aspire deploy - Permission denied in Azure Pipelines #14523
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
There seems to be a permission issue when running aspire deploy where docker is trying to do something with a temporary mount that the Hosted Agent in Azure Pipelines is restricting permissions on. I tried to mess around with the docker setup prior to calling aspire deploy, but, no luck. It's hard to tell if this is a limitation of the Hosted Agents we use internally or not. For reference, this is what I'd tried.
Mind you, this was something copilot suggested, which again, produced the same result anyway.
- task: PowerShell@2
displayName: Configure Docker for Azure DevOps
inputs:
targetType: 'inline'
pwsh: true
script: |
Write-Host "Configuring Docker buildx..."
docker buildx create --use --name=aspire-builder --driver=docker-container 2>$null || docker buildx use aspire-builder
docker buildx inspect --bootstrap
Write-Host "Docker buildx configured"Expected Behavior
Docker should be able to build the images without issue and deploy.
Steps To Reproduce
On the surface, make a super simple aspire start project and try to deploy it from Azure Pipelines with something like:
- task: AzureCLI@2
displayName: 'Deploy with Aspire CLI'
inputs:
azureSubscription: ${{ parameters.azureSubscription }}
scriptType: pscore
scriptLocation: 'inlineScript'
workingDirectory: $(Build.SourcesDirectory)
inlineScript: |
$env:PATH = "$HOME/.aspire/bin:$env:PATH" # -- This is another issue where installing the CLI doesn't seem to update the env path correctly on the build agent
aspire deploy --log-level debug
env:
Azure__SubscriptionId: ***************************
Azure__Location: ${{ lower(parameters.region) }}
Azure__ResourceGroup: ${{ lower(parameters.resourceGroupName) }}Exceptions (if any)
14:37:36 (provision-aspire-env) i [DBG] Resource aspire-env/aspire-env changed
state: Compiling ARM template -> Creating ARM Deployment
14:37:36 (provision-aspire-env) i [DBG] Starting deployment of resource
aspire-env to resource group rg-ui-westus3
14:37:36 (build-backend) i [DBG] docker buildx (stderr): #0 building with
"aspire-builder" instance using docker-container driver
14:37:36 (build-backend) i [DBG] docker buildx (stderr): #1 [internal] load
build definition from tmpFqlT1t.tmp
14:37:36 (build-backend) i [DBG] docker buildx (stderr): #1 transferring
dockerfile: 53B 0.0s done
14:37:36 (build-backend) i [DBG] docker buildx (stderr): #1 ERROR: error from
sender: lstat /tmp/.mount_azsec-KdAJKO: permission denied
14:37:36 (build-backend) i [DBG] docker buildx (stderr): ------
14:37:36 (build-backend) i [DBG] docker buildx (stderr): > [internal] load
build definition from tmpFqlT1t.tmp:
14:37:36 (build-backend) i [DBG] docker buildx (stderr): ------
14:37:36 (build-backend) i [DBG] docker buildx (stderr): WARNING: No output
specified with docker-container driver. Build result will only remain in the
build cache. To push result image into registry use --push or to load image into
docker use --load
14:37:36 (build-backend) i [DBG] docker buildx (stderr): ERROR: failed to build:
failed to solve: failed to read dockerfile: error from sender: lstat
/tmp/.mount_azsec-KdAJKO: permission denied
14:37:36 (build-backend) ✗ [ERR] docker buildx for backend failed with exit code
1.
14:37:36 (build-backend) i [DBG] Failed build - temporary Dockerfile left at
/tmp/tmpFqlT1t.tmp for debugging
.NET Version info
10
Anything else?
No response