Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jib.extraDirectories.permissions to change folder/file permissions #2438

Closed
2020testuser opened this issue Apr 29, 2020 · 3 comments
Closed

jib.extraDirectories.permissions to change folder/file permissions #2438

2020testuser opened this issue Apr 29, 2020 · 3 comments

Comments

@2020testuser
Copy link

Could anyone please let me know whether jib.extraDirectories.paths and jib.extraDirectories.permissions params set in gradle jib build changes the directories permissions?

In my tekton pipeline, I have the below command inside the script param of Gradle 4.6 image (in Docker repo.)
gradle wrapper build service:jib --no-build-cache --recompile-scripts -S -i --debug --scan -x test
-Djib.container.user='1000:1000'
-Djib.container.user='gradle:gradle'
-Djib.extraDirectories.paths = ['/workspace/app', '/workspace/app/service']
-Djib.extraDirectories.permissions = ['/workspace/is360api': '775', '/workspace/app/service': '775'] \

Environment:
Tekton Pipeline , Kubernetes 1.18, Gradle 4.6 and Jib 4.0.4

  • Jib version: 4.0.4
  • *Build tool: Jib Gradle *

Description of the issue:
jib.extraDirectories.paths and jib.extraDirectories.permissions params set in gradle jib build doesn't seem to be working as expected.

Expected behavior:
jib.extraDirectories.paths and jib.extraDirectories.permissions params changes the folder/file permissions when set in gradle build jib command.

Steps to reproduce:

  1. Invoke the gradle build jib command (provided above) inside the Tekton Pipeline Step (in Kubernetes ) in script param of the Gradle 4.6 image

Error Message:
service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Caused by: org.gradle.internal.service.ServiceCreationException: Could not create service of type CrossBuildFileHashCache using BuildSessionScopeServices.createCrossBuildFileHashCache().
[service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.internal.service.DefaultServiceRegistry$FactoryMethodService.invokeMethod(DefaultServiceRegistry.java:857)
[service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.internal.service.DefaultServiceRegistry$FactoryService.create(DefaultServiceRegistry.java:808)
[service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.internal.service.DefaultServiceRegistry$ManagedObjectServiceProvider.getInstance(DefaultServiceRegistry.java:612)
[service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.internal.service.DefaultServiceRegistry$SingletonService.get(DefaultServiceRegistry.java:669)
[service-build-step] 09:16:33.389 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] at org.gradle.internal.service.DefaultServiceRegistry$FactoryService.assembleParameters(DefaultServiceRegistry.java:821)
[service-build-step] 09:16:33.390 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Caused by: org.gradle.api.UncheckedIOException: Failed to create parent directory '/workspace/app/service/.gradle' when creating directory '/workspace/app/service/.gradle/4.6/fileHashes'

Thanks in advance!
@chanseokoh
Copy link
Member

chanseokoh commented Apr 29, 2020
edited
Loading

I'm sorry, I think I was confused. And I am still confused. Seems like both you and I are confused. We need to make sure we are on the same page.

I thought you were using Jib to create another customized Gradle image based on gradle:4.6 and you were getting an error when you run a usual (non-Jib) Gradle build inside your new customized Gradle image built by Jib. So, forget what I said in https://stackoverflow.com/a/61488918/1701388. I've updated the SO answer.

Rather, now I see this is what you are doing.

  • Inside a Tekton step, you use the official gradle:4.6.
    • That is, it is NOT that you are building another customized Gradle image from the base image gradle:4.6 while using Jib.
  • This Tekton pipeline is a general-purpose image builder; the purpose is to containerize any Java application given as input. And for doing the containerization, you use Jib.
    • The only place you run Jib is this Tekton pipeline. That is, you are not building an image (by Jib or Docker or whatever) where you plan to run Jib inside the image. Jib just runs on the vanilla gradle:4.6 on Tekton.
  • The error you are getting is from running (basically) gradle jib inside the Tekton step.
    • It is NOT from when running an image built by Jib.
    • It is NOT from when running Gradle inside an image built by Jib.

If my understanding is right, then the following are meaningless, because they are the container configuration for the image being built by Jib. These don't affect the runtime environment (that is, gradle:4.6) where Jib is running.

-Djib.container.user='1000:1000'
-Djib.container.user='gradle:gradle'

And it is possible that these may be meaningless too for the same reason. These are the settings for the image being built by Jib.

-Djib.extraDirectories.paths = ['/workspace/app', '/workspace/app/service']
-Djib.extraDirectories.permissions = ['/workspace/is360api': '775', '/workspace/app/service': '775'] \

I think there are serious confusions. From the command gradle ... service:jib and the directory name /workspace/..., I think you meant these directories (/workspace/...) are for the directories inside the gradle:4.6 on Tekton, not the directories to be put inside an image being built by Jib.

Therefore, I believe that running the following Gradle command without Jib inside this Tekton step will just fail as well.

gradle service:build

If my understanding is correct, this is not a Jib issue and not something Jib can resolve. It's just that you cannot run Gradle with gradle:4.6 on Tekton due to the unfortunate requirement that Gradle has to run with the user gradle:gradle in gradle:4.6 (I think it may be possible that Tekton runs gradle:4.6 as gradle:gradle already.) and that somehow some directories on Tekton are not writable by gradle:gradle.

@chanseokoh chanseokoh mentioned this issue Apr 29, 2020
Closed
@chanseokoh
Copy link
Member

Closing this as this is not a Jib issue. Some related stuff is also explained in tektoncd/catalog#289 (comment).

Here, the problem seems to be that running the gradle command inside the image gradle:4.6 on Tekton fails, as the gradle command cannot write files into /workspace/app/service inside gradle:4.6 due to permission/ownership issues. There may be multiple different ways to resolve this issue depending on how you set up your Tekton pipeline. For example, there may be a way to direct gradle not to create .gradle inside a project directory. Or, you may be able to configure the Tekton task so that /workspace/app/service is writable by a non-root user inside gradle:4.6.

Again, -Djib.container.user is for the user of the image that Jib will create; it doesn't/can't change the user running gradle:4.6 on Tekton. The same goes for -Djib.extraDirectories.

I am closing this, but feel free to update. I did have an issue of the same nature when I tried to create the Jib Gradle Tekton catalog sample.

@chanseokoh
Copy link
Member

FTR: issue resolved after @2020testuser configured a Tekton Task so that Gradle can create necessary files.

tektoncd/catalog#289 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chanseokoh @2020testuser