时间戳

首页 > 解决方案 > 使用 dockerfile 代理访问 sh 脚本的权限

docker - 使用 dockerfile 代理访问 sh 脚本的权限

问题描述

我有以下 Jenkins 声明性管道

pipeline {
agent { 
    dockerfile {
        dir '002_CICD'
        additionalBuildArgs '--build-arg user_id=$(id -u) --build-arg group_id=$(id -g)'
    }

}

stages {
    stage('Build') {
        steps {
            sh("/pipeline/stages/01_built.sh")

        }
    }

...

用于创建容器的 dockerfile 如下:

# Create an image to run the jenkins pipeline
FROM alpine:3.7

#retrieve the value of the ARG set at the built of the container
ARG user_id
ARG group_id

#Creation of a new user and definition of his privileges
RUN addgroup -g $group_id -S jenkins_group && adduser -S jenkins_user -u $user_id -D -H -G jenkins_group


#Update alpine, install curl, js and zip which is not provided in the alpine distr
RUN apk add --update \
    bash \
    curl \
    jq \
    zip \
    docker

#Use the user defined at build time
USER jenkins_user

#Copy the pipeline folder 
COPY pipeline pipeline/

当我运行管道时,出现以下错误:

Jenkins seems to be running inside container 06d5a9cade5cae73476093209a7add12fc29ed75789d79f95073f6385f2c6bf4
but /var/jenkins_home/workspace/AMP_app_pipe_dev could not be found among []
but /var/jenkins_home/workspace/AMP_app_pipe_dev@tmp could not be found among []
$ docker run -t -d -u 1000:1000 -w /var/jenkins_home/workspace/AMP_app_pipe_dev -v /var/jenkins_home/workspace/AMP_app_pipe_dev:/var/jenkins_home/workspace/AMP_app_pipe_dev:rw,z -v /var/jenkins_home/workspace/AMP_app_pipe_dev@tmp:/var/jenkins_home/workspace/AMP_app_pipe_dev@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** 738c0d7eb654b743986db4f486ead9d125185d7a cat
$ docker top 6529bcb2b66fce53c5186254b2a8cf98af993c5cc8d669024b5f10920dcef894 -eo pid,comm
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build)
[Pipeline] sh
+ /pipeline/stages/01_built.sh
    /var/jenkins_home/workspace/AMP_app_pipe_dev@tmp/durable-186e4ff9/script.sh: 
line 1: /pipeline/stages/01_built.sh: Permission denied

我不明白为什么 Jenkins 代理无权执行 01_built.sh 脚本。如果容器内的用户映射到工作区的用户所有者(jenkins 用户),它应该有权执行脚本吗?

标签: dockerjenkinsjenkins-pipelinedockerfilealpine

解决方案

推荐阅读