I have a Gitlab pipeline that builds my Docker image from a Dockerfile, but when the "docker build" command fails, the pipeline still reports a success.
build:
stage: build
script:
- docker build --no-cache -t $CI_REGISTRY/dockerfile:$CONTAINER_LABEL .
I've added an error to my Dockerfile so I can provoke an error:
FROM ubuntu:20.04
RUN not_a_real_command_that_should_fail
The pipeline runs:
Running with gitlab-runner 14.0.1 (c1edb478)
on ******* Cy33WtLD
Preparing the "shell" executor
00:00
Using Shell executor...
Preparing environment
00:01
Running on **********...
Getting source from Git repository
00:04
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in C:/gitlab-runner/builds/Cy33WtLD/0/dockerfile/.git/
Checking out 999a815d as fix_pipeline_status...
git-lfs/2.13.2 (GitHub; windows amd64; go 1.14.13; git fc664697)
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:03
$ docker build --no-cache -t $CI_REGISTRY/dockerfile:$CONTAINER_LABEL .
#1 [internal] load build definition from Dockerfile
#1 sha256:c544637cbaca3e93c2a8a8c00efd4f81ee45b1abd410d971af12de8dae21e8ea
#1 transferring dockerfile: 3.04kB done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 sha256:ab745a167b371ba5e9380063cb278a7792a5838550b89f02f35d7f6a583fb548
#2 transferring context: 2B done
#2 DONE 0.0s
#3 [internal] load metadata for docker.io/library/ubuntu:20.04
#3 sha256:8e67b796a66f85f06793e026943184e32d365c77929e94d2ac98b34a1e1cb30e
#3 DONE 0.6s
#4 [ 1/17] FROM docker.io/library/ubuntu:20.04#sha256:9d6a8699fb5c9c39cf08a0871bd6219f0400981c570894cd8cbea30d3424a31f
#4 sha256:c8b7f784dc481f981cf0bc39c4d4e60a54a355d96ca108a13ffffa3bfa047067
#4 CACHED
#20 [internal] load build context
#20 sha256:d12ef8e847404a2cc9437d8099f4b73f215c48eb92002e759a5f264989ae3ace
#20 transferring context: 92B 0.0s done
#20 DONE 0.0s
#5 [ 2/17] RUN not_a_real_command_that_should_fail
#5 sha256:724c85340f260555ab116f9064ba3c7a2c16fe0af059ef5226df31545b30ddb6
#5 0.485 /bin/sh: 1: not_a_real_command_that_should_fail: not found
#5 ERROR: executor failed running [/bin/sh -c not_a_real_command_that_should_fail]: exit code: 127
------
> [ 2/17] RUN not_a_real_command_that_should_fail:
------
executor failed running [/bin/sh -c not_a_real_command_that_should_fail]: exit code: 127
Cleaning up file based variables
00:01
Job succeeded
The exit code is 127, I've added a -after_stage step to print out the return code "echo $?" and get "true" result back. Seems like this should be sufficient for the command to trigger a failure in the pipeline.
The gitlab-runner is a shell executor on a Windows-machine, if that matters.
Any suggestions?
1 - Gitlab issue
There is a bug for gitlab runner versions prior to 13.1.1 :
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26347
Where job is always successful when FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY is set to False
Solution seems to be updating.
2 - Script issue
Try to force exit 1 on error with
build:
stage: build
script:
- docker build --no-cache -t $CI_REGISTRY/dockerfile:$CONTAINER_LABEL . || exit 1
Edit 1
By default, Powershell continues its execution.
You can set those variables :
job:
stage: build
variables:
ErrorActionPreference: stop
script:
- docker build --no-cache -t $CI_REGISTRY/dockerfile:$CONTAINER_LABEL .
Please see this issue on github for more information :
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4683
After moving the pipeline to a gitlab-runner on a Ubuntu machine the pipeline fails as expected. Assuming the Windows-Powershell exit-codes does not trigger correctly
Related
I am trying to build a docker image for my sample-go app.
I am running it from the sample-app folder itself and using the goland editor's terminal. But the build is failing and giving me certain errors.
My docker file looks like this:
FROM alpine:latest
RUN mkdir -p /src/build
WORKDIR /src/build
RUN apk add --no-cache tzdata ca-certificates
COPY ./configs /configs
COPY main /main
EXPOSE 8000
CMD ["/main"]
command for building:
docker build --no-cache --progress=plain - < Dockerfile
Error And Logs:
#1 [internal] load build definition from Dockerfile
#1 sha256:8bb9ee83603259cf748d90ce42602f12527fa720d7417da22799b2ad4e503497
#1 transferring dockerfile: 222B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 sha256:f93d938488588cd0e0a94d9d343fe69dcfd28d0cb1da95ad7aab00aac50235c3
#2 transferring context: 2B done
#2 DONE 0.0s
#3 [internal] load metadata for docker.io/library/alpine:latest
#3 sha256:13549c58a76bcb5dac9d52bc368a8fb6b5cf7659f94e3fa6294917b85546978d
#3 DONE 0.0s
#10 [1/6] FROM docker.io/library/alpine:latest
#10 sha256:d20daa00e252bfb345a1b4f53b6bb332aafe702d8de5e583a76fcd09ba7ea1c1
#10 CACHED
#7 [internal] load build context
#7 sha256:0f7a8a6082a837c139acc2855e1b745bba9f28cc96709d45cd0b7be42442c0e8
#7 transferring context: 2B done
#7 DONE 0.0s
#4 [2/6] RUN mkdir -p /src/build
#4 sha256:b9fa3007a44471d47414dd29b3ff07ead6af28ede820a2b4bae0ce84cf2c5a83
#4 CACHED
#5 [3/6] WORKDIR /src/build
#5 sha256:b2ec58a365fdd74c4f9030b0caff2e2225eea33617da306678ad037fce675388
#5 CACHED
#6 [4/6] RUN apk add --no-cache tzdata ca-certificates
#6 sha256:0966097abf956d5781bc2330d49cf715cd52c3807e8fedfff07dec50907ff03b
#6 CACHED
#9 [6/6] COPY main /main
#9 sha256:f4b81960427c014a020361bea0903728f289e1d796892fe0adc6409434f3ca76
#9 ERROR: "/main" not found: not found
#8 [5/6] COPY ./configs /configs
#8 sha256:630f272dd60dd307f40dbbdaef277ee0dfc24b71fa11e10a3b8efd64d3c05086
#8 ERROR: "/configs" not found: not found
#4 [2/6] RUN mkdir -p /src/build
#4 sha256:b9fa3007a44471d47414dd29b3ff07ead6af28ede820a2b4bae0ce84cf2c5a83
#4 DONE 0.2s
------
> [5/6] COPY ./configs /configs:
------
------
> [6/6] COPY main /main:
------
failed to compute cache key: "/main" not found: not found
PS: I am not able to find where is the problem? Help Please
The two folders /main and /configs does not exist.
The COPY command can't copy into this folders.
1. Solution
Create the folders on build
RUN mkdir -p /main
RUN mkdir -p /configs
And than use COPY
2. Solution
Try to build without COPY and CMD
Than run the the new image
exec into running container with bash or sh
Create the folders
Exit exec container
Create a new image of the running container with docker run commit
Stop the container and delete it
Build again with your new image and include COPY and CMD
This is a basic mistake.
COPY ./configs /configs: copy the folder configs from the host to the Docker image.
COPY main /main: copy the executable file main from the host to the Docker image.
The problems are:
The base Docker images do not have these folders /configs, /main. You must create them manually (Docker understood your command this way).
But I have some advice:
Create 2 Docker images for 2 purposes: build, production.
Copy the source code into Docker builder image which is use for building your app.
Copy necessary output files from the Docker builder image into the Docker production image.
In my case, the issue was the connected vpn/proxy network from my machine.
It worked after I disconnecting the vpn/proxy network.
In my case I missed the folder entry in .dockerignore file. Do something like that.
**/*
!docker-images
!configs
!main
I am running into a problem with buildkit and I cannot figure out which is the reason.
I have one Dockerfile using as base image sles OS and it tries to do some package installation via zypper. Everytime this step is executed, not cached, it takes years to complete.
This is a dummy Dockerfile for verification of this issue.
# syntax=docker/dockerfile:1.3
FROM registry.suse.com/suse/sles12sp4
RUN zypper search iproute2
This is execution when I enable Buildkit:
docker build --no-cache --progress=plain --pull -t test_zypper .
#1 [internal] load build definition from Dockerfile
#1 sha256:1e8bc50247fba08161184996db9e2b6bca36c339623376a360765244d9d3ed8b
#1 transferring dockerfile: 202B done
#1 DONE 0.0s
#2 [internal] load .dockerignore
#2 sha256:bfa4297d1f77b21d1d84347ff3f9c338cef560c9f5c8ef8f6843338b88a83178
#2 transferring context: 2B done
#2 DONE 0.0s
#3 resolve image config for docker.io/docker/dockerfile:1.3
#3 sha256:4fcd28d33487ad029eab28c03869fd56295f3902c713674c129a438f7a780653
#3 DONE 1.1s
#4 docker-image://docker.io/docker/dockerfile:1.3#sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
#4 sha256:7862c1373501a4a9cd96ccd04641bb1d96c86d034546e74fe74585e3dd12f952
#4 CACHED
#5 [internal] load build definition from Dockerfile
#5 sha256:adf8dd6b4b2604f820e4a4112252c8bfd5984ffa809d1fc7c5330e387575a53d
#5 DONE 0.0s
#6 [internal] load .dockerignore
#6 sha256:59c105584afe8ac8255febcea4650f6e8891b4b14fcdd7b93254039769df3828
#6 DONE 0.0s
#7 [internal] load metadata for registry.suse.com/suse/sles12sp4:latest
#7 sha256:30c143f62f5a593ad20fd34265d2933e13da97368f12f3e0c990b52851933dff
#7 DONE 0.5s
#8 [1/2] FROM registry.suse.com/suse/sles12sp4#sha256:06390bd3b9903f3d4bb1345deb7fc35e18af73de0263d0f4d5c619267bee2adf
#8 sha256:3d15a7aaf66ed6810de2347b0da9787e5a57b9c536d85ccc4b01e9eb5831bcc1
#8 CACHED
#9 [2/2] RUN zypper search iproute2
#9 sha256:17060fcd75740edd49881abc4d1b5a4f7de80f59cde5b2b6f32e97ff02bbc29d
#9 377.9 Refreshing service 'container-suseconnect-zypp'.
#9 556.7 Problem retrieving the repository index file for service 'container-suseconnect-zypp':
#9 556.7 [container-suseconnect-zypp|file:/usr/lib/zypp/plugins/services/container-suseconnect-zypp]
#9 556.7 Warning: Skipping service 'container-suseconnect-zypp' because of the above error.
#9 556.7 Loading repository data...
#9 556.7 Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed.
#9 556.7 Reading installed packages...
#9 556.7 No matching items found.
#9 ERROR: executor failed running [/bin/sh -c zypper search iproute2]: exit code: 104
------
> [2/2] RUN zypper search iproute2:
------
executor failed running [/bin/sh -c zypper search iproute2]: exit code: 104
This is execution when I don't enable Buildkit:
time docker build --no-cache --progress=plain --pull -t test_zypper .
Sending build context to Docker daemon 678.5MB
Step 1/2 : FROM registry.suse.com/suse/sles12sp4
latest: Pulling from suse/sles12sp4
Digest: sha256:06390bd3b9903f3d4bb1345deb7fc35e18af73de0263d0f4d5c619267bee2adf
Status: Image is up to date for registry.suse.com/suse/sles12sp4:latest
---> 3126dff9c7fd
Step 2/2 : RUN zypper search iproute2
---> Running in 3efe8a741628
Refreshing service 'container-suseconnect-zypp'.
Problem retrieving the repository index file for service 'container-suseconnect-zypp':
[container-suseconnect-zypp|file:/usr/lib/zypp/plugins/services/container-suseconnect-zypp]
Warning: Skipping service 'container-suseconnect-zypp' because of the above error.
Loading repository data...
Warning: No repositories defined. Operating only with the installed resolvables. Nothing can be installed.
Reading installed packages...
No matching items found.
The command '/bin/sh -c zypper search iproute2' returned a non-zero code: 104
real 0m23.972s
user 0m1.987s
sys 0m2.161s
It is not a problem of not having repositories as in my original Dockerfile it is all defined and it eventually works, but taking 20min or more each zypper command.
Is something wrong in my way to use buildkit??
Thanks in advance!
I'm trying to build a docker file with Pulumi. I have the following Pulumi code
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
imageName := "server"
_, err = docker.NewImage(ctx, imageName, &docker.ImageArgs{
ImageName: pulumi.Sprintf("gcr.io/gadic-310112/%s:latest", imageName),
SkipPush: pulumi.Bool(true),
Build: &docker.DockerBuildArgs{
Dockerfile: pulumi.String("Dockerfile"),
},
})
if err != nil {
return err
}
}
}
However, when I run pulumi preview I get the following error:
Diagnostics:
pulumi:pulumi:Stack (server-prod):
error: program failed: docker build -f Dockerfile . -t gcr.io/gadic-310112/server:latest failed with error: exit status 1
exit status 1
error: an unhandled error occurred: program exited with non-zero exit code: 1
docker:image:Image (server):
error: #1 [internal] load build definition from Dockerfile
#1 sha256:921a08a3c227abd8c3811effc689fa5319db237c32a4adf2b255007a51af9ef8
#1 transferring dockerfile: 2B 0.0s done
#1 DONE 0.0s
failed to solve with frontend dockerfile.v0: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount052159980/Dockerfile: no such file or directory
What's interesting is that it seems Pulumi is running docker build -f Dockerfile . -t gcr.io/gadic-310112/server:latest under the hood. And when I run that from my terminal it succeeds without any error.
❯❯❯ docker build -f Dockerfile . -t gcr.io/gadic-310112/server:latest
[+] Building 11.3s (16/18)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.87kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 34B 0.0s
....
It seems that Pulumi might be using a different working directory than the place where it's getting invoked from. Is that possible? Is there something else that might be going on?
I've noticed that if I don't include a Dockerfile in the DockerBuildArgs then the command generated by pulumi is docker build -f . -t gcr.io/gadic-310112/server:latest which is definitely incorrect. If I execute that command locally I get the following:
❮❮❮ docker build -f . -t gcr.io/gadic-310112/server:latest
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
EDIT: I also tried passing the absolute path to the folder containing my Dockerfile as the Context of the BuildArgs
Build: &docker.DockerBuildArgs{
Dockerfile: pulumi.String("Dockerfile"),
Context: pulumi.String("/Users/paymahn/gadic/server"),
},
and this still gets the same error as before, even though the underlying docker build command has an absolute path:
Diagnostics:
docker:image:Image (server):
error: #1 [internal] load build definition from Dockerfile
#1 sha256:16f11ab26c775f06385c0fde07864ed70b428d13662aa2be42823751fb5143f4
#1 transferring dockerfile: 2B 0.0s done
#1 DONE 0.1s
failed to solve with frontend dockerfile.v0: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount684750851/Dockerfile: no such file or directory
pulumi:pulumi:Stack (server-prod):
error: program failed: docker build -f Dockerfile /Users/paymahn/gadic/server -t gcr.io/gadic-310112/server:latest failed with error: exit status 1
exit status 1
error: an unhandled error occurred: program exited with non-zero exit code: 1
EDIT 2: Here's the layout of my files
/Users/paymahn/gadic/server/
infra/
main.go # this is the go program that pulumi runs
src/ # this is where the source code for my server lives
Dockerfile
Pulumi.yaml
Pulumi.prod.yaml # the pulumi stack config
go.sum
go.mod
.git/ # this is the root of my git repository
Your Pulumi projects builds inside your infra directory, not in the folder your Pulumi.yaml is in.
The Pulumi provider needs to know the path of the Dockerfile using the docker build context (more info about these here)
Adding the context should fix this:
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
imageName := "server"
_, err = docker.NewImage(ctx, imageName, &docker.ImageArgs{
ImageName: pulumi.Sprintf("gcr.io/gadic-310112/%s:latest", imageName),
SkipPush: pulumi.Bool(true),
Build: &docker.DockerBuildArgs{
Dockerfile: pulumi.String("Dockerfile"),
Context: "../", # note I'm adding the context here
},
})
if err != nil {
return err
}
}
}
I'm using # syntax = docker/dockerfile:experimental in my Dockerfile, I use it to mount ssh but for some reason it stopped working.
I have the env DOCKER_BUILDKIT=1 and already tried with DOCKER_CLI_EXPERIMENTAL=enabled but nothing changed.
2 transferring context: 69B done
#2 DONE 0.0s
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 402B done
#1 DONE 0.0s
#3 resolve image config for docker.io/docker/dockerfile:experimental
#3 ERROR: docker.io/docker/dockerfile:experimental not found
------
> resolve image config for docker.io/docker/dockerfile:experimental:
------
docker.io/docker/dockerfile:experimental not found
There's the output and the problem.
Best regards
Fixed by forcing pull.
docker pull docker/dockerfile:experimental
My docker builds are failing because of a file handle limit error. They crash out with
Error: EMFILE: too many open files
when I check ulimit -n on the container I see
-n: file descriptors 1024
So I pass the following flags to my build command
docker build --ulimit nofile=65536:65536 -t web .
but this does not change anything, my container still shows
-n: file descriptors 1024
No matter what I do I dont seem to be able to get that ulimit file descriptor limit to change.
What am I doing wrong here?
So, I discovered the cause. Posting the answer incase anyone else is having the same issue as I just wasted most of a day on this.
I have been debugging a very long running build and have been using
export DOCKER_BUILDKIT=1
to enable some extended build information. Very useful timings etc, although it appears as though enabling DOCKER_BUILDKIT completely ignores ulimit flags passed to the docker build command.
When I set
export DOCKER_BUILDKIT=0
it works. So long story short, avoid using buildkit with ulimit params
I wrote a simple test and it seams to work fine on Docker 18.06
> $ docker -v
Docker version 18.06.1-ce, build e68fc7a
I created a Dockerfile like this:
FROM alpine
RUN ulimit -n > /tmp/ulimit.txt
And then:
> $ docker build --ulimit nofile=65536:65536 .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> e21c333399e0
Step 2/2 : RUN ulimit -n > /tmp/ulimit.txt
---> Running in 1aa4391d057d
Removing intermediate container 1aa4391d057d
---> 18dd1953d365
Successfully built 18dd1953d365
docker run -ti 18dd1953d365 cat /tmp/ulimit.txt
65536
> $ docker build --ulimit nofile=1024:1024 --no-cache .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> e21c333399e0
Step 2/2 : RUN ulimit -n > /tmp/ulimit.txt
---> Running in c20067d1fe10
Removing intermediate container c20067d1fe10
---> 134fc7252574
Successfully built 134fc7252574
> $ docker run -ti 134fc7252574 cat /tmp/ulimit.txt
1024
When using the BuildKit, docker seems to execute the command in the systemd unit context of the daemon the has the ulimit.
I used the Dockerfile to test:
> cat <<EOF >Dockerfile
FROM alpine
RUN echo -e "\n\n-----------------\nulimit: $(ulimit -n)\n-----------------\n\n"
EOF
Check first the actual limit values for docker service:
> systemctl show docker.service | grep LimitNOFILE
LimitNOFILE=infinity
LimitNOFILESoft=infinity
The values set inside running container is 1048576:
> docker run -it --rm alpine sh -c "ulimit -n"
1048576
The values set inside BuildKit build is 1073741816:
> DOCKER_BUILDKIT=1 docker build --progress=plain --no-cache .
#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 195B done
#2 DONE 0.0s
#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 0.0s
#3 [internal] load metadata for docker.io/library/alpine:latest
#3 DONE 0.0s
#5 [1/2] FROM docker.io/library/alpine
#5 CACHED
#4 [2/2] RUN echo -e "\n\n-----------------\nulimit: $(ulimit -n)\n--------...
#4 0.452
#4 0.452
#4 0.452 -----------------
#4 0.452 ulimit: 1073741816
#4 0.452 -----------------
#4 0.452
#4 0.452
#4 DONE 0.5s
#6 exporting to image
#6 exporting layers 0.0s done
#6 writing image sha256:facf7aee0b81d814d5b23a663e4f859ec8ba54d7e5fe6fdbbf8beacf0194393b done
#6 DONE 0.0s
Configure the docker.service to set a different default value (LimitNOFILE=1024) that will be also used by BuildKit (be careful not to overwrite an existing file):
> mkdir -p /etc/systemd/system/docker.service.d
> cat <<EOF >/etc/systemd/system/docker.service.d/service.conf.ok
[Service]
LimitNOFILE=1024
EOF
> systemctl daemon-reload
> systemctl restart docker.service
The values set inside running container remains unchanged to 1048576:
> docker run -it --rm alpine sh -c "ulimit -n"
1048576
The values set inside BuildKit build is now 1024:
> DOCKER_BUILDKIT=1 docker build --progress=plain --no-cache .
#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 195B done
#2 DONE 0.0s
#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 0.0s
#3 [internal] load metadata for docker.io/library/alpine:latest
#3 DONE 0.0s
#5 [1/2] FROM docker.io/library/alpine
#5 CACHED
#4 [2/2] RUN echo -e "\n\n-----------------\nulimit: $(ulimit -n)\n--------...
#4 0.452
#4 0.452
#4 0.452 -----------------
#4 0.452 ulimit: 1024
#4 0.452 -----------------
#4 0.452
#4 0.452
#4 DONE 0.5s
#6 exporting to image
#6 exporting layers 0.0s done
#6 writing image sha256:7e40c8a8d5f0ca8f2b2b53515f11f47655f6e1693ffcd5f5a118402c13a44ab4 done
#6 DONE 0.0s