0

I have followed different recommendations, here, here , here and here. All are answered with the idea that volume mounting is supported.

I run my build in Gitlab, and we have a policy, we do not support mounting. Gitlab itself has still this open issue.

I have defined this plugin (docs):

  <plugin>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-maven-plugin</artifactId>
    <configuration>
      <image>
        <verboseLogging>true</verboseLogging>
        <env>
          <BP_DEBUG>true</BP_DEBUG>
          <BP_EMBED_CERTS>true</BP_EMBED_CERTS>
          <BP_RUNTIME_CERT_BINDING_DISABLED>true</BP_RUNTIME_CERT_BINDING_DISABLED>
        </env>
        <bindings>
          <binding>${project.basedir}/bindings/certificates:/platform/bindings/ca-certificates</binding>
        </bindings>
      </image>
    </configuration>
  </plugin>

I have the following project setup:

spring-boot-project
src
pom.xml
bindings
 |-certificates
   |- type
   |- private-ca.pem

I get the following logs with error:

56035 [[1;34mINFO[m]     [creator]     Platform contents: [. bindings bindings/ca-certificates env env/BP_DEBUG env/BP_EMBED_CERTS env/BP_RUNTIME_CERT_BINDING_DISABLED]
56035 [[1;34mINFO[m]     [creator]     Platform Bindings: [{Name: ca-certificates Path: /platform/bindings/ca-certifi
56035 [[1;34mINFO[m]     [creator]     cates Type:  Provider:  Secret: []}]
56035 [[1;34mINFO[m]     [creator]     Platform Environment: map[BP_DEBUG:true BP_EMBED_CERTS:true BP_RUNTIME_CERT_BINDING_DISABLED:true]
56035 [[1;34mINFO[m]     [creator]     Stack: io.buildpacks.stacks.jammy
56035 [[1;34mINFO[m]     [creator]     Result: {Pass:true Plans:[{Provides:[{Name:watchexec}] Requires:[]}]}
56035 [[1;34mINFO[m]     [creator]     Writing build plans: /tmp/plan.2470190612/plan.toml <= {BuildPlan:{Provides:[{Name:watchexec}] Requires:[]} Or:[]}
56035 [[1;34mINFO[m]     [creator]     ======== Output: paketo-buildpacks/[email protected] ========
56035 [[1;34mINFO[m]     [creator]     failed to load bindings from '/platform/bindings': failed to read binding 'ca-certificates': missing 'type'
56035 [[1;34mINFO[m]     [creator]     ======== Output: paketo-buildpacks/[email protected] ========
56035 [[1;34mINFO[m]     [creator]     go.mod file is not present
56035 [[1;34mINFO[m]     [creator]     ======== Output: paketo-buildpacks/[email protected] ========
56035 [[1;34mINFO[m]     [creator]     failed to parse build configuration: no *.go files could be found
56035 [[1;34mINFO[m]     [creator]     ======== Output: paketo-buildpacks/[email protected] ========

Using:

mvn help:evaluate -Dexpression=project.basedir -q -DforceStdout

I know for sure that the 'bindings/certificates; folder is resolved correctly. Locally, it works just fine. On Gitlab it does not. The BP_EMBED_CERTS option does not seem to work, what am I missing?

Improve this question
5
  • since the issue is specific to Gitlab, could you somehow reproduce the issue with a public Gitlab repo with a CI definition that reproduces the issue? Commented Jul 16, 2024 at 3:46
  • The Platform contents: line shows exactly what is in your bindings folder when the buildpacks run, there is no type file which is why you get the error. I really can't say why that file does not exist, as it looks like you have it from the information shown, but ultimately its not in the container when buildpacks run so you get this error. Commented Jul 16, 2024 at 12:25
  • Keep in mind that binding paths are relative to the Docker host, not where you run the client. In many cases, those are one and the same, but in some CI systems the Docker host is different and if your bindings are on the client side and not accessible to the host, then you end up with empty directories bound into the container (because those directories don't exist on the Docker host). It is possible that's what's going on here. Commented Jul 16, 2024 at 12:28
  • @DanielMikusa Thnx, I think that is the case. That's why I hoped that the option BP_EMBED_CERTS would work, but it does not. Commented Jul 17, 2024 at 10:03
  • 1
    Yes, the embedding still occurs at build time, so it just won't have access to embed the ca certs. If you don't need the ca certs at build time, you could just leave them out and have them injected at runtime. Your app image will load ca certs at runtime too, using the same binding format. If you really need them at build time, like to download dependencies, then the other option is to create a small custom buildpack, put your CA certs in that. You can trigger ca-certs bp to load your certs that way, see github.com/paketo-buildpacks/ca-certificates/issues/… Commented Jul 17, 2024 at 17:30
Related questions
1
How to configure buildpack bindings with the spring-boot-maven-plugin?
0
Add volumes to docker image using Paketo for Spring Boot
1
How to set dependency-mapping binding in gradle bootBuildImage (Spring-boot 2.7.1, native)
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.