Jenkinspipeline with docker build agent - Run docker container with custom user

Using Jenkins Ask a question
1

I have a .Net Console App using .Net Framework 4.7.2. We are migrating CI/CD build and deployment of this application from TeamCity to Jenkins Pipeline using jenkinsfile. I am using a windows docker image (vsbuildtools2019-16.4-managed-desktop:3.5-4.8-dotnet-framework-10.0.14393.2485) to build my application. When it comes to deployment we are using company’s internal package builder (.exe - a software which packages the application and deploys to servers).

Its limitation is that it can only be run via specific user accounts which have access to drop the final package to the deployment network shares and some further processing happens after that.

The issue i am facing is that by default the user profile which the container uses is “C:/Users/ContainerAdministrator” or when I try to find the username it gives me the <Servername$> as the name of the user. I want to run the container using a Service Account which has access to those network share. How can i achieve that ?

Below is how I am using jenkinsfile to get the container on the Jenkins Build agent :-

agent {
  docker {
    image <docker-image>
    label 'docker-win'
    reuseNode true
}
2

I’ve never used windows native docker before, but can you use -u like you can in linux?

agent {
  docker {
    image 'foo'
    args '-u Administrator'
  }
}
3

Thanks for your reply. I found this solution over the net but since my user account comes with a secure password how do I pass one to this ? That is required essentially for logging onto the Active Directory domain group over the company’s network. That is what I am struggling with.

Before posting this question I have tried things like running my command under this user using powershell like - Start-Process or Invoke-Command which takes -Credentials as a parameter along wit the name of the account. But both the commands fails with “Access-Denied” error because these command running under the user do not have access to the filesystem of the container image.

4

You might be able to use Jenkins credentials in this case. Hmm, I don’t know processing order between agent and environment… might have to step slightly outside the declarative pipeline to fetch a secret from Jenkins’ Credentials store and make it available to the agent’s args

5

I have the credentials store already fetched within jenkinsfile from the Odyssey Secrets, Can you help me with the syntax of the args as I am unable to find that in the documentation anywhere ?

For e.g. Is this correct below ? Or if it’s not then whats the correct way please.

agent {
  docker {
    image 'foo'
    args '-u Administrator password'
  }
}
6

Docker doesn’t log in. I just sets the user id of the running process.

Does providing just -u Administrator give any sort of error?

Okay some Google. Windows can work like Linux or not.

Like Linux, you’d want to add the user to your container then use that. It has no relation to base is. I’m guessing that won’t work for file transfers but might if the passwords match - dockerfile - DOCKER How do I set an password and username on docker run with an windows image? - Stack Overflow

Using Windows authentication is trickery but doable. https://artisticcheese.wordpress.com/2017/09/09/enabling-integrated-windows-authentication-in-windows-docker-container/

7

Thanks for your reply. Let me try this and see if that works.