I have the following Dockerfile to build yq so that I can edit Yaml Files in a Jenkins pipeline.
FROM some_registry/some_prj/busybox:1.31.1
LABEL maintainer="this.maintainer@com"
RUN mkdir -p /usr/bin/yq
RUN addgroup -S yq && adduser -S yq -G yq
RUN chown yq: /usr/bin/yq && chmod u+rwx /usr/bin/yq
USER yq
RUN cd /usr/bin/yq && wget "https://some_registry/nexus/repository/applications-to-deploy/yq/yq_linux_amd64"
ENTRYPOINT ["/usr/bin/yq"]
My yq_linux_amd64 is from here - https://github.com/mikefarah/yq/releases/tag/v4.40.5/ and the file is yq_linux_amd64.
The image is built, but I cannot invoke the command yq from the container. The pipeline has the following step
node("Build-Node"){
def sourceArtefact
stage("checkout"){
checkout scm
}
stage("invoke yq"){
docker.withRegistry("https://some_prj/harbor/", "robot_id_to_pull"){
docker.image("some_prj/yq:v0.4").inside("--entrypoint='' -u 0:0"){
sh "yq --version"
}
}
}
}
The shell command throws an error "Permission Denied". I am confused what exactly is wrong here.
You are creating the /usr/bin/jq, then downloading the binary into it, so the binary will be /usr/bin/jq/yq_linux_amd64
Your entrypoint is /usr/bin/jq which is a folder, not the binary. (and you're overriding the entrypoint, anyway).
This works for me:
FROM docker.io/busybox:1.31.1
LABEL maintainer="this.maintainer@com"
RUN mkdir -p /usr/bin/yq
RUN addgroup -S yq && adduser -S yq -G yq
RUN cd /usr/bin/yq && wget "https://some_registry/nexus/repository/applications-to-deploy/yq/yq_linux_amd64"
RUN chown yq: /usr/bin/yq && chmod u+rwx /usr/bin/yq
USER yq
ENTRYPOINT ["/usr/bin/yq/yq_linux_amd64"]
Note that your sh step would need to point to the binary, as well.