azure-pipelinesazure-container-registryjibflowable

Flowable Pipeline to Azure Container Registry: "aad access token with sp failed client id must be guid"

I have a Azure Devops Pipeline where i want to build the flowable docker images.

The pipeline looks like this:

steps:
- script: |
    curl -L https://aka.ms/acr/installaad/bash | /bin/bash
  displayName: 'Install ACR Helper'

- task: AzureCLI@2
  inputs:
    azureSubscription: '**************'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: 'az acr login -n ****'

- script: |
    sed -i 's/<dependencies>/<dependencies>\r\n<!--mssql-->\r\n<dependency>\r\n<groupId>com.microsoft.sqlserver<\/groupId>\r\n<artifactId>mssql-jdbc<\/artifactId>\r\n<version>10.2.0.jre11<\/version>\r\n<\/dependency>\r\n<!--ghost-->/g' $(Build.SourcesDirectory)/modules/flowable-app-rest/pom.xml
    cat $(Build.SourcesDirectory)/modules/flowable-app-rest/pom.xml
    sed -i 's/<dependencies>/<dependencies>\r\n<!--mssql-->\r\n<dependency>\r\n<groupId>com.microsoft.sqlserver<\/groupId>\r\n<artifactId>mssql-jdbc<\/artifactId>\r\n<version>10.2.0.jre11<\/version>\r\n<\/dependency>\r\n<!--ghost-->/g' $(Build.SourcesDirectory)/modules/flowable-ui/flowable-ui-app/pom.xml
    cat $(Build.SourcesDirectory)/modules/flowable-ui/flowable-ui-app/pom.xml
    cat ~/.docker/config.json
    echo "Done"
  displayName: 'Fix pom files with sqlserver dependency'

- script: |
    mvn -Pdistro clean install -DskipTests
    cd modules/flowable-app-rest
    type pom.xml
    mvn -Pdocker,swagger,dockerPublish -DskipTests -Dimage=****.azurecr.io/flowable-app-rest -Djib.to.tags=$(Build.BuildId) clean package
    cd ../flowable-ui
    type pom.xml
    mvn -Pdocker,dockerPublish -DskipTests -Dimage=****.azurecr.io/flowable-ui -Djib.to.tags=$(Build.BuildId) clean package
  displayName: 'Launch Build All Images'

The pipeline compiles correctly, but when it comes to push the image to Azure Container Registry, it stops with the following error:

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:2.6.0:build (default) on project flowable-ui-app: Build image failed, perhaps you should make sure your credentials for '****.azurecr.io/flowable-ui' are set up correctly. See https://github.com/GoogleContainerTools/jib/blob/master/docs/faq.md#what-should-i-do-when-the-registry-responds-with-unauthorized for help: Unauthorized for ****.azurecr.io/flowable-ui: 401 Unauthorized
[ERROR] {"errors":[{"code":"UNAUTHORIZED","message":"aad access token with sp failed client id must be guid"}]}
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <args> -rf :flowable-ui-app
##[error]Bash exited with code '1'.

I tried to recreate the serviceconnection, but it does not solve the problem.

The ACR Login fase is succedding:

2022-07-07T16:45:58.4037264Z ##[section]Starting: AzureCLI
2022-07-07T16:45:58.4046609Z ==============================================================================
2022-07-07T16:45:58.4046945Z Task         : Azure CLI
2022-07-07T16:45:58.4047453Z Description  : Run Azure CLI commands against an Azure subscription in a PowerShell Core/Shell script when running on Linux agent or PowerShell/PowerShell Core/Batch script when running on Windows agent.
2022-07-07T16:45:58.4047940Z Version      : 2.198.0
2022-07-07T16:45:58.4048157Z Author       : Microsoft Corporation
2022-07-07T16:45:58.4048472Z Help         : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-cli
2022-07-07T16:45:58.4048861Z ==============================================================================
2022-07-07T16:45:58.5554820Z [command]/usr/bin/az --version
2022-07-07T16:45:59.1728858Z WARNING: You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
2022-07-07T16:45:59.1730459Z azure-cli                         2.32.0 *
2022-07-07T16:45:59.1818159Z 
2022-07-07T16:45:59.1819182Z Please let us know how we are doing: https://aka.ms/azureclihats
2022-07-07T16:45:59.1820888Z and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy
2022-07-07T16:45:59.1821697Z 
2022-07-07T16:45:59.1822147Z core                              2.32.0 *
2022-07-07T16:45:59.1822655Z telemetry                          1.0.6
2022-07-07T16:45:59.1822876Z 
2022-07-07T16:45:59.1823225Z Extensions:
2022-07-07T16:45:59.1824086Z azure-devops                      0.22.0
2022-07-07T16:45:59.1824300Z 
2022-07-07T16:45:59.1824660Z Dependencies:
2022-07-07T16:45:59.1825084Z msal                              1.16.0
2022-07-07T16:45:59.1825843Z azure-mgmt-resource               20.0.0
2022-07-07T16:45:59.1826106Z 
2022-07-07T16:45:59.1826769Z Python location '/opt/az/bin/python3'
2022-07-07T16:45:59.1827587Z Extensions directory '/opt/az/azcliextensions'
2022-07-07T16:45:59.1827868Z 
2022-07-07T16:45:59.1828443Z Python (Linux) 3.6.10 (default, Dec 31 2021, 08:09:22) 
2022-07-07T16:45:59.1829049Z [GCC 9.3.0]
2022-07-07T16:45:59.1829254Z 
2022-07-07T16:45:59.1829747Z Legal docs and information: aka.ms/AzureCliLegal
2022-07-07T16:45:59.1830499Z 
2022-07-07T16:45:59.1830634Z 
2022-07-07T16:45:59.1834885Z Setting AZURE_CONFIG_DIR env variable to: /agent/_work/_temp/.azclitask
2022-07-07T16:45:59.1837370Z Setting active cloud to: AzureCloud
2022-07-07T16:45:59.1849702Z [command]/usr/bin/az cloud set -n AzureCloud
2022-07-07T16:46:00.5538312Z [command]/usr/bin/az login --service-principal -u *** --password=*** --tenant **** --allow-no-subscriptions
2022-07-07T16:46:01.3599665Z [
2022-07-07T16:46:01.3628560Z   {
2022-07-07T16:46:01.3635580Z     "cloudName": "AzureCloud",
2022-07-07T16:46:01.3637046Z     "homeTenantId": "****",
2022-07-07T16:46:01.3638023Z     "id": "****",
2022-07-07T16:46:01.3638553Z     "isDefault": true,
2022-07-07T16:46:01.3639172Z     "managedByTenants": [
2022-07-07T16:46:01.3639591Z       {
2022-07-07T16:46:01.3640420Z         "tenantId": "****"
2022-07-07T16:46:01.3640934Z       }
2022-07-07T16:46:01.3641340Z     ],
2022-07-07T16:46:01.3641827Z     "name": "****",
2022-07-07T16:46:01.3642399Z     "state": "Enabled",
2022-07-07T16:46:01.3643257Z     "tenantId": "***",
2022-07-07T16:46:01.3643758Z     "user": {
2022-07-07T16:46:01.3645145Z       "name": "***",
2022-07-07T16:46:01.3645632Z       "type": "servicePrincipal"
2022-07-07T16:46:01.3646037Z     }
2022-07-07T16:46:01.3646401Z   }
2022-07-07T16:46:01.3646764Z ]
2022-07-07T16:46:01.3690101Z [command]/usr/bin/az account set --subscription 1aa6ffe6-1468-45f2-a682-6000a1b7ef28
2022-07-07T16:46:01.6346487Z [command]/usr/bin/pwsh -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command . '/agent/_work/_temp/azureclitaskscript1657212358546.ps1'
2022-07-07T16:46:03.1390154Z Login Succeeded
2022-07-07T16:46:03.5027810Z [command]/usr/bin/az account clear
2022-07-07T16:46:03.8731846Z ##[section]Finishing: AzureCLI

Any help is appreciated.

Solution

  • I ended up pushing the image to the local docker repository and than use the specific Devops Task to push to the repository.

    The new pipeline looks like this:

    steps:
- script: |
    sed -i 's/<dependencies>/<dependencies>\r\n<!--mssql-->\r\n<dependency>\r\n<groupId>com.microsoft.sqlserver<\/groupId>\r\n<artifactId>mssql-jdbc<\/artifactId>\r\n<version>10.2.0.jre11<\/version>\r\n<\/dependency>\r\n<!--ghost-->/g' $(Build.SourcesDirectory)/modules/flowable-app-rest/pom.xml
    cat $(Build.SourcesDirectory)/modules/flowable-app-rest/pom.xml
    sed -i 's/<dependencies>/<dependencies>\r\n<!--mssql-->\r\n<dependency>\r\n<groupId>com.microsoft.sqlserver<\/groupId>\r\n<artifactId>mssql-jdbc<\/artifactId>\r\n<version>10.2.0.jre11<\/version>\r\n<\/dependency>\r\n<!--ghost-->/g' $(Build.SourcesDirectory)/modules/flowable-ui/flowable-ui-app/pom.xml
    cat $(Build.SourcesDirectory)/modules/flowable-ui/flowable-ui-app/pom.xml
    echo "Done"
  displayName: 'Fix pom files with sqlserver dependency'

- script: |
    mvn -Pdistro clean install -DskipTests
    cd modules/flowable-app-rest
    mvn -Pdocker,swagger -DskipTests -Dimage=***.azurecr.io/flowable-app-rest -Djib.to.tags=$(Build.BuildId) clean package 
    docker image ls 
  displayName: 'Launch Build flowable-app-rest'

- task: Docker@2
  inputs:
    containerRegistry: '***.azurecr.io'
    repository: 'flowable-app-rest'
    command: 'push'

- script: |
    cd modules/flowable-ui
    mvn -Pdocker -DskipTests -Dimage=***.azurecr.io/flowable-ui -Djib.to.tags=$(Build.BuildId) clean package
    docker image ls 
  displayName: 'Launch Build flowable-app-ui'

- task: Docker@2
  inputs:
    containerRegistry: '***'
    repository: 'flowable-ui'
    command: 'push'