docker容器内不能运行声纳扫描仪:权限被拒绝
我正在尝试构build一个自定义的Docker镜像,用于CI目的(bitbucketpipe道)。 在构build和testing我的代码之后,我希望能用sonarqube进行一些分析。
在我的自定义图像上,我试图安装声纳扫描仪,所以当在容器中它将被执行。 但是,在容器内(无论是在bitbucket或我的本地机器),它失败,这个错误:
/sonar-scanner-2.8/bin/sonar-scanner: 108: exec: : Permission denied 我已经尝试了许多不同的方式来设置扫描器目录的权限和所有权,但没有任何工作。
更令人吃惊的是,即使在使用flash --privileged=true运行容器时,我仍然得到相同的错误。
我在Docker基础上丢失了什么?
这是我的Dockerfile的最后一个版本:
# Pull base image. FROM node:6 LABEL maintainer "Gabriel Araujo <contact@gbiel.com>" ENV SONAR_SCANNER_VERSION 2.8 ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION} ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME} ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin ENV WORKDIR /home/workspace # Define working directory. WORKDIR ${WORKDIR} # Install dependencies RUN apt-get -yqq update && \ apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \ npm install -g gulp bower && \ npm cache clean && \ apt-get -yqq autoremove && \ apt-get -yqq clean && \ rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/* # Allow root for bower RUN echo '{ "allow_root": true }' > /root/.bowerrc # Download sonar RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \ unzip ${SONAR_SCANNER_PACKAGE} -d /home && \ rm ${SONAR_SCANNER_PACKAGE} RUN addgroup sonar && \ useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \ chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \ chown -R sonar:sonar ${WORKDIR} USER sonar
Java 8需要首先安装,因为声纳扫描仪需要它。 我已经将它添加到您的Dockerfile。 需要从jessie backports安装。
您可能应该将我的添加到您现有的Install dependencies部分
# Pull base image. FROM node:6 LABEL maintainer "Gabriel Araujo <contact@gbiel.com>" ENV SONAR_SCANNER_VERSION 2.8 ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION} ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME} ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin ENV WORKDIR /home/workspace # Define working directory. WORKDIR ${WORKDIR} # Install OpenJDK 8 RUN echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list && \ apt-get update && \ apt-get install -y -t jessie-backports openjdk-8-jre-headless ca-certificates-java # Install dependencies RUN apt-get -yqq update && \ apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \ npm install -g gulp bower && \ npm cache clean && \ apt-get -yqq autoremove && \ apt-get -yqq clean && \ rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/* # Allow root for bower RUN echo '{ "allow_root": true }' > /root/.bowerrc # Download sonar RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \ unzip ${SONAR_SCANNER_PACKAGE} -d /home && \ rm ${SONAR_SCANNER_PACKAGE} RUN addgroup sonar && \ useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \ chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \ chown -R sonar:sonar ${WORKDIR} USER sonar
现在它应该工作:
docker build -t sonar-test . docker run -it --rm sonar-test /home/sonar-scanner-2.8/bin/sonar-scanner --help INFO: INFO: usage: sonar-scanner [options] INFO: INFO: Options: INFO: -D,--define <arg> Define property INFO: -h,--help Display help information INFO: -v,--version Display version information INFO: -X,--debug Produce execution debug output INFO: -i,--interactive Run interactively