Purpose

Docker Runner is a Bamboo feature that allows you to run builds and deployments in a Docker container. This article explains how to pull an image or push an image to the private repository using Bamboo Docker tasks when the job is configured to run inside a Docker Runner. 

Environment

The steps are tested in the following environments, but the solution will be applicable to other Bamboo versions as well:

• Bamboo Data Centre Version 9.6.1
• Docker Version 24.0.5
• Linux Remote Agent

How Bamboo Works with Docker Runner

• Bamboo starts the docker runner container for executing the job inside a Bamboo agent. 
• For every task in the job, Bamboo frames a shell script based on the task's configuration inside Bamboo Agent, which is then copied to the Docker Runner for isolated execution.
• Docker CLI tasks, dependent on the images stored in the private repository need credentials, which are stored in the ~/.docker/config.json file of the Bamboo Agents user's home directory.
• To avoid conflicts with the other running Bamboo jobs dependent on   ~/.docker/config.json file the folder gets copied to a new file in ~/.dockercfg-bamboo-<agent_UUID> folder.
• While framing the shell script for Docker tasks, Bamboo adds config parameter (--config) to the docker command with the value .dockercfg-bamboo-<agent_UUID>, which is then copied to the Docker Runner for isolated execution.
• While using a Docker Task to pull an image from a private repository, you may encounter the below error due to Docker credentials from the host machine were not passed to the Docker Runner container

error    29-Jun-2024 17:47:29    ************************************/privateRepo/TestImage:1.6: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

• The below solutions explain how to overcome this situation. 

Solution

Scenario 1: While using a remote agent

1. When configuring the Docker Runner, an additional volume needs to be added along with the default volumes ${bamboo.working.directory} and ${bamboo.tmp.directory}. So that the Docker Runner container can get access to the config.json file available in the Bamboo Remote Agent's user home directory. 
2. During Docker Runner configuration, add an additional mount volume ${system.HOME}. This way, Docker Runner can access the home directory of the Bamboo Remote Agent host machine.
3. For running the docker (Docker Task) inside the docker (Docker Runner), the Docker daemon /var/run/docker.sock also needs to be mounted.

Scenario 2:  While using Bamboo Docker Agent

1. By default, the Bamboo Agent base image bamboo-agent-base uses the home directory as /var/atlassian/application-data/bamboo-agent. 

2. When creating the Bamboo Remote Agent Container using a bamboo-agent-base image, mount the volume /var/atlassian/application-data/bamboo-agent as bind volume instead of named volume. 

   docker run -e BAMBOO_SERVER=http://bamboo.mycompany.com/agentServer/ -v /var/atlassian/application-data/bamboo-agent:/var/atlassian/application-data/bamboo-agent -v /var/run/docker.sock:/var/run/docker.sock --name="bambooAgent" --hostname="bambooAgent" -d atlassian/bamboo-agent-base

3. Configure the Docker Runner agent same as mentioned in Scenario 1.