search

jfrog / jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.
https://www.jfrog.com/confluence/display/CLI/JFrog+CLI
Apache License 2.0
525 stars 223 forks source link

JF Docker Image - couldn't find plexus-classworlds-x.x.x.jar, please check M2_HOME #1956

Open Nereis opened 1 year ago

Nereis commented 1 year ago

Describe the bug

On our jenkins, we are using the jf docker image to handle xray audit. Apparently form version 2.37.0 but confirmed on version 2.37.1, we start to have the following error on multiples builds

[Error] audit failed while building maven dependency tree:
couldn't find plexus-classworlds-x.x.x.jar in Maven installation path, please check M2_HOME environment variable

We rollback to 2.36.1 and behavior is back to normal.

I tried to reproduce it locally without running on top of Jenkins & OKD and it works fine.

Current behavior

2.37.1

jf audit
06:02:56 [Info] JFrog Xray version is: 3.69.3
06:02:56 [Info] Auditing project...
06:02:56 [Info] Detected: maven.
06:02:56 [Info] The build-info-extractor jar is not cached locally. Downloading it now...
You can set the repository from which this jar is downloaded.
Read more about it at https://jfrog.com/help/r/jfrog-cli/downloading-the-maven-and-gradle-extractor-jars
06:02:56 [Info] Downloading build-info-extractor from https://releases.jfrog.io/artifactory/oss-release-local/org/jfrog/buildinfo/build-info-extractor-maven3/2.39.9/build-info-extractor-maven3-2.39.9-uber.jar
06:02:59 [Error] audit failed while building maven dependency tree:
couldn't find plexus-classworlds-x.x.x.jar in Maven installation path, please check M2_HOME environment variable

Reproduction steps

It most likely will be complicated since we are running Jenkins on a OKD cluster but basically

Expected behavior

2.36.1

jf audit
06:19:51 [Info] Auditing project: 
06:19:51 [Info] Detected: maven.
06:19:51 [Info] The build-info-extractor jar is not cached locally. Downloading it now...
You can set the repository from which this jar is downloaded. Read more about it at https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory#CLIforJFrogArtifactory-DownloadingtheMavenandGradleExtractorJARs
06:19:51 [Info] Downloading build-info-extractor from https://releases.jfrog.io/artifactory/oss-release-local/org/jfrog/buildinfo/build-info-extractor-maven3/2.39.8/build-info-extractor-maven3-2.39.8-uber.jar
06:19:55 [Info] Running Mvn...
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger - Scanning for projects...
[main] INFO org.jfrog.build.extractor.maven.BuildInfoRecorder - Initializing Artifactory Build-Info Recording
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger - 
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger - ----------------------< ch.toto:artifactory-test >----------------------
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger - Building artifactory-test v1
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger -   from pom.xml
[main] INFO org.apache.maven.cli.event.ExecutionEventLogger - --------------------------------[ jar ]---------------------------------
[main] INFO org.apache.maven.cli.transfer.Slf4jMavenTransferListener - Downloading from central: 
...

JFrog CLI version

2.37.1

Operating system type and version

Jenkins 2.387.3 running on OKD 4

JFrog Artifactory version

7.55.8

JFrog Xray version

3.69.3

Nereis commented 1 year ago

We saw that the M2_HOME is defined in the docker image. We tried to add it manually on Jenkins side in case it was now added in a bashrc not loaded by jenkins but no luck.

yahavi commented 1 year ago

Thanks for reporting this issue, @Nereis! We couldn't reproduce this issue. Could you please share the value of your configured M2_HOME? Is it possible to try unsetting it? We also made some improvements in the latest JFrog CLI v2.37.2. Could you please try using the latest version?

We'd looking forward for your feedback.

Nereis commented 1 year ago

Hi,

We tried the 2.37.2 this morning and same results.

By default, we doesn't provide any M2_HOME on Jenkins since we are using podtemplate and installation should come out of the box within the docker image. When we tried to set the M2_HOME to the same value configured in the docker image, it didn't helped 

environment {
    M2_HOME = '/home/frogger/.sdkman/candidates/maven/current'
}
Nereis commented 12 months ago

We tried again on 2.46.2 and we have the same issue. Any update?

Our best guess would be a permission issue due OKD/Jenkins where root is not allowed. Did you try to reproduce the issue on a jenkins using Kubernetes without root allowed?

Nereis commented 12 months ago

That's it. Running the image on OKD without root thus having another securitycontext blow up the permission. We were able to bypass it by extending your image and update the permission 

RUN chgrp -R 0 /home/frogger/ && \
    chmod -R g=u /home/frogger/

Could you fix the docker image?