Apologies for using the same title, but this issue is very similar to https://github.com/spring-projects/spring-boot/issues/22840, but with a different error message. The error is mentioned in comments but not resolved, so I opened another issue.
I cloned the gs-spring-boot-docker project in bitbucket and set up a pipeline which can be seen here:
https://bitbucket.org/lukeway/gs-spring-boot-docker/addon/pipelines/home#!/results/2
Maven error:
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.4.2:build-image (default-cli) on project spring-boot-docker: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.4.2:build-image failed: Docker API call to 'localhost:2375/v1.24/containers/create' failed with status code 403 "Forbidden" -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.4.2:build-image (default-cli) on project spring-boot-docker: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.4.2:build-image failed: Docker API call to 'localhost:2375/v1.24/containers/create' failed with status code 403 "Forbidden"
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.4.2:build-image failed: Docker API call to 'localhost:2375/v1.24/containers/create' failed with status code 403 "Forbidden"
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:148)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.springframework.boot.buildpack.platform.docker.transport.DockerEngineException: Docker API call to 'localhost:2375/v1.24/containers/create' failed with status code 403 "Forbidden"
at org.springframework.boot.buildpack.platform.docker.transport.HttpClientTransport.execute (HttpClientTransport.java:156)
at org.springframework.boot.buildpack.platform.docker.transport.HttpClientTransport.execute (HttpClientTransport.java:136)
at org.springframework.boot.buildpack.platform.docker.transport.HttpClientTransport.post (HttpClientTransport.java:108)
at org.springframework.boot.buildpack.platform.docker.DockerApi$ContainerApi.createContainer (DockerApi.java:302)
at org.springframework.boot.buildpack.platform.docker.DockerApi$ContainerApi.create (DockerApi.java:293)
at org.springframework.boot.buildpack.platform.build.Lifecycle.createContainer (Lifecycle.java:180)
at org.springframework.boot.buildpack.platform.build.Lifecycle.run (Lifecycle.java:160)
at org.springframework.boot.buildpack.platform.build.Lifecycle.execute (Lifecycle.java:119)
at org.springframework.boot.buildpack.platform.build.Builder.executeLifecycle (Builder.java:193)
at org.springframework.boot.buildpack.platform.build.Builder.build (Builder.java:103)
at org.springframework.boot.maven.BuildImageMojo.buildImage (BuildImageMojo.java:181)
at org.springframework.boot.maven.BuildImageMojo.execute (BuildImageMojo.java:171)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:193)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Bitbucket docker log:
time="2021-03-11T14:42:07.996075912Z" level=error msg="AuthZRequest for POST /v1.24/containers/create returned error: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories"
There are a few errors farther up, I'm not sure if they are related.
This sample project uses Spring Boot 2.4.2, but I originally encountered in a different project that is running 2.3.9.
Comment From: wilkinsona
I'm not sure that we'll be able to do anything about this in Boot as using the pack CLI in a Bitbucket pipeline fails in the same way:
./pack build test_image --path demo.jar --builder paketobuildpacks/builder:base
…
ERROR: failed to build: executing lifecycle: failed to create 'creator' container: Error response from daemon: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories
Docker log:
mkdir: can't create directory '/certs/ca': Read-only file system
genrsa: Can't open "/certs/ca/key.pem" for writing, No such file or directory
Can't open /certs/ca/key.pem for reading, No such file or directory
140053264993096:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/certs/ca/key.pem','r')
140053264993096:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load Private Key
time="2021-03-11T19:32:31.424809381Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
time="2021-03-11T19:32:31.425010469Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"
time="2021-03-11T19:32:31.593588315Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
time="2021-03-11T19:32:31.599295209Z" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
time="2021-03-11T19:32:31.607438568Z" level=warning msg="failed to load plugin io.containerd.internal.v1.opt" error="mkdir /opt/containerd: read-only file system"
time="2021-03-11T19:32:31.624946420Z" level=warning msg="unable to modify root key limit, number of containers could be limited by this quota: open /proc/sys/kernel/keys/root_maxkeys: no such file or directory"
time="2021-03-11T19:32:31.682224756Z" level=warning msg="Your kernel does not support cgroup rt period"
time="2021-03-11T19:32:31.682293870Z" level=warning msg="Your kernel does not support cgroup rt runtime"
time="2021-03-11T19:32:31.682306763Z" level=warning msg="Your kernel does not support cgroup blkio weight"
time="2021-03-11T19:32:31.682311772Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"
time="2021-03-11T19:32:31.691684818Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nlsmod: /proc/modules: No such file or directory\nip: can't find device 'br_netfilter'\nlsmod: /proc/modules: No such file or directory\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
time="2021-03-11T19:32:31.808238666Z" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled" storage-driver=overlay2
time="2021-03-11T19:32:44Z" level=info msg="Pipelines plugin request authorization." allowed=true method=POST plugin=pipelines uri="/v1.38/images/create?fromImage=paketobuildpacks%2Fbuilder&tag=base"
time="2021-03-11T19:32:56Z" level=info msg="Pipelines plugin request authorization." allowed=true method=GET plugin=pipelines uri=/v1.38/info
time="2021-03-11T19:32:56Z" level=info msg="Pipelines plugin request authorization." allowed=true method=GET plugin=pipelines uri="/v1.38/images/index.docker.io/paketobuildpacks/builder:base/json"
time="2021-03-11T19:32:57Z" level=info msg="Pipelines plugin request authorization." allowed=true method=POST plugin=pipelines uri="/v1.38/images/create?fromImage=paketobuildpacks%2Frun&tag=base-cnb"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=GET plugin=pipelines uri=/v1.38/info
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=GET plugin=pipelines uri="/v1.38/images/index.docker.io/paketobuildpacks/run:base-cnb/json"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=POST plugin=pipelines uri="/v1.38/images/load?quiet=1"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=GET plugin=pipelines uri=/v1.38/images/5453e4ac360e8611030997524cd56cad8648e42215a86d7d510a43df3cade6fb/json
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=POST plugin=pipelines uri="/v1.38/images/sha256:5453e4ac360e8611030997524cd56cad8648e42215a86d7d510a43df3cade6fb/tag?repo=pack.local%2Fbuilder%2F7768676b797861746b73&tag=latest"
time="2021-03-11T19:32:59Z" level=info msg="Container create request." ArgsEscaped=false AttachStderr=false AttachStdin=false AttachStdout=false ExposedPorts="map[]" Healthcheck="<nil>" Labels="map[author:pack]" MacAddress= NetworkDisabled=false OnBuild="[]" OpenStdin=false StdinOnce=false StopSignal= StopTimeout="<nil>" Tty=false plugin=pipelines
time="2021-03-11T19:32:59Z" level=info msg="Container create request." AutoRemove=false BlkioDeviceReadBps="[]" BlkioDeviceReadIOps="[]" BlkioDeviceWriteBps="[]" BlkioDeviceWriteIOps="[]" BlkioWeight=0 BlkioWeightDevice="[]" CPUCount=0 CPUPercent=0 CPUPeriod=0 CPUQuota=0 CPURealtimePeriod=0 CPURealtimeRuntime=0 CPUShares=0 CapAdd="[]" CapDrop="[]" Capabilities="[]" Cgroup= CgroupParent= ConsoleSize="[0 0]" ContainerIDFile= CpusetCpus= CpusetMems= DNS="[]" DNSOptions="[]" DNSSearch="[]" DeviceCgroupRules="[]" Devices="[]" ExtraHosts="[]" GroupAdd="[]" IOMaximumBandwidth=0 IOMaximumIOps=0 Init="<nil>" IpcMode= Isolations= KernelMemory=0 Links="[]" LogConfig="{ map[]}" MaskedPaths="[]" Memory=0 MemoryReservation=0 MemorySwap=0 MemorySwappiness="<nil>" Mounts="[]" NanoCPUs=0 NetworkMode=default OomKillDisable="<nil>" OomScoreAdj=0 PidMode= PidsLimit="<nil>" PortBindings="map[]" Privileged=false PublishAllPorts=false ReadOnlyPaths="[]" RestartPolicy="{ 0}" Runtime= SecurityOpt="[]" ShmSize=0 StorageOpt="map[]" Sysctls="map[]" Ulimits="[]" UsernsMode= VolumeDriver= VolumesFrom="[]" plugin=pipelines
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=false method=POST plugin=pipelines uri=/v1.38/containers/create
time="2021-03-11T19:32:59.563374873Z" level=error msg="AuthZRequest for POST /v1.38/containers/create returned error: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=DELETE plugin=pipelines uri="/v1.38/volumes/pack-layers-vhulnifepn?force=1"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=DELETE plugin=pipelines uri="/v1.38/volumes/pack-app-kcdzzaqtfw?force=1"
time="2021-03-11T19:32:59Z" level=info msg="Pipelines plugin request authorization." allowed=true method=DELETE plugin=pipelines uri="/v1.38/images/pack.local/builder/7768676b797861746b73:latest?force=1&noprune=1"
It's a shame that the error message doesn't describe the problem with -v in more detail. It would be useful to know exactly what was being mounted and where it was being mounted to help to narrow down the problem in the builder.
Comment From: lukeway
I spent some time trying to figure it out or find a work around without making much headway. I think I will just do this outside of BitBucket pipelines.
For posterity, here is what I looked into:
Trying to use pack cli in a container:
docker run -v $PWD/target:/workspace -w /workspace buildpacksio/pack build my_image --path app.jar --builder paketobuildpacks/builder:base
I'm not sure if I'm using that correctly, though. I also tried --builder gcr.io/paketo-buildpacks/spring-boot, not clear on the difference. In any case, I ran into an error complaining that app.jar must be a directory or zip, and I think it's because app.jar is executable. I need this for another part of my build. I didn't want to build twice, and I also didn't like running this way in general, so I tried another option (below). Someone else may make further progress, but I suspect it may run into the same issue below.
I then tried running spring-boot:build-image within a container:
docker run --rm -v ${PWD}:/usr/src/app -v ${HOME}/.m2:/root/.m2 -w /usr/src/app maven:3-jdk-8 mvn -e -B spring-boot:build-image -Dspring-boot.build-image.imageName=my_image
However, this gave me the exact same error as the original issue:
docker: Error response from daemon: authorization denied by plugin pipelines: -v only supports $BITBUCKET_CLONE_DIR and its subdirectories.
Oh well.
Comment From: jromero
@wilkinsona
FWIW, we intend on addressing this for pack by allowing the configuration of cache. See https://github.com/buildpacks/rfcs/pull/149