Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

pipeline: Error response from daemon: authorization denied by plugin pipelines

Luis Villamarin
Luis Villamarin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 24, 2024

Hi, 

I'm new to bitbucket pipelines. 

I'm trying to build a Knative Function using the pipeline. I am able to install all the dependencies needed for the job. However, when I comes to building the image (Paketo under the hood). I run into this error:

Error: executing lifecycle: failed to create 'creator' container: Error response from daemon: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories
Here's how my `bitbucket-pipeline.yml` looks like:
image: lv10/kn-tools:latest

definitions:
  steps:
    - step: &test_function
        name: "Linting, Building and Testing Function"
        services:
          - docker
        caches:
          - docker
        script:
          - export PATH=/usr/bin:$PATH
          - export DOCKER_BUILDKIT=0
          - ACCEPT_EULA=Y apt-get install
          - wget -qo - https://packages.microsoft.com/keys/microsoft.asc
          - apt-key add microsoft.asc
          - make build
          - docker login ${ACR_REGISTRY} --username ${ACR_USER} --password ${ACR_PASSWORD}
          - kn func build --registry ${ACR_REGISTRY} --image ${ACR_REGISTRY}/corp-funcs/monitor-func:dev-0.0.1 -v
          - docker push ${ACR_REGISTRY}/corp-funcs/monitor-func:dev-0.0.1
`kn func build` creates a docker image, in the process of building that image the pipeline fails with the above listed error message. I have tried adding `export PATH=/usr/bin:$PATH` and `export DOCKER_BUILDKIT=0` but that hasn't helped.
Building the image using docker directly is not an option since `kn func build` builds the image in specific way by adding a few dependencies that `knative` needs to run the function.
From what I have read the image will fail to install because bitbucket doesn't support docker run, which `kn func build` apparently does so internally.
Is there a way to get around this apparent limitation of bitbucket-pipelines?
Answer
Watch
Like Be the first to like this
410 views

2 answers

0 votes
Nehemias Herrera
Nehemias Herrera September 13, 2024

Since last night we began to get this error in our bitbucket pipelines, nothing has changes in out files, we do mount a host folder as a volume, has anything changed ?

we mount volumes in a docker-compose.yml file like this:

 

```

volumes:
   - ./test-results:/opt/test-results
```
error from docker service:
returned error: authorization denied by plugin pipelines: --mounts is not allowed"
View More Comments
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 17, 2024

Hey @Nehemias Herrera ,

this issue seems to happen only on latest versions of composer (>=2.29.3).

You may be using an docker image that was updated with the new composer version which caused your build to start failing.

In this case, could you try downgrading to composer v2.29.2 or use a different docker image that comes with composer <= 2.29.2 and let us know if the issue persists?

Thank you, @Nehemias Herrera !

Patrik S

Like
Nehemias Herrera
Nehemias Herrera September 17, 2024

@Patrik S thank you for your reply and sorry for not posting before, as you mentioned, it was the latest version of docker, in our case, it was docker:27.2-dind, we solved our issue by using the earlier version docker:27.1-dind 

we were referencing docker:dind, which point to the latest version, we locked it to 

docker:27.1-dind 

Like
Reply
0 votes
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 25, 2024

Hello @Luis Villamarin and welcome to the Community!

The error message you reported is caused because the command you are executing is trying to start a new container and mount a directory inside the container, but since this directory is outside of the 

$BITBUCKET_CLONE_DIR

pipeline is not allowing it.

For security reasons, the pipeline environment does not allow volume mounts outside the clone directory as stated in Docker - Full list of restricted commands.

In this case, you would either have to:

  • Configure the command you are executing to mount a directory within the accepted path
    OR
  • Execute the build in a self-hosted runner where you can define a custom docker-daemon that does not have the limitation on volume mounting.

Thank you, @Luis Villamarin !
Patrik S

View More Comments
Luis Villamarin
Luis Villamarin
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 10, 2024

Thank you Patrik. I had to move away from Bitbucket, unfortunately there wasn't anyway for me run Knative CLI build or deploy commands. I couldn't specify `$BITBUCKET_CLONE_DIR` for Knative CLI to be aware of.

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events