jekyll binary not found in docker images when run with jekyll:jekyll

envygeeks / jekyll-docker

⛴ Docker images, and CI builders for Jekyll.

ISC License

998 stars 283 forks source link

jekyll binary not found in docker images when run with jekyll:jekyll #304

Open sdanieru opened 3 years ago

sdanieru commented 3 years ago

Hi, I'm attempting to utilize the jekyll/jekyll or jekyll/builder images in a Jenkins pipeline. Jenkins starts the container with UID 1000, which is mapped internally to a 'jekyll' user, but when I attempt to run any jekyll commands in the container, I see this, e.g.:

$ jekyll -v /usr/jekyll/bin/jekyll: exec: line 14: /usr/local/bundle/bin/jekyll: not found

Some local testing shows that if a user isn't specified when starting either container, the images default to the root user, and jekyll works, but running the containers with root is bad practice for security reasons.

A quick glance at the Dockerfile would suggest that the intention at least is to setup a jekyll user and group. Is there a reason why these images are using root instead of jekyll:jekyll?

How can I successfully use these images with jekyll:jekyll?

envygeeks commented 3 years ago

This image adheres to security best practices, that's why the jekyll user exists. The root at boot is necessary and required so that the image can adjust permissions and install any necessary dependencies when needed, however the image will drop permissions and launch jekyll itself as the Jekyll user without sudo, or root permissions as soon as it's done with it's work.

sdanieru commented 3 years ago

Thanks for the explanation @envygeeks; it's interesting that when I start the image w/ the bash command, it drops me into a root shell. That's why I thought it was using root user in the container.

What then is the proper way to use the Jekyll images in a Jenkins pipeline? Taking a simple case like so:

pipeline {
    agent {
        docker { image 'jekyll/builder' }
    }
    stages {
        stage('Test') {
            steps {
                sh 'jekyll -v'
            }
        }
    }
}

returns:

+ jekyll -v
/usr/jekyll/bin/jekyll: exec: line 14: /usr/local/bundle/bin/jekyll: not found

sdanieru commented 3 years ago

when I run it with root, it works:

pipeline {
    agent {
        docker { 
            image 'jekyll/builder' 
            args "-u root:root"
        }
    }
    stages {
        stage('Test') {
            steps {
                sh 'jekyll -v'
            }
        }
    }
}

+ jekyll -v
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux-musl]
jekyll 4.2.0

envygeeks commented 3 years ago

You don’t need the root:root as well drop permissions ourselves when we build.

mjforan commented 10 months ago

Taking a look at /usr/jekyll/bin/jekyll, it is trying to run the executable before it is installed. To get around this I added one step before jekyll: sh 'bundle install'.