4

When I try to build an image for my application, an image that relies upon buildkit, I receive an error: failed to dial gRPC: unable to upgrade to h2c, received 403

I can build standard docker images, but if it relies on Buildkit, I get errors

Specifically, the command that fails is:

docker build --ssh default --no-cache -t worker $BITBUCKET_CLONE_DIR/worker

My bitbucket-pipelines.yml is as follows, the first two docker build commands work, and the images are generated, however the third, that relies on buildkit does not.

image: docker:stable

pipelines:
  default:
    - step:
      name: build
      size: 2x
      script:
         - docker build -t alpine-base $BITBUCKET_CLONE_DIR/supporting/alpine-base
         - docker build -t composer-xv:latest $BITBUCKET_CLONE_DIR/supporting/composer-xv
         - apk add openssh-client
         - eval `ssh-agent`
         - export DOCKER_BUILDKIT=1
         - docker build --ssh default --no-cache -t worker $BITBUCKET_CLONE_DIR/worker
         - docker images

      services:
       - docker
      caches:
       - docker

My Dockerfile is as follows:

# syntax=docker/dockerfile:1.0.0-experimental
FROM composer:1.7 as phpdep

COPY application/database/ database/

COPY application/composer.json composer.json
COPY application/composer.lock composer.lock

# Install PHP dependencies in 'vendor'
RUN --mount=type=ssh composer install \
    --ignore-platform-reqs \
    --no-dev \
    --no-interaction \
    --no-plugins \
    --no-scripts \
    --prefer-dist

#
# Final image build stage
#
FROM alpine-base:latest as final

ADD application /app/application
COPY --from=phpdep /app/vendor/ /app/application/vendor/
ADD entrypoint.sh /entrypoint.sh

RUN \
    apk update && \
    apk upgrade && \
    apk add \
        php7 php7-mysqli php7-mcrypt php7-gd \
        php7-curl php7-xml php7-bcmath php7-mbstring \
        php7-zip php7-bz2 ca-certificates php7-openssl php7-zlib \
        php7-bcmath php7-dom php7-json php7-phar php7-pdo_mysql php7-ctype \
        php7-session php7-fileinfo php7-xmlwriter php7-tokenizer php7-soap \
        php7-simplexml && \
    cd /app/application && \
    cp .env.example .env && \
    chown nobody:nobody /app/application/.env && \
    sed -i 's/;openssl.capath=/openssl.capath=\/etc\/ssl\/certs/' /etc/php7/php.ini && \
    sed -i 's/memory_limit = 128M/memory_limit = 1024M/' /etc/php7/php.ini && \
    apk del --purge curl wget && \
    mkdir -p /var/log/workers && \
    mkdir -p /run/php && \
    echo "export PS1='WORKER \h:\w\$ '" >> /etc/profile

COPY files/logrotate.d/ /etc/logrotate.d/

CMD ["/entrypoint.sh"]
Alex Mills
  • 41
  • 3
  • I am not familiar with Bitbucket but in Gitlab I fixed a similar issue by using a shell runner instead of a docker image. – Mihai Apr 24 '19 at 07:48
  • I've been struggling with the same issue. It looks like bitbucket doesn't support experimental build features at the moment. Maybe see if you can get it working by following instructions here: https://github.com/docker/cli/blob/master/experimental/README.md – Harry Nov 26 '19 at 16:05
  • In the meantime, you can simply remove experimental syntax at build time: `[[ -n "${BITBUCKET_COMMIT}" ]] && sed -i.bak 's/ --mount=[^ ]*//g' Dockerfile` – deizel. Dec 07 '19 at 01:56

2 Answers2

0

Bitbucket pipelines don't support DOCKER_BUILDKIT, it seems, see: https://jira.atlassian.com/browse/BCLOUD-17590?focusedCommentId=3019597&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-3019597 . They say they are waiting for this; https://github.com/moby/buildkit/pull/2723 to be fixed...

farialima
  • 217
  • 2
  • 6
0

You could try again as, since July 2022, you have:

Announcing support for Docker BuildKit in Bitbucket Pipelines

(Jayant Gawali, Atlassian Team)

We are happy to announce that one of the top voted features for Bitbucket Pipelines, Docker BuildKit is now available. You can now build Docker images with the BuildKit utility.

With BuildKit you can take advantage of the various features it provides like:

  • Performance: BuildKit uses parallelism and caching internally to build images faster.
  • Secrets: Mount secrets and build images safely.
  • Cache: Mount caches to save re-downloading all external dependencies every time.
  • SSH: Mount SSH Keys to build images.

Configuring your bitbucket-pipelines.yaml

BuildKit is now available with the Docker Daemon service.
It is not enabled by default and can be enabled by setting the environment variable DOCKER_BUILDKIT=1 in the pipelines configuration.

pipelines:
 default:
   - step:
       script:
         - export DOCKER_BUILDKIT=1
         - docker build --secret id=mysecret,src=mysecret.txt .
       services:
         - docker

To learn more about how to set it up please refer to the support documentation and for information on Docker Buildkit, visit: Docker Docs ? Build images with BuildKit.

Please note:

  • Use multi-stage builds to utilise parallelism.
  • Caching is not shared across different builds and it’s limited to the build running on the same docker node where the build runs.
  • With BuildKit, secrets can be mounted securely as shown above.
  • For restrictions and limitations please refer to the restrictions section of our support documentation.
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250