Error while creating SpringBoot CDS image in Bitbucket Pipelines

[TMRGZ]

Expected Behavior

Everything works and the Docker image is built using CDS

Current Behavior

[INFO]     [creator]     ===> DETECTING
[INFO]     [creator]     target distro name/version labels not found, reading /etc/os-release file
[INFO]     [creator]     target distro name/version labels not found, reading /etc/os-release file
[INFO]     [creator]     4 of 7 buildpacks participating
[INFO]     [creator]     bellsoft/buildpacks/liberica     1.1.0
[INFO]     [creator]     paketo-buildpacks/syft           1.47.0
[INFO]     [creator]     paketo-buildpacks/executable-jar 6.10.0
[INFO]     [creator]     paketo-buildpacks/spring-boot    5.30.0
[INFO]     [creator]     ===> RESTORING
[INFO]     [creator]     ===> BUILDING
[INFO]     [creator]     target distro name/version labels not found, reading /etc/os-release file
[INFO]     [creator]     
[INFO]     [creator]     Paketo Buildpack for BellSoft Liberica JDK Lite and Native Image Kit 1.1.0
[INFO]     [creator]       https://github.com/bell-sw/buildpacks/liberica
[INFO]     [creator]       Build Configuration:
[INFO]     [creator]         $BP_JVM_JLINK_ARGS           --no-man-pages --no-header-files --strip-debug --compress=1  configure custom link arguments (--output must be omitted)
[INFO]     [creator]         $BP_JVM_JLINK_ENABLED        false                                                        enables running jlink tool to generate custom JRE
[INFO]     [creator]         $BP_JVM_TYPE                 JRE                                                          the JVM type - JDK or JRE
[INFO]     [creator]         $BP_JVM_VERSION              21                                                           the Java version
[INFO]     [creator]       Launch Configuration:
[INFO]     [creator]         $BPL_DEBUG_ENABLED           false                                                        enables Java remote debugging support
[INFO]     [creator]         $BPL_DEBUG_PORT              8000                                                         configure the remote debugging port
[INFO]     [creator]         $BPL_DEBUG_SUSPEND           false                                                        configure whether to suspend execution until a debugger has attached
[INFO]     [creator]         $BPL_HEAP_DUMP_PATH                                                                       write heap dumps on error to this path
[INFO]     [creator]         $BPL_JAVA_NMT_ENABLED        true                                                         enables Java Native Memory Tracking (NMT)
[INFO]     [creator]         $BPL_JAVA_NMT_LEVEL          summary                                                      configure level of NMT, summary or detail
[INFO]     [creator]         $BPL_JFR_ARGS                                                                             configure custom Java Flight Recording (JFR) arguments
[INFO]     [creator]         $BPL_JFR_ENABLED             false                                                        enables Java Flight Recording (JFR)
[INFO]     [creator]         $BPL_JMX_ENABLED             false                                                        enables Java Management Extensions (JMX)
[INFO]     [creator]         $BPL_JMX_PORT                5000                                                         configure the JMX port
[INFO]     [creator]         $BPL_JVM_HEAD_ROOM           0                                                            the headroom in memory calculation
[INFO]     [creator]         $BPL_JVM_LOADED_CLASS_COUNT  35% of classes                                               the number of loaded classes in memory calculation
[INFO]     [creator]         $BPL_JVM_THREAD_COUNT        250                                                          the number of threads in memory calculation
[INFO]     [creator]         $JAVA_TOOL_OPTIONS                                                                        the JVM launch flags
[INFO]     [creator]         Using Java version 21 from BP_JVM_VERSION
[INFO]     [creator]       BellSoft Liberica JRE (musl) 21.0.3: Contributing to layer
[INFO]     [creator]         Downloading from https://packages.bell-sw.com/alpaquita/java/21.0.3+10/bellsoft-jre21.0.3+10-linux-x64-musl-lite.tar.gz
[INFO]     [creator]         Verifying checksum
[INFO]     [creator]         Expanding to /layers/bellsoft_buildpacks_liberica/jre
[INFO]     [creator]         Adding 147 container CA certificates to JVM truststore
[INFO]     [creator]         Writing env.build/JAVA_HOME.default
[INFO]     [creator]         Writing env.build/JRE_HOME.default
[INFO]     [creator]         Writing env.launch/BPI_APPLICATION_PATH.default
[INFO]     [creator]         Writing env.launch/BPI_JVM_CACERTS.default
[INFO]     [creator]         Writing env.launch/BPI_JVM_CLASS_COUNT.default
[INFO]     [creator]         Writing env.launch/BPI_JVM_SECURITY_PROVIDERS.default
[INFO]     [creator]         Writing env.launch/JAVA_HOME.default
[INFO]     [creator]         Writing env.launch/JAVA_TOOL_OPTIONS.append
[INFO]     [creator]         Writing env.launch/JAVA_TOOL_OPTIONS.delim
[INFO]     [creator]         Writing env.launch/MALLOC_ARENA_MAX.default
[INFO]     [creator]       Launch Helper: Contributing to layer
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/java-opts
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/jvm-heap
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/link-local-dns
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/memory-calculator
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/security-providers-configurer
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/jmx
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/jfr
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/openssl-certificate-loader
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/security-providers-classpath-9
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/debug-9
[INFO]     [creator]         Creating /layers/bellsoft_buildpacks_liberica/helper/exec.d/nmt
[INFO]     [creator]       Java Security Properties: Contributing to layer
[INFO]     [creator]         Writing env.launch/JAVA_SECURITY_PROPERTIES.default
[INFO]     [creator]         Writing env.launch/JAVA_TOOL_OPTIONS.append
[INFO]     [creator]         Writing env.launch/JAVA_TOOL_OPTIONS.delim
[INFO]     [creator]     
[INFO]     [creator]     Paketo Buildpack for Syft 1.47.0
[INFO]     [creator]       https://github.com/paketo-buildpacks/syft
[INFO]     [creator]         Downloading from https://github.com/anchore/syft/releases/download/v0.105.1/syft_0.105.1_linux_amd64.tar.gz
[INFO]     [creator]         Verifying checksum
[INFO]     [creator]         Writing env.build/SYFT_CHECK_FOR_APP_UPDATE.default
[INFO]     [creator]     
[INFO]     [creator]     Paketo Buildpack for Executable JAR 6.10.0
[INFO]     [creator]       https://github.com/paketo-buildpacks/executable-jar
[INFO]     [creator]       Command "packages" is deprecated, use `syft scan` instead
[INFO]     [creator]       Class Path: Contributing to layer
[INFO]     [creator]         Writing env/CLASSPATH.delim
[INFO]     [creator]         Writing env/CLASSPATH.prepend
[INFO]     [creator]       Process types:
[INFO]     [creator]         executable-jar: java org.springframework.boot.loader.launch.JarLauncher (direct)
[INFO]     [creator]         task:           java org.springframework.boot.loader.launch.JarLauncher (direct)
[INFO]     [creator]         web:            java org.springframework.boot.loader.launch.JarLauncher (direct)
[INFO]     [creator]     
[INFO]     [creator]     Paketo Buildpack for Spring Boot 5.30.0
[INFO]     [creator]       https://github.com/paketo-buildpacks/spring-boot
[INFO]     [creator]       Build Configuration:
[INFO]     [creator]         $BPL_JVM_CDS_ENABLED                 false  whether to enable CDS optimizations at runtime
[INFO]     [creator]         $BPL_SPRING_AOT_ENABLED              false  whether to enable Spring AOT at runtime
[INFO]     [creator]         $BP_JVM_CDS_ENABLED                  true   whether to enable CDS & perform JVM training run
[INFO]     [creator]         $BP_SPRING_AOT_ENABLED               true   whether to enable Spring AOT
[INFO]     [creator]         $BP_SPRING_CLOUD_BINDINGS_DISABLED   false  whether to contribute Spring Boot cloud bindings support
[INFO]     [creator]         $BP_SPRING_CLOUD_BINDINGS_VERSION    1      default version of Spring Cloud Bindings library to contribute
[INFO]     [creator]       Launch Configuration:
[INFO]     [creator]         $BPL_SPRING_CLOUD_BINDINGS_DISABLED  false  whether to auto-configure Spring Boot environment properties from bindings
[INFO]     [creator]         $BPL_SPRING_CLOUD_BINDINGS_ENABLED   true   Deprecated - whether to auto-configure Spring Boot environment properties from bindings
[INFO]     [creator]       Spring Cloud Bindings 2.0.3: Contributing to layer
[INFO]     [creator]         Downloading from https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-bindings/2.0.3/spring-cloud-bindings-2.0.3.jar
[INFO]     [creator]         Verifying checksum
[INFO]     [creator]         Copying to /layers/paketo-buildpacks_spring-boot/spring-cloud-bindings
[INFO]     [creator]       Performance: Contributing to layer
[INFO]     [creator]         Extracting Jar
[INFO]     [creator]     unable to invoke layer creator
[INFO]     [creator]     unable to contribute spring-cds layer
[INFO]     [creator]     error resetting file times
[INFO]     [creator]     chtimes .: operation not permitted
[INFO]     [creator]     ERROR: failed to build: exit status 1
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  47.682 s
[INFO] Finished at: 2024-07-18T12:03:37Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:3.3.1:build-image (default-cli) on project oikos-api: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:3.3.1:build-image failed: Builder lifecycle 'creator' failed with status code 51 -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException

Possible Solution

Document if a Bitbucket runner image is not supported and if there is a workaround

Steps to Reproduce

1. Generate a Spring Boot project
2. Use the build-image spring boot plugin with a configuration using CDS

Motivations

I want to give developers the availability to create different kinds of Docker images preconfigured in the company parent pom (Standard, Native, CDS and Crac if it's supported in the future). Standard and native work, but CDS gives me this problem

Additional

I have already implemented another workarounds to make the build-image work in Bitbucket Pipelines

• Setting DOCKER_HOST=tcp://172.17.0.1:2375 just before executing the plugin
• Setting this Maven configs

  <configuration>
        <docker>
          <bindHostToBuilder>true</bindHostToBuilder>
        </docker>
        <image>
          <builder>paketobuildpacks/builder-jammy-tiny:latest</builder>
          <env>
            <BP_JVM_VERSION>${java.version}</BP_JVM_VERSION>
          </env>
          <securityOptions/>
          <buildWorkspace>
            <bind>
              <source>/opt/atlassian/bitbucketci/agent/build/cache-${project.artifactId}.work
              </source>
            </bind>
          </buildWorkspace>
          <buildCache>
            <bind>
              <source>/opt/atlassian/bitbucketci/agent/build/cache-${project.artifactId}.build
              </source>
            </bind>
          </buildCache>
          <launchCache>
            <bind>
              <source>/opt/atlassian/bitbucketci/agent/build/cache-${project.artifactId}.launch
              </source>
            </bind>
          </launchCache>
        </image>
        <excludes>
          <exclude>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
          </exclude>
        </excludes>
      </configuration>

[anthonydahanne]

well, you have pretty much answered your question: for CDS, it's not an option to reset all files used during the training run to the same epoch that the layer is generated on; in this case, 1980-1-1.

So that means the buildpack needs write access to the workspace at buildtime...

If there's a way to relax the permissions in the build container of your CI, I guess it would solve your issue; we have testimonies of people using this new feature successfully in other CI systems (at least we tested with Github Actions during development)

[TMRGZ]

Investigating I found this issue related to the permissions of the workspace directory, seems that Bitbucket restricts the access by default

https://github.com/buildpacks/community/discussions/229

I'll try if just changing the folder permissions works in my case.

Also just to confirm, the files that are being reset are located in the /workspace folder? There is any documentation about what's happening in the CDS process?