Workaround for --privileged on Bitbucket pipelines?

[Divaaan]

Hi, any idea how to get around the following?

NX buildx failed with: ERROR: Error response from daemon: authorization denied by plugin pipelines: --privileged=true is not allowed

I've tried search, some suggested you set the DOCKER_BUILDKIT=0 but no luck as Bitbucket doesn't allow the use of --privileged

Any suggestions would be greatly appreciated.

[gperdomor]

@Divaaan try with DOCKER_BUILDKIT=0 nx run your-app:container-target or similar... Or try with the Podman engine and let me know if works :D

[Divaaan]

@gperdomor Champ! Thanks for the quick reply, will have a try and let you know 👌🏼

[Divaaan]

@gperdomor So I tried the above command but same issue. I've tried using podman now as well with your container but getting the following:
Podman is required. See https://github.com/gperdomor/nx-tools to set up nx-container executor with podman.

Here is my step in my pipeline .yml file

          name: Containerize
          image: gperdomor/nx-podman:latest
          script:
            - npx nx container fe
          caches:
            - node

[gperdomor]

@Divaaan Yes, podman should be installed in the environment...

I provide 3 images (for docker, podman and kaniko) to run the build inside Gitlab CI, you can check the example of usage here https://github.com/gperdomor/nx-tools/blob/main/packages/nx-container/docs/ci/gitlab-ci.md

I did't test it in bitbucket but in theory should works too

[Divaaan]

@gperdomor Thanks for the info. Still a bit unsure on what you mean by podman needing to be installed in the environment?
Because using the image you provide, the step above runs the command inside it or am I missing something 🤔
I checked the example but see nowhere that podman is being installed and looks to be already installed? Might be wrong here.

[gperdomor]

The provided image already has Podman installed, so you can skip that step... but the default image used by bitbucket pipelines not, that is why you are getting the Podman error

[gperdomor]

I'm not a bitbucket user but I will try to create a repo tomorrow to try to help you 😅

[Divaaan]

@gperdomor Ah okay that makes sense! Can you maybe explain as well what makes your nx-docker image different from using another image for example? Does it have additional packages etc installed needed for the build?

[gperdomor]

@Divaaan all the images contains node, yarn, npm, pnpm, git, other common tools and docker, podman or kaniko

[tomaszkrzyzanowski]

Maybe someone will benefit, as I was able to run nx-container with Kaniko on Bitbucket Pipelines

- step:
    name: Build docker images
    image: gperdomor/nx-kaniko:20.11.0-alpine
    script:
      - export INPUT_ENGINE=kaniko
      - export INPUT_PUSH=true
      - NX_HEAD=$BITBUCKET_COMMIT
      # Login to registry
      - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"$(echo -n $DH_USER:$DH_PASS | base64)\"}}}" > /kaniko/.docker/config.json
      - npx nx affected --target=build-docker --base="origin/main" --head=HEAD --configuration=production  --parallel=1

[minhhieu76qng]

I found that the Docker build command contains buildx docker buildx build ....
Currently, Bitbucket doesn't support buildx command. Instead of using buildx command, just use docker build ... and enable BuildKit by setting DOCKER_BUILDKIT=0.
https://jira.atlassian.com/browse/BCLOUD-22066

[minhhieu76qng]

Hi @gperdomor, I tried with podman but I face with unknown error.

>  Podman info 
[command]/usr/bin/podman version
Client:       Podman Engine
Version:      4.9.0
API Version:  4.9.0
Go Version:   go1.21.6
Built:        Wed Jan 24 10:07:27 2024
OS/Arch:      linux/amd64
[command]/usr/bin/podman info
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x56445f4b7d53]

I think Docker is better but in your code, buildx is a required argument. Therefore, noway to bypass on the Bitbucket.
Could you fix it? Thanks.