Skip to content

Maven task is outdated and generate error: Cannot run program "echo" in directory "/workspace/source" #1332

Description

@cmoulliard

Expected Behavior

A maven build of a quarkus application should not raise an error when performing

mvn package

Actual Behavior

During the execution of the maven task 0.4, we got such an error: Cannot run program "echo" (in directory "/workspace/source")

INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO]
[INFO] --- quarkus-maven-plugin:3.22.2:generate-code (default) @ my-quarkus-hello ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  47.216 s
[INFO] Finished at: 2025-05-12T08:42:37Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code (default) on project my-quarkus-hello: Execution default of goal io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code failed: Unable to load the mojo 'generate-code' (or one of its required components) from the plugin 'io.quarkus.platform:quarkus-maven-plugin:3.22.2': java.util.NoSuchElementException
[ERROR]       role: org.apache.maven.plugin.Mojo
[ERROR]   roleHint: io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
...
[ERROR] Command execution failed. java.io.IOException: Cannot run program "echo" (in directory "/workspace/source"): error=0, Failed to exec spawn helper: pid: 139, exit value: 1 at

Steps to Reproduce the Problem

Deploy the following yaml on Tekton >= 0.60

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-quarkus-hello-maven-settings
data:
  settings.xml: |
    <?xml version="1.0" encoding="UTF-8"?>
    <settings>
      <mirrors>
        <mirror>
          <id>maven.org</id>
          <name>Default mirror</name>
          <url>https://repo1.maven.org/maven2</url>
          <mirrorOf>central</mirrorOf>
        </mirror>
      </mirrors>
    </settings>
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-quarkus-hello-project-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-quarkus-hello-maven-repo-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi
  volumeMode: Filesystem
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: ls
spec:
  params:
  - description: The args to pass to ls
    name: args
    type: string
  steps:
  - image: quay.io/redhat-cop/ubi8-git:v1.0
    name: ls
    args:
    - ls $(params.args)
    command:
    - sh
    - -c
    workingDir: $(workspaces.project-dir.path)
  workspaces:
  - description: A workspace for the task
    name: project-dir
    optional: true
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: maven
  labels:
    app.kubernetes.io/version: "0.4"
  annotations:
    tekton.dev/pipelines.minVersion: "0.50.0"
    tekton.dev/categories: Build Tools
    tekton.dev/tags: build-tool
    tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
  description: >-
    This Task can be used to run a Maven build. It uses a workspace to store m2 local repo.

  workspaces:
    - name: source
      description: The workspace consisting of maven project.
    - name: maven-settings
      description: >-
        The workspace consisting of the custom maven settings
        provided by the user.
    - name: maven-local-repo
      description: Local repo (m2) workspace
      optional: true
  params:
    - name: MAVEN_IMAGE
      type: string
      description: Maven base image
      default: gcr.io/cloud-builders/mvn@sha256:57523fc43394d6d9d2414ee8d1c85ed7a13460cbb268c3cd16d28cfb3859e641 # WORKS => ghcr.io/carlossg/maven:3.9.9-eclipse-temurin-21
    - name: GOALS
      description: maven goals to run
      type: array
      default:
        - "package"
    - name: MAVEN_MIRROR_URL
      description: The Maven repository mirror url
      type: string
      default: ""
    - name: SERVER_USER
      description: The username for the server
      type: string
      default: ""
    - name: SERVER_PASSWORD
      description: The password for the server
      type: string
      default: ""
    - name: PROXY_USER
      description: The username for the proxy server
      type: string
      default: ""
    - name: PROXY_PASSWORD
      description: The password for the proxy server
      type: string
      default: ""
    - name: PROXY_PORT
      description: Port number for the proxy server
      type: string
      default: ""
    - name: PROXY_HOST
      description: Proxy server Host
      type: string
      default: ""
    - name: PROXY_NON_PROXY_HOSTS
      description: Non proxy server host
      type: string
      default: ""
    - name: PROXY_PROTOCOL
      description: Protocol for the proxy ie http or https
      type: string
      default: "http"
    - name: CONTEXT_DIR
      type: string
      description: >-
        The context directory within the repository for sources on
        which we want to execute maven goals.
      default: "."
  results:
    - description: Maven project group id
      name: group-id
      type: string
    - description: Maven project artifact id
      name: artifact-id
      type: string
    - description: version
      name: version
      type: string
  steps:
    - name: mvn-settings
      image: registry.access.redhat.com/ubi8/ubi-minimal:8.2
      script: |
        #!/usr/bin/env bash

        [[ -f $(workspaces.maven-settings.path)/settings.xml ]] && \
        echo "using existing $(workspaces.maven-settings.path)/settings.xml" && exit 0

        cat > "$(workspaces.maven-settings.path)/settings.xml" <<EOF
        <settings>
          <servers>
            <!-- The servers added here are generated from environment variables. Don't change. -->
            <!-- ### SERVER's USER INFO from ENV ### -->
          </servers>
          <mirrors>
            <!-- The mirrors added here are generated from environment variables. Don't change. -->
            <!-- ### mirrors from ENV ### -->
          </mirrors>
          <proxies>
            <!-- The proxies added here are generated from environment variables. Don't change. -->
            <!-- ### HTTP proxy from ENV ### -->
          </proxies>
        </settings>
        EOF

        xml=""
        if [ -n "$(params.PROXY_HOST)" ] && [ -n "$(params.PROXY_PORT)" ]; then
          xml="<proxy>\
            <id>genproxy</id>\
            <active>true</active>\
            <protocol>$(params.PROXY_PROTOCOL)</protocol>\
            <host>$(params.PROXY_HOST)</host>\
            <port>$(params.PROXY_PORT)</port>"
          if [ -n "$(params.PROXY_USER)" ] && [ -n "$(params.PROXY_PASSWORD)" ]; then
            xml="$xml\
                <username>$(params.PROXY_USER)</username>\
                <password>$(params.PROXY_PASSWORD)</password>"
          fi
          if [ -n "$(params.PROXY_NON_PROXY_HOSTS)" ]; then
            xml="$xml\
                <nonProxyHosts>$(params.PROXY_NON_PROXY_HOSTS)</nonProxyHosts>"
          fi
          xml="$xml\
              </proxy>"
          sed -i "s|<!-- ### HTTP proxy from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
        fi

        if [ -n "$(params.SERVER_USER)" ] && [ -n "$(params.SERVER_PASSWORD)" ]; then
          xml="<server>\
            <id>serverid</id>"
          xml="$xml\
                <username>$(params.SERVER_USER)</username>\
                <password>$(params.SERVER_PASSWORD)</password>"
          xml="$xml\
              </server>"
          sed -i "s|<!-- ### SERVER's USER INFO from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
        fi

        if [ -n "$(params.MAVEN_MIRROR_URL)" ]; then
          xml="    <mirror>\
            <id>mirror.default</id>\
            <url>$(params.MAVEN_MIRROR_URL)</url>\
            <mirrorOf>central</mirrorOf>\
          </mirror>"
          sed -i "s|<!-- ### mirrors from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
        fi

    - name: mvn-goals
      image: $(params.MAVEN_IMAGE)
      workingDir: $(workspaces.source.path)/$(params.CONTEXT_DIR)
      args: ["$(params.GOALS[*])"]
      script: |
        #!/usr/bin/env bash

        /usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml "$@" '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2'

        GROUPID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.groupId}' --non-recursive exec:exec)
        echo -n $GROUPID | tee $(results.group-id.path)
        ARTIFACTID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.artifactId}' --non-recursive exec:exec)
        echo -n $ARTIFACTID | tee $(results.artifact-id.path)
        VERSION=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        echo -n $VERSION | tee $(results.version.path)

---
apiVersion: tekton.dev/v1
kind: Task
metadata:
  annotations:
    tekton.dev/pipelines.minVersion: 0.12.1
    tekton.dev/tags: "image-build, appstudio, hacbs"
    argocd.argoproj.io/sync-wave: "0"
  labels:
    app.kubernetes.io/version: "0.1"
    build.appstudio.redhat.com/build_type: docker
  name: buildah
spec:
  description: |-
    Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.
    In addition it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.
    When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
    When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
  params:
  - description: Reference of the image buildah will produce.
    name: IMAGE
    type: string
  - default: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
    description: The location of the buildah builder image.
    name: BUILDER_IMAGE
    type: string
  - default: src/main/docker/Dockerfile.jvm
    description: Path to the Dockerfile to build.
    name: DOCKERFILE
    type: string
  - default: "."
    description: Path to the directory to use as context.
    name: CONTEXT
    type: string
  - default: "true"
    description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
    name: TLSVERIFY
    type: string
  - default: ""
    description: default path of the registry authentication file
    name: REGISTRY_AUTH_PATH
    type: string
  - default: "false"
    description: Determines if build will be executed without network access.
    name: HERMETIC
    type: string
  - default: ""
    description: "In case it is not empty, the prefetched content should be made available to the build."
    name: PREFETCH_INPUT
    type: string
  - default: ""
    description: "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively."
    name: IMAGE_EXPIRES_AFTER
    type: string
  - default: ""
    description: The image is built from this commit.
    name: COMMIT_SHA
    type: string
  results:
  - description: Digest of the image just built
    name: IMAGE_DIGEST
  - description: Image repository where the built image was pushed
    name: IMAGE_URL
  - description: Digests of the base images used for build
    name: BASE_IMAGES_DIGESTS
  - description: The counting of Java components by publisher in JSON format
    name: SBOM_JAVA_COMPONENTS_COUNT
    type: string
  - description: The Java dependencies that came from community sources such as Maven central.
    name: JAVA_COMMUNITY_DEPENDENCIES
  stepTemplate:
    env:
    - name: BUILDAH_FORMAT
      value: oci
    - name: STORAGE_DRIVER
      value: vfs
    - name: HERMETIC
      value: $(params.HERMETIC)
    - name: PREFETCH_INPUT
      value: $(params.PREFETCH_INPUT)
    - name: CONTEXT
      value: $(params.CONTEXT)
    - name: DOCKERFILE
      value: $(params.DOCKERFILE)
    - name: REGISTRY_AUTH_FILE
      value: $(params.REGISTRY_AUTH_PATH)/config.json
    - name: DOCKER_CONFIG
      value: $(params.REGISTRY_AUTH_PATH)
    - name: IMAGE
      value: $(params.IMAGE)
    - name: TLSVERIFY
      value: $(params.TLSVERIFY)
    - name: IMAGE_EXPIRES_AFTER
      value: $(params.IMAGE_EXPIRES_AFTER)
  steps:
  - computeResources:
      limits:
        memory: 4Gi
      requests:
        memory: 512Mi
        cpu: 250m
    env:
    - name: COMMIT_SHA
      value: $(params.COMMIT_SHA)
    image: $(params.BUILDER_IMAGE)
    name: build
    script: |
      # We don't mount the code source (= project git cloned) under ./source but ./ !
      SOURCE_CODE_DIR=.

      if [ -e "$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE" ]; then
        dockerfile_path="$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE"
      elif [ -e "$SOURCE_CODE_DIR/$DOCKERFILE" ]; then
        dockerfile_path="$SOURCE_CODE_DIR/$DOCKERFILE"
      elif echo "$DOCKERFILE" | grep -q "^https\?://"; then
        echo "Fetch Dockerfile from $DOCKERFILE"
        dockerfile_path=$(mktemp --suffix=-Dockerfile)
        http_code=$(curl -s -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
        if [ $http_code != 200 ]; then
          echo "No Dockerfile is fetched. Server responds $http_code"
          exit 1
        fi
        http_code=$(curl -s -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
        if [ $http_code = 200 ]; then
          echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
          mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
        fi
      else
        echo "Cannot find Dockerfile $DOCKERFILE"
        exit 1
      fi
      if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
        sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
        touch /var/lib/containers/java
      fi

      # Fixing group permission on /var/lib/containers
      chown root:root /var/lib/containers

      sed -i 's/^\s*short-name-mode\s*=\s*.*/short-name-mode = "disabled"/' /etc/containers/registries.conf

      # Setting new namespace to run buildah - 2^32-2
      echo 'root:1:4294967294' | tee -a /etc/subuid >> /etc/subgid

      if [ "${HERMETIC}" == "true" ]; then
        BUILDAH_ARGS="--pull=never"
        UNSHARE_ARGS="--net"
        for image in $(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}'); do
          if [ "${image}" != "scratch" ]; then
            unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
          fi
        done
        echo "Build will be executed with network isolation"
      fi

      if [ -n "${PREFETCH_INPUT}" ]; then
        cp -r cachi2 /tmp/
        chmod -R go+rwX /tmp/cachi2
        VOLUME_MOUNTS="--volume /tmp/cachi2:/cachi2"
        sed -i 's|^\s*run |RUN . /cachi2/cachi2.env \&\& \\\n    |i' "$dockerfile_path"
        echo "Prefetched content will be made available"
      fi

      LABELS=(
        "--label" "build-date=$(date -u +'%Y-%m-%dT%H:%M:%S')"
        "--label" "architecture=$(uname -m)"
        "--label" "vcs-type=git"
      )
      [ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
      [ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")

      unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah build \
        $VOLUME_MOUNTS \
        $BUILDAH_ARGS \
        ${LABELS[@]} \
        --tls-verify=$TLSVERIFY --no-cache \
        --ulimit nofile=4096:4096 \
        -f "$dockerfile_path" -t $IMAGE $SOURCE_CODE_DIR/$CONTEXT

      container=$(buildah from --pull-never $IMAGE)
      buildah mount $container | tee /workspace/container_path
      echo $container > /workspace/container_name

      # Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later
      if [ -n "${PREFETCH_INPUT}" ]; then
        cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
      fi

      # Expose base image digests
      buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' | grep -v $IMAGE > $(results.BASE_IMAGES_DIGESTS.path)
    securityContext:
      capabilities:
        add:
        - SETFCAP
      privileged: true
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
    workingDir: $(workspaces.project-dir.path)
  - image: quay.io/redhat-appstudio/syft:v0.98.0@sha256:4d3856e6a2622700b9a9d5d74d9aaf5d8a55671653f80bf6c636677658680ede
    name: sbom-syft-generate
    script: |
      syft dir:$(workspaces.project-dir.path)/$SOURCE_CODE_DIR --output cyclonedx-json=$(workspaces.project-dir.path)/sbom-source.json
      find $(cat /workspace/container_path) -xtype l -delete
      syft dir:$(cat /workspace/container_path) --output cyclonedx-json=$(workspaces.project-dir.path)/sbom-image.json
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
  - image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
    name: analyse-dependencies-java-sbom
    script: |
      if [ -f /var/lib/containers/java ]; then
        /opt/jboss/container/java/run/run-java.sh analyse-dependencies path $(cat /workspace/container_path) -s $(workspaces.project-dir.path)/sbom-image.json --task-run-name $(context.taskRun.name) --publishers $(results.SBOM_JAVA_COMPONENTS_COUNT.path)
        sed -i 's/^/ /' $(results.SBOM_JAVA_COMPONENTS_COUNT.path) # Workaround for SRVKP-2875
      else
        touch $(results.JAVA_COMMUNITY_DEPENDENCIES.path)
      fi
    securityContext:
      runAsUser: 0
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
  - image: registry.access.redhat.com/ubi9/python-39:1-158@sha256:967000729b17efdea309e297f4b1961c38b902a1ef18f6d886b8086c2a12f01f
    name: merge-syft-sboms
    script: |
      #!/bin/python3
      import json

      # load SBOMs
      with open("./sbom-image.json") as f:
        image_sbom = json.load(f)

      with open("./sbom-source.json") as f:
        source_sbom = json.load(f)

      # fetch unique components from available SBOMs
      def get_identifier(component):
        return component["name"] + '@' + component.get("version", "")

      image_sbom_components = image_sbom.get("components", [])
      existing_components = [get_identifier(component) for component in image_sbom_components]

      source_sbom_components = source_sbom.get("components", [])
      for component in source_sbom_components:
        if get_identifier(component) not in existing_components:
          image_sbom_components.append(component)
          existing_components.append(get_identifier(component))

      image_sbom_components.sort(key=lambda c: get_identifier(c))

      # write the CycloneDX unified SBOM
      with open("./sbom-cyclonedx.json", "w") as f:
        json.dump(image_sbom, f, indent=4)
    securityContext:
      runAsUser: 0
    workingDir: $(workspaces.project-dir.path)
  - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef
    name: merge-cachi2-sbom
    script: |
      if [ -n "${PREFETCH_INPUT}" ]; then
        echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json"
        /src/utils/merge_syft_sbom.py sbom-cachi2.json sbom-cyclonedx.json > sbom-temp.json
        mv sbom-temp.json sbom-cyclonedx.json
      else
        echo "Skipping step since no Cachi2 SBOM was produced"
      fi
    securityContext:
      runAsUser: 0
    workingDir: $(workspaces.project-dir.path)
  - image: registry.access.redhat.com/ubi9/python-39:1-158@sha256:967000729b17efdea309e297f4b1961c38b902a1ef18f6d886b8086c2a12f01f
    name: create-purl-sbom
    script: |
      #!/bin/python3
      import json

      with open("./sbom-cyclonedx.json") as f:
        cyclonedx_sbom = json.load(f)

      purls = [{"purl": component["purl"]} for component in cyclonedx_sbom.get("components", []) if "purl" in component]
      purl_content = {"image_contents": {"dependencies": purls}}

      with open("sbom-purl.json", "w") as output_file:
        json.dump(purl_content, output_file, indent=4)
    securityContext:
      runAsUser: 0
    workingDir: $(workspaces.project-dir.path)
  - computeResources: {}
    image: $(params.BUILDER_IMAGE)
    name: inject-sbom-and-push
    script: |
      base_image_name=$(buildah inspect --format '{{ .Name }}:{{ .Tag }}' $IMAGE | cut -f1 -d'@')
      base_image_digest=$(buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image")
      container=$(buildah from --pull-never $IMAGE)
      buildah copy $container sbom-cyclonedx.json sbom-purl.json /root/buildinfo/content_manifests/
      buildah config -a org.opencontainers.image.base.name=${base_image_name} -a org.opencontainers.image.base.digest=${base_image_digest} $container
      buildah commit $container $IMAGE

      status=-1
      max_run=5
      sleep_sec=10
      for run in $(seq 1 $max_run); do
        status=0
        [ "$run" -gt 1 ] && sleep $sleep_sec
        echo "Pushing sbom image to registry"
        buildah push \
          --tls-verify=$TLSVERIFY \
          --digestfile $(workspaces.project-dir.path)/image-digest $IMAGE \
          docker://$IMAGE && break || status=$?
      done
      if [ "$status" -ne 0 ]; then
          echo "Failed to push sbom image to registry after ${max_run} tries"
          exit 1
      fi

      cat "$(workspaces.project-dir.path)"/image-digest | tee $(results.IMAGE_DIGEST.path)
      echo -n "$IMAGE" | tee $(results.IMAGE_URL.path)
    securityContext:
      capabilities:
        add:
        - SETFCAP
      runAsUser: 0
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
    workingDir: $(workspaces.project-dir.path)
  - args:
    - attach
    - sbom
    - --sbom
    - sbom-cyclonedx.json
    - --allow-insecure-registry=true
    - --type
    - cyclonedx
    - $(params.IMAGE)
    image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
    name: upload-sbom
    workingDir: $(workspaces.project-dir.path)
  volumes:
  - emptyDir: {}
    name: varlibcontainers
  workspaces:
  - description: Workspace containing the source code to build.
    name: project-dir
  - description: Workspace containing the registry credentials
    name: dockerconfig-secret
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
  name: build-test-push
spec:
  params:
  - description: url of the git repository to clone
    name: url
    type: string
  - default: src/main/docker/Dockerfile.jvm
    description: Path to the dockerfile within the project cloned
    name: dockerfile
    type: string
  - description: Fully Qualified Output Image
    name: output-image
    type: string
  - default: "false"
    description: A boolean indicating whether we would like to perform a quarkus native build
    name: native
    type: string
  - default: "false"
    description: A boolean indicating whether we would like to execute a task
    name: debug
    type: string
  - default: "true"
    description: boolean which allows to deploy the application on the cluster with the generated resources
    name: deploy
    type: string
  - description: Maven goals
    name: mavenGoals
    type: array
  - default: "true"
    description: "boolean allowing to verify the TLS certificate during task execution like git clone, image push to a registry, etc"
    name: sslVerify
    type: string
  tasks:
  - name: git-clone
    params:
    - name: url
      value: $(params.url)
    - name: sslVerify
      value: $(params.sslVerify)
    taskRef:
      resolver: git
      params:
      - name: url
        value: https://github.com/tektoncd/catalog.git
      - name: revision
        value: main
      - name: pathInRepo
        value: task/git-clone/0.6/git-clone.yaml
    workspaces:
    - name: output # PREVIOUSLY => project-dir
      workspace: project-dir
  - name: ls
    runAfter:
      - git-clone
    taskRef:
      name: ls
    params:
      - name: args
        value: "-la"
    workspaces:
      - name: project-dir
        workspace: project-dir

  - name: maven-package
    params:
    - name: DOCKER_CONFIG
      value: $(workspaces.dockerconfig.path)/config.json
    - name: GOALS
      value:
      - "$(params.mavenGoals[*])"
    runAfter:
      - ls
    taskRef:
      name: maven
      #resolver: git
      #params:
      #  - name: url
      #    value: https://github.com/tektoncd/catalog.git
      #  - name: revision
      #    value: main
      #  - name: pathInRepo
      #    value: task/maven/0.4/maven.yaml
    workspaces:
    - name: maven-settings
      workspace: maven-settings
    - name: source # previously => project-dir
      workspace: project-dir
    - name: maven-local-repo
      workspace: maven-repo-dir

  - name: buildah-image
    params:
    - name: IMAGE
      value: $(params.output-image)
    - name: DOCKERFILE
      value: $(params.dockerfile)
    - name: TLSVERIFY
      value: $(params.sslVerify)
    - name: REGISTRY_AUTH_PATH
      value: $(workspaces.dockerconfig-secret.path)
    runAfter:
    - maven-package
    taskRef:
      name: buildah
    workspaces:
    - name: project-dir
      workspace: project-dir
    - name: dockerconfig-secret
      workspace: dockerconfig-secret
  workspaces:
  - name: project-dir
  - name: maven-repo-dir
  - name: maven-settings
  - name: dockerconfig-secret
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
  name: my-quarkus-hello-run
spec:
  pipelineRef:
    name: build-test-push
  # MANDATORY PARAMS ADDED
  params:
    - name: url
      value: https://gitea.cnoe.localtest.me:8443/quarkus/my-quarkus-hello.git
    - name: output-image
      value: gitea.cnoe.localtest.me:8443/giteaadmin/my-quarkus-hello
    - name: sslVerify
      value: false
    - name: mavenGoals
      value:
        - -Dquarkus.container-image.image=gitea.cnoe.localtest.me:8443/quarkus/my-quarkus-app
        - package
  workspaces:
  - # CHANGED empty to persistentVolumeClaim and bind it to the corresponding claim name
    persistentVolumeClaim:
      claimName: my-quarkus-hello-project-pvc
    name: project-dir
  - # CHANGED empty to persistentVolumeClaim and bind it to the corresponding claim name
    persistentVolumeClaim:
      claimName: my-quarkus-hello-maven-repo-pvc
    name: maven-repo-dir
  - # CHANGED empty to persistentVolumeClaim and bind it to the corresponding configMap name
    configMap:
      name: my-quarkus-hello-maven-settings
    name: maven-settings
  - # CHANGED empty to persistentVolumeClaim and bind it to the corresponding secret name
    secret:
      secretName: dockerconfig-secret
    name: dockerconfig-secret

Additional Info

The error is not longer there using as image: ghcr.io/carlossg/maven:3.9.9-eclipse-temurin-21

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions