Getting Trouble building gradle project on Bitbucket Pipeline

전지원 April 16, 2023
Hi, I found that the build for the Spring Boot project is failing through Bitbucket Pipeline.
The error message 'gradle bootBuildImage' task indicates that `docker api call to localhost:2375/v1.24/containers/created failed with status code 403 Forbidden`
This seems to be due to the fact that when the Gradle Build Task runs, the Paketo Buildpack (paketo.io) runs together.
What should I consider in order for a normal build to proceed with runner on Cloud?
```yaml
image: atlassian/default-image:3

pipelines:
branches:
poc/*:
- step: &gradle-build
name: Gradle Build
image: openjdk:17-alpine
services:
- docker
script:
- ./gradlew bootBuildImage
```

1 answer

1 vote
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 18, 2023

Hello @전지원 ,

Thank you for reaching out to Atlassian Community!

From the description and the error message you shared I suspect that the API call that Gradle is trying to do to create the docker container, is not passing the security validations that are implemented in Bitbucket Pipelines.

In order for us to have more details about the error, could you please share the docker logs of the failing build? You can find the docker logs in the UI by navigating to the pipeline that failed, and in the logs section click on docker tab and share it with us here.

Denis Baltor November 3, 2023
time="2023-11-03T17:28:44.136448922Z" level=error msg="AuthZRequest for POST /v1.24/containers/create returned error: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories"


Above you can read the docker log. I'm facing the same issue when running a maven plugin that runs Packeto Buildpack.

mvn spring-boot:build-image 


It's related to this one.

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 8, 2023

Hello @Denis Baltor ,

From the error message, it seems like the package is trying to create a container and mount a volume outside of the $BITBUCKET_CLONE_DIR, which is restricted by pipelines as described in Full list of restricted commands

  • --volume, -v (other than /opt/atlassian/bitbucketci/agent/build/.* or /opt/atlassian/pipelines/agent/build/.*)

These restrictions only apply to builds executed in our cloud infrastructure and are in place due to security reasons.

These restrictions don't apply to the self-hosted pipeline Runners, so one alternative is to use self-hosted runners to execute your build.

Thank you, @Denis Baltor !

Patrik S 

Like Denis Baltor likes this
Denis Baltor November 10, 2023

Hi @Patrick S thanks for reaching out. You're spot on!
The good news is that Spring Boot 3.2 is coming out with the option to configure the folders used by the buildpack's builder image so we can adhere to BB security standards.

I've shared the solution below:

https://stackoverflow.com/a/77426230/7066647

Like Patrik S likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events