nx-docker@3.0.2 not working in Github self-hosted actions, unable to override builder option

[tmf]

Thank you for providing this excellent NX plugin!

Unfortunately there seems to be an issue with the currently latest version 3.0.2 in the scenario of self-hosted Github actions runners.

The build fails in self-hosted Github actions runners with the following error:

>  Nx Docker  Starting build...

Creating builder
/usr/local/bin/docker buildx create --name=sample-app-66524b
error: could not create a builder instance with TLS data loaded from environment. Please use `docker context create <context-name>` to create a context for current environment and then create a builder instance with `docker buildx create <context-name>`

We were encountering a similar error already, as was explained in docker/setup-buildx-action#105,

Looks like you're using a self-hosted runner and the default context is from a tls environment but you can't create a builder instance from a tls environment (see docker/buildx#30)
You have to create a context for the current environment with docker context create like the error message suggest.

The solution here was to use the following steps when setting up the buildx context:

- name: Set up Docker Context for Buildx
  id: buildx-context
  run: |
    docker context create github-selfhosted-context
- name: Set up Docker Buildx
  id: buildx
  uses: docker/setup-buildx-action@v1
  with:
    version: latest
    endpoint: github-selfhosted-context

The buildx step would create a builder instance with this command:

Run docker/setup-buildx-action@v1
Docker info
Download and install buildx
Buildx version
Creating a new builder instance
  /usr/local/bin/docker buildx create --name builder-3d3931fa-220a-4e74-9f0d-86b6f78997cb --driver docker-container --buildkitd-flags --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host --use github-selfhosted-context
  builder-3d3931fa-220a-4e74-9f0d-86b6f78997cb

And this builder instance could be used in v2.x or up to 3.0.1 of @nx-tools/nx-docker.

However, with the new builder option, it always executes a docker buildx create --name command, there is no possibility to not have a builder instance re-used from a previous step.

Taken from node_modules/@nx-tools/nx-docker/src/executor.js (version 3.0.2)

        if (!options.builder) {
            tempBuilder = `${ctx.projectName}-${(0, _nodeCrypto.randomBytes)(24).toString('hex').substring(0, 6)}`;
            options.builder = tempBuilder;
        }
        const inputs = await _context.getInputs(defContext, {
            ...options,
            file: options.file || (0, _nodePath.join)(ctx?.workspace.projects[ctx.projectName].root, 'Dockerfile')
        }, ctx);
        if (options.metadata?.images) {
            const { getMetadata  } = (0, _core.loadPackage)('@nx-tools/docker-metadata', 'Nx Docker BUild Executor');
            (0, _core.startGroup)('Generating metadata', GROUP_PREFIX);
            const meta = await getMetadata(options.metadata, ctx);
            inputs.labels = meta.getLabels();
            inputs.tags = meta.getTags();
        }
        (0, _core.startGroup)(`Starting build...`, GROUP_PREFIX);
        if (options.builder) {
            (0, _core.info)(`Creating builder`);
            await (0, _core.getExecOutput)(`docker`, [
                'buildx',
                'create',
                `--name=${options.builder}`
            ], {
                ignoreReturnCode: true
            }).then((res)=>{
                if (res.stderr.length > 0 && res.exitCode != 0) {
                    throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)[0].trim()}`);
                }
            });
        }

There are a couple of issues with the version 3.0.2:

• no way of bypassing the Creating builder step, options.builder will always evaluate true-ish due to the preceding options.builder = tempBuilder block
• only considering options.builder, ignoring INPUT_BUILDER
• I realize this is a very recent issue, however I had difficulties inspecting this from repository code... There seems to be no tag or pushed code for version 3.0.2, I only could deduce this problem from inspecting the published npm package.

The fix for now is to use 3.0.1

[gperdomor]

@tmf sorry for the inconvenience... Here the branch for the changes https://github.com/gperdomor/nx-tools/tree/feature/buildx-builder

This change was made to fix an issue running parallels builds in gitlab... Maybe I can do the creation only if GitLab CI is detected or determined by a specific flag (I think the second option is better)... Do you know if this problem occurs only in self-hosted runners? or also happens on cloud runners?

only considering options.builder, ignoring INPUT_BUILDER

Agree, it's a issue

I will work on a new fix by the end of the week, please use 3.0.1 until the new version is released

[gperdomor]

@tmf please try with version 3.0.3-alpha.1 😄

[tmf]

@gperdomor Thank you for the very quick fix!

I can confirm 3.0.3-alpha.1 is working as expected in self-hosted Github actions runners again (with the docker context create github-selfhosted-context step above).

• This change was made to fix an issue running parallels builds in gitlab

  I can see how this would be useful. I didn't have parallel builds in my scenario.

• Maybe I can do the creation only if GitLab CI is detected or determined by a specific flag (I think the second option is better)

  I agree, a specific flag, like you did with create-builder is a better option in my opinion

• Do you know if this problem occurs only in self-hosted runners? or also happens on cloud runners?

  As far as I know, it is specific to self-hosted Github runners. I don't know about other cloud providers, but it could be that they have slightly different buildx / docker defaults (especially regarding TLS setup), that may require this override anyway.

• I will work on a new fix by the end of the week, please use 3.0.1 until the new version is released

  Thank you so much! No pressure from my side!

[gperdomor]

Closed and resolved in nx-docker 3.0.3