Docker 25 support

[bencwallace]

Would be great to have CodeBuild images with Docker 25, which was just released. As discussed here, this will make it easier to use BuildKit caching during build jobs.

[JohnPreston]

This is also an issue as with 25, running local builds fails with an API issue right away. The only solution is to downgrade/stick to 24.

[Aposhian]

It looks like public.ecr.aws/codebuild/local-builds:latest has v18.09.0 of the docker CLI installed, and docker-compose 1.23.2 installed.

However, if the docker compose file within the local agent is just updated to version 2.1, then it works.

Suggestion found here: https://github.com/docker/compose/issues/5103#issuecomment-322272491

[souhub]

I'd be happy to support v25 as well.

I tried Docker Engine v25, but I got error message

ERROR: client version 1.22 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version

I reinstalled Docker Desktop v4.26.1. It worked. v4.26.1 is the latest using Docker Engine v24. https://docs.docker.com/desktop/release-notes/#4261

[dangeReis]

It looks like public.ecr.aws/codebuild/local-builds:latest has v18.09.0 of the docker CLI installed, and docker-compose 1.23.2 installed.

However, if the docker compose file within the local agent is just updated to version 2.1, then it works.

Suggestion found here: docker/compose#5103 (comment)

I'm a bit confused, where does the docker-compose file need to be updated?

[Aposhian]

Inside the docker image, at /LocalBuild/agent-resources/docker-compose.yml, at the top of the file is:

version: '2'

If you change it to

version: '2.1'

then it doesn't complain anymore.

[dangeReis]

@Aposhian In this repository? I'm not seeing that folder.

[Aposhian]

It isn't in this repository. It is in the public.ecr.aws/codebuild/local-builds docker image. I'm not sure where the source for that is though (I don't think it is public).

[dangeReis]

Now that there have been critical vulnerabilities detected in docker 4.26, as the workaround is no longer tenable.

[day4me]

After updating the docker compose file within the local agent to version 2.1 the error ERROR: client version 1.22 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version disappeared. But I still had problems running the agent. During the execution, it just stuck on Waiting for agent ping step. To fix that, I had to upgrade the docker-compose binary.

I just built the new image using public.ecr.aws/codebuild/local-builds as a base. Dockerfile:

FROM public.ecr.aws/codebuild/local-builds:latest

RUN sed -i "s/version: '2'/version: '2.1'/g" /LocalBuild/agent-resources/docker-compose.yml
RUN curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
RUN chmod +x /usr/local/bin/docker-compose

This is my workaround, for now, to not use the old Docker engine version.

[Aposhian]

During the execution, it just stuck on Waiting for agent ping step.

I ran into the same issue. I just presumed it wasn't docker related. But good to know.

[ghanavat]

How can the version of docker compose be changed inside this docker image public.ecr.aws/codebuild/local-builds, when we don't have access to the source?

[LZY7977]

@ghanavat

CodeBuild installs Docker and Docker Compose in the /usr/local/bin directory. You can manually update their versions by creating a Dockerfile that builds on top of the CodeBuild base images

Here is an example of Dockerfile:

FROM public.ecr.aws/codebuild/local-builds:latest AS layer1

WORKDIR /LocalBuild

RUN set -ex \
    && rm -rf /usr/local/bin/docker \
    && curl -fSL "https://download.docker.com/linux/static/stable/x86_64/docker-25.0.0.tgz" -o docker.tgz \
    && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \
    && rm docker.tgz \
    && docker -v

FROM layer1 AS layer2

RUN set -ex \
    && rm -rf /usr/local/bin/docker-compose \
    && curl -L "https://github.com/docker/compose/releases/download/v2.26.0/docker-compose-linux-x86_64" > /usr/local/bin/docker-compose \
    && chmod +x /usr/local/bin/docker-compose \
    && docker-compose version

This Dockerfile first removes the existing Docker and Docker Compose binaries, then downloads and extracts the specified Docker version into /usr/local/bin. In the second stage, it updates Docker Compose to the specified version. Remember to verify the downloaded versions and adjust the Dockerfile accordingly.

[dangeReis]

@LZY7977 Thank you. Is there a reason this hasn't made it into the official image?

[LZY7977]

CodeBuild has released a new version of the local-build image, which includes upgrades to Docker version 26.1.4 and Docker Compose version 2.27.0. Please download and test the latest images to take advantage of these updates.

[leoherran-aws]

Added support in official images in https://github.com/aws/aws-codebuild-docker-images/commit/1bd6ad2e247b957c8597fc31e172e3d2df185a19