimental dockerfile syntax (which is required to define mounts on the dockerfile for secrets etc.)
There is some interest gathering about this topic though: https://jira.atlassian.com/browse/BCLOUD-17590
I recommend following that ticket until they add support for buildkit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Gerhard Willemse Thanks for keeping me in the loop. Very interesting topic, much appreceated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.