Description
Name and Version
bitnami/aws-cli:*
What architecture are you using?
None
What steps will reproduce the bug?
- Create a Bitbucket Pipeline with the following configuration:
image: bitnami/aws-cli
pipelines:
default:
- step:
name: Test AWS CLI
script:
- export AWS_DEFAULT_REGION=us-east-1
- export AWS_ROLE_ARN=arn:aws:iam::123456789012:role/oidc-role
- export AWS_WEB_IDENTITY_TOKEN_FILE=$(pwd)/web-identity-token
- echo $BITBUCKET_STEP_OIDC_TOKEN > $AWS_WEB_IDENTITY_TOKEN_FILE
- aws sts get-caller-identity- Commit and push the file and let the pipeline run.
- Observe that the step appears to fail silently, no output is printed.
What is the expected behavior?
The step should either:
- Succeed and print the output of
scriptblock and the expected output fromaws sts get-caller-identitycommand, or - Print an error message indicating why the step failed.
What do you see instead?
- The step fails silently.
- No output or error message is printed, making it difficult to diagnose the issue.
Additional information
-
The root cause seems to be that the
HOMEenvironment variable is set to/in the image, which is not writable by the non-root user (uid=1001). -
When I override
HOMEin the pipeline step (e.g.export HOME=/tmpin the step'sscriptblock), the step succeeds, although still no output is shown:
script:
- export HOME=/tmp
- ...
- echo $BITBUCKET_STEP_OIDC_TOKEN > $AWS_WEB_IDENTITY_TOKEN_FILE
- aws sts get-caller-identity-
If I use my custom image in the pipeline based on
bitnami/aws-cliwhere I setHOMEto a writable directory in the Dockerfile (e.g./tmp), both the pipeline/step execution and output work as expected. -
This issue seems to be related to another issue: [bitnami/aws-cli] AWS command execution fails on bitnami/aws-cli #40781
Suggested fix
Update the Dockerfile to set the HOME environment variable to a user-writable directory, as done in another Bitnami image:
Without setting HOME env variable |
After setting HOME env variable on my custom base image |
|---|---|