search

paketo-buildpacks / builder-jammy-base

A Cloud Native Buildpacks (CNB) builder with the Paketo Jammy Jellyfish Base stack and Paketo buildpacks.
Apache License 2.0
19 stars 9 forks source link

Tekton Pipeline Migrating From paketobuildpacks/builder:base To paketobuildpacks/builder-jammy-base #430

Open lhmoraes opened 8 months ago

lhmoraes commented 8 months ago

The Tekton pipeline was working fine until the migration to Jammy. The only pipeline code changed was the image builder name.

  1. On the "buildpacks" (https://hub.tekton.dev/tekton/task/buildpacks) task the "prepare" step works fine and I can see the permissions being applied:
> Setting permissions on '/workspace/cache'...
> Setting permissions on '/tekton/home'...
> Setting permissions on '/layers'...
> Setting permissions on '/workspace/source'...
> Parsing additional configuration...
-> Parsing env variables...
> Processing any environment variables...
--> Creating 'env' directory: /platform/env
--> Writing /platform/env/BP_NATIVE_IMAGE...
--> Writing /platform/env/BP_JVM_VERSION...
--> Writing /platform/env/BP_GRADLE_BUILD_ARGUMENTS...
--> Writing /platform/env/BP_GRADLE_BUILT_ARTIFACT...
--> Writing /platform/env/REPOSITORY_NAME...
--> Writing /platform/env/REPOSITORY_URL...
--> Writing /platform/env/REPOSITORY_USERNAME...
--> Writing /platform/env/REPOSITORY_PASSWORD...
  1. Then the second task "create" fails with the error below:
2024/02/10 19:44:47 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/": unable to create destination directory: mkdir /.docker: permission denied

ERROR: failed to set environment for user 1000: user: unknown userid 1000
lhmoraes commented 8 months ago

In my research I found that the Jammy buildpack uses two users, 1000 to setup the environment and 1001 to perform the image build. So, I changed the Tekton pipeline, but I'm keep getting the error below. Please, could someone tell me what is missing in my Pipeline script?

2024/02/11 04:13:19 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/": unable to create destination directory: mkdir /.docker: permission denied

ERROR: failed to exec as user 1001:1000: operation not permitted
lhmoraes commented 8 months ago

Hi team, please any help or clue where I'm missing in my pipeline to support Jammy ?

MRIsele commented 2 months ago

I stumbled into the same problem. The issue seems to be that the securityContext in the tekton buildpacks task is set to runAsUser: 1000. This is fine for the bionic-based stack. However, as you have pointed out, the jammy-based stack uses the build user 1001. For me, the solution was to modify the securityContext of the given tekton buildpacks task accordingly and deploying it as a custom task via kubectl apply.