PHP Build Pipeline: Composer Diagnose: Checking pubkeys: FAIL

Joel Webb May 18, 2023

I'm receiving the following, when a week ago this would pass just fine.

 

This is failing the pipeline build.  The certs cannot be downloaded and run as this is an interactive prompt and can't be done problematically.

Wondering if the Bitbucket SSL cert issue on Monday would have something to do with this possibly?

 

+ /usr/local/bin/php /usr/bin/composer.phar diagnose
2
Checking composer.json: OK
3
Checking platform settings: OK
4
Checking git settings: OK git version 2.40.1
5
Checking http connectivity to packagist: OK
6
Checking https connectivity to packagist: OK
7
Checking github.com rate limit: OK
8
Checking disk free space: OK
9
Checking pubkeys: FAIL
10
Missing pubkey for tags verification
11
Missing pubkey for dev verification
12
Run composer self-update --update-keys to set them up
13
Checking composer version: OK
14
Composer version: 2.5.5
15
PHP version: 8.1.18
16
PHP binary path: /usr/local/bin/php
17
OpenSSL version: OpenSSL 3.1.0 14 Mar 2023
18
cURL version: 8.0.1 libz 1.2.13 ssl OpenSSL/3.1.0
19
zip: extension not loaded, unzip present, 7-Zip not available

1 answer

0 votes
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 19, 2023

Hello @Joel Webb and thank you for reaching out to the Community!

In order for us to investigate further, would it be possible for you to share the bitbucket-pipelines.yml file with us here?  I would like to have a look at the docker image you are using in your build, so I can do a similar test on my end.

Thank you, @Joel Webb !

Patrik S

Joel Webb May 21, 2023

This isn't formatted. Something is stripping the indentation within the yaml. But this is as best as I could get it to look.

 

---
# PropBot PHP Build

# This template allows you to validate your PHP application.
# The workflow allows running tests and code linting on the default branch.
#
# This should allow us to run our code, but execute the tests along with it
#
# README:
# https://support.atlassian.com/bitbucket-cloud/docs/configure-bitbucket-pipelinesyml/

image: php:8.1.18-fpm-alpine

pipelines:
branches:
staging:
- step:
name: Linting and PHPStan
script:
- apk update
- apk add composer git
- /usr/local/bin/php /usr/bin/composer.phar self-update
# Running locally - cd /app/propbot
- /usr/local/bin/php /usr/bin/composer.phar install
- ./vendor/bin/parallel-lint . --exclude vendor/
caches:
- composer
- step:
name: PHPStan
script:
- env | sort
- pwd
- ls
- apk add composer git bash libxml++-2.6 php-tokenizer php-dom php-xmlwriter php-xml
- apk update
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar diagnose
- /usr/local/bin/php /usr/bin/composer.phar install
- git config --global --add safe.directory /app/propbot
- git submodule init
- git submodule update vendor/google-api-php-client/
- git submodule update vendor/stripe-php
- cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini
- sed -i 's/memory_limit = 128M/memory_limit = 1G/g' /usr/local/etc/php/php.ini
- /usr/local/bin/php ./vendor/bin/phpstan --configuration=phpstan.neon -vvv --debug
caches:
- composer
- step:
name: Testing
script:
- apk update
- apk add composer
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar install
# Followed these directions
# https://rohjay.one/how-to-easily-setup-phpunit-tests-for-codeigniter-3/
# However the myFirstTest.php does not work
- ./vendor/bin/phpunit
caches:
- composer
pull requests:
- step:
name: Lint and PHPStan Checks
script:
- composer install
- ./vendor/bin/phplint . --exclude=/vendor/
caches:
- composer
- step:
name: PHPStan
script:
- apk add composer git bash libxml++-2.6 php-tokenizer php-dom php-xmlwriter php-xml
- apk update
- /usr/local/bin/php /usr/bin/composer.phar self-update
- /usr/local/bin/php /usr/bin/composer.phar diagnose
- /usr/local/bin/php /usr/bin/composer.phar install
- git config --global --add safe.directory /app/propbot
- git submodule init
- git submodule update vendor/google-api-php-client/
- git submodule update vendor/stripe-php
- cp /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini
- sed -i 's/memory_limit = 128M/memory_limit = 1G/g' /usr/local/etc/php/php.ini
- /usr/local/bin/php ./vendor/bin/phpstan --configuration=phpstan.neon -vvv --debug
caches:
- composer
- step:
name: Testing
script:

- ./vendor/bin/phpunit
caches:
- composer

 

 

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2023

Hello @Joel Webb ,

Thank you for sharing the YML file with us.

It seems like the issue is that the docker image you are using is not coming with the composer certificates, and neither the apk add composer is installing those certificates. 

I was able to get the diagnose to pass by installing composer following the instructions of Download composer documentation. You will need to include the following commands as part of your step's script, before the diagnose command : 

- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
- php composer-setup.php
- php -r "unlink('composer-setup.php');"

This should properly install composer with the required certificates. You can try including those commands in your yml file and let us know how it goes.

Thank you, @Joel Webb !

Patrik S

Joel Webb May 22, 2023

Thanks Patrik. The issue is a week before, the pipeline worked fine. The only state that changed was that I know Bitbucket changed SSL certs. But I wasn't sure of any downstream affect, if any.

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2023

Hello @Joel Webb ,

From the symptoms of the error, it doesn't seem to be an effect of the recent Bitbucket SSH rotation. The image you are using php:8.1.18-fpm-alpine

was last updated 11 days ago according to Dockerhub. The changes on this update might have caused your pipeline to start failing. Also, you are downloading the dependencies during the build time using the apk add command. Those dependencies are controlled by a third party and they might have been changed/updated during this period, which might have caused your build to start failing, even though your code didn't actually change.

I would suggest trying to include the commands I've shared in my previous response to your step's script, and it should install composer along with the necessary certificates.

Thank you, @Joel Webb !

Patrik S

Joel Webb June 21, 2023

@Patrik S It's happening again.

I just ran the docker pipeline locally, and it ran fine without the suggested cert install code.

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2023

Hey @Joel Webb ,

Could you share what exact command you used to spin up the local container, and also the sequence of commands you have executed inside the container? 

Joel Webb June 26, 2023

@Patrik S Correction. I loaded the certs manually on a subsequent step. But generally I am getting past this issue by running without the composer diagnose.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events