Hello @Jiwon Jeon ,
Thank you for reaching out to Atlassian Community!
From the description and the error message you shared I suspect that the API call that Gradle is trying to do to create the docker container, is not passing the security validations that are implemented in Bitbucket Pipelines.
In order for us to have more details about the error, could you please share the docker logs of the failing build? You can find the docker logs in the UI by navigating to the pipeline that failed, and in the logs section click on docker tab and share it with us here.
time="2023-11-03T17:28:44.136448922Z" level=error msg="AuthZRequest for POST /v1.24/containers/create returned error: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories"
Above you can read the docker log. I'm facing the same issue when running a maven plugin that runs Packeto Buildpack.
mvn spring-boot:build-image
It's related to this one.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Denis Baltor ,
From the error message, it seems like the package is trying to create a container and mount a volume outside of the $BITBUCKET_CLONE_DIR, which is restricted by pipelines as described in Full list of restricted commands :
--volume, -v (other than /opt/atlassian/bitbucketci/agent/build/.* or /opt/atlassian/pipelines/agent/build/.*)
These restrictions only apply to builds executed in our cloud infrastructure and are in place due to security reasons.
These restrictions don't apply to the self-hosted pipeline Runners, so one alternative is to use self-hosted runners to execute your build.
Thank you, @Denis Baltor !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Patrick S thanks for reaching out. You're spot on!
The good news is that Spring Boot 3.2 is coming out with the option to configure the folders used by the buildpack's builder image so we can adhere to BB security standards.
I've shared the solution below:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.