Jenkins sh comman gets stuck

CI/CD Jenkins
#1

Hi

sh command inside the Jenkinsfile is stuck. Here is the content:

pipeline {
    agent {
        docker {
            image 'my-maven-aws-cli'
            args "-u jenkins"
        }
    }
    
    stages {
        stage('Build') {
            steps {
                echo "hi"
                sh 'id'
            }
        }
    }
}

I created this my-maven-aws-cli image using the following Dockerfile:

# Base Maven image
FROM maven:3.9.9-eclipse-temurin-21

USER root

# Create a jenkins user and group
ARG USER_ID=1001
ARG GROUP_ID=1001


RUN groupadd -g $GROUP_ID jenkins \
    && useradd -m -u $USER_ID -g jenkins jenkins

# Install dependencies for AWS CLI
RUN apt-get update && \
    apt-get install -y unzip curl ca-certificates  && \
    rm -rf /var/lib/apt/lists/*

# Install AWS CLI v2
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" && \
    unzip /tmp/awscliv2.zip -d /tmp && \
    /tmp/aws/install && \
    rm -rf /tmp/awscliv2.zip /tmp/aws


# Install Docker CLI using your commands
RUN mkdir -p /etc/apt/keyrings && \
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \
    chmod a+r /etc/apt/keyrings/docker.asc && \
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
    apt-get update && \
    apt-get install -y docker-ce-cli && \
    rm -rf /var/lib/apt/lists/*

If I change args to args "-u root", then it starts working. Why it is not executing with jenkins user.

Thanks

#2

I built your image and tried to run it – it immediately exits. I don’t think what you’re doing is valid, is the problem. The container logs look like this:

 docker container logs c5425a94419f1a9f
OpenJDK 64-Bit Server VM warning: Unable to get SVE vector length on this system. Disabling SVE. Specify -XX:UseSVE=0 to shun this warning.
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.035 s
[INFO] Finished at: 2025-10-12T19:23:21Z
[INFO] ------------------------------------------------------------------------
[ERROR] No goals have been specified for this build. You must specify a valid lifecycle phase or a goal in the format <plugin-prefix>:<goal> or <plugin-group-id>:<plugin-artifact-id>[:<plugin-version>]:<goal>. Available lifecycle phases are: pre-clean, clean, post-clean, validate, initialize, generate-sources, process-sources, generate-resources, process-resources, compile, process-classes, generate-test-sources, process-test-sources, generate-test-resources, process-test-resources, test-compile, process-test-classes, test, prepare-package, package, pre-integration-test, integration-test, post-integration-test, verify, install, deploy, pre-site, site, post-site, site-deploy. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/NoGoalSpecifiedException
#3

OK, apparently the docker agent doesn’t need to be persistent. I observe that -u jenkins does not work with sh; can’t really tell you why. You may want to look at the Jenkins log to see if your output indicates what’s going on both in the -u jenkins and -u root cases.

#4

I’ve done a bit on analysis on this, and my suspicious is that the mvn base image you’re using does not like running as non-root, based on errors I see when doing exec for various tasks on the image. So a couple of questions for you:

  • Why that base image?
  • Why try to run it as user jenkins?