Open seanmyath opened 1 year ago
Looking at the 403 Error, there does not seem to be an issue in communicating with docker, but something with the docker setup itself.
Have you already tried : https://stackoverflow.com/questions/73882715/bitbucket-pipelines-authorization-denied-by-plugin-pipelines
Thanks for reply @sriram-mv
Just tried it, added - export DOCKER_BUILDKIT=0
to my pipeline before running sam local command. This unfortunately did not fix the issue.
Also tried adding - export PATH=/usr/bin:$PATH
to my bitbucket pipeline. Did not fix, still getting same output with 403 error sadly.
I was looking through the source files of sam-cli local and I can't see anything that would violate Bitbucket's restricted commands clearly - the volumes seem fine as they use absolute value for directory etc.:
Full list of restricted commands
The security of your data is really important to us, especially when you are trusting it to the cloud. To keep everybody safe we've restricted the following:
For docker container run/docker run we don't allow:
--cap-add
--device
--ipc
--mount
--pid
--privileged
--security-opt
--userns
--uts
--volume, -v (other than /opt/atlassian/bitbucketci/agent/build/.* or /opt/atlassian/pipelines/agent/build/.*)
For docker container update/docker update we don't allow:
--devices
For docker container exec/docker exec we don't allow:
--privileged
For docker image build / docker build we don't allow:
--security-opt
why are mount's not allowed 🤔 ? sam local invoke requires mounts. I need to double check for sam local start-lambda
Description:
Running sam local start-lambda in a Bitbucket pipeline to then run cfn test for my cloudformation hooks. I am trying to test the hooks before deploying.
Have tried all combinations of following flags:
Steps to reproduce:
Have valid Cloudformation hook.
Bitbucket pipeline:
Then, main commands:
nohup sam local start-lambda --debug --host 0.0.0.0 -l /sam-background.log > /sam-background-all.log &
pipenv run cfn test -v --region [REDACTED REDGION] || echo "sam log------>" && cat /sam-background.log
Observed result:
Expected result:
PASSED function tests.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
Using public.ecr.aws/sam/build-python3.9:latest for Bitbucket pipeline base image, but have also tried base python image.