Jenkins: Permission issue using Docker as build environment

Question

I installed Jenkins on an Ubuntu 16.04 machine. The Jenkins itself is not run in a container. What I want to do is simply call yarn install using a node image. So here is my Jenkinsfile:

pipeline {
    agent any
    stages {
        stage('install node modules...') {
            agent { docker 'node' }
            steps {
                sh 'cd /path/to/package.json; yarn install'
            }
        }
    }
}

Pretty straightforward, right?

jenkins user/group is 112:116, and the uid of the node container is 1000, hence yarn process (which is run as node user 1000) can't do its things, like mkdir /.config.

I tried to spin up the node container passing in argument -u 1000, it bumped into permission issues when trying to create durable directories.

It looks like one or the other kind of issue, how can I work around that?

Jenkins logs:

Below is where the build starts and fails.

[Pipeline] sh
[Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2] Running shell script
+ docker inspect -f . node
.
[Pipeline] withDockerContainer
Jenkins does not seem to be running inside a container
$ docker run -t -d -u 112:116 -w /var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2 -v /var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2:/var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2:rw,z -v /var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2@tmp:/var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** --entrypoint cat node
[Pipeline] {
[Pipeline] sh
[Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2] Running shell script
+ cd /path/to/package.json
+ yarn install
yarn install v0.24.6
error An unexpected error occurred: "EACCES: permission denied, mkdir '/.config'".
info If you think this is a bug, please open a bug report with the information provided in "/var/lib/jenkins/workspace/Pipeline_Test_Jenkins_test-4JTFYMX7KSJY6ZH44VINNGEB7WH2D2HWYZN5ABF6O32O2HBQJYXQ@2/<path>/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
[Pipeline] }
$ docker stop --time=1 c1147934ea689f71a449e486282db03338b12182368def31bdf8e8cf179ab46a
$ docker rm -f c1147934ea689f71a449e486282db03338b12182368def31bdf8e8cf179ab46a
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE

Answer 1

I had the same issue with node. The thing is files in the container are owned by "root:root". Try adding docker args -u root:root:

docker { 
    image 'node:8'
    args '-u root:root'
}

Answer 2

I just had a similar issue today, although with another image.

docker {
 image 'node:8'
 args '--tmpfs /.config'
}

Reference: https://docs.docker.com/storage/tmpfs/ This way you shouldn't be worried about any security leaks or files which are present after the container is destroyed inside the jenkins.

Answer 3

buildEnv.inside("-u 0") {} resolved my problem. But then the workspace will contains directory and files owned by root which can not be deleted by the user Jenkins at the next run when cleaning the workpace , so I have added sh "sudo chown jenkins: -R \$PWD/" at the beginning of the pipeline.

Answer 4

This worked for me:

docker {
  image 'node'
  args '-e HOME=/tmp/home'
}

/tmp is writable for everyone.