Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't seem to play nicely with ECR #16

Open
dhumphries-sainsburys opened this issue Jul 25, 2024 · 0 comments
Open

Doesn't seem to play nicely with ECR #16

dhumphries-sainsburys opened this issue Jul 25, 2024 · 0 comments

Comments

@dhumphries-sainsburys
Copy link

I have tried to integrate this with a test build pipeline using both remote and local methods and neither seems to work with the following error:

2024-07-25T08:15:47.455|ERRO|SCN|main.scanOnDemand: Failed to scan repository - error=Image not found registry=539613588543.dkr.ecr.eu-west-1.amazonaws.com repo=test-dan-humphries/hello-bosun tag=dd02b326
Image: 539613588543.dkr.ecr.eu-west-1.amazonaws.com/test-dan-humphries/hello-bosun:dd02b326
neuvector.scanner
jq: error (at <stdin>:4): Cannot iterate over null (null)

The workflow as it stands is setup for remote scanning and is below:

Thing to note is bosun-actions-setup handles signing into ECR for the workflow so the runner will have authenticated access to the image which i can confirm exists so the prior error seems incorrect.

name: Reusable Build

on:
  workflow_call:
    outputs:
      image-tag:
        description: The image tag to pass to the deploy job.
        value: ${{ jobs.build.outputs.short-sha }}
      app-name:
        description: The name of the app
        value: ${{ jobs.build.outputs.app-name }}
jobs:
  build:
    runs-on:
      - self-hosted
      - build
    steps:
      - uses: actions/checkout@v4
      - uses: sainsburys-tech/bosun-actions-setup@main
        name: Setup
        id: setup
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          job-name: "build / build"
      - name: Build and push
        id: buildpush
        uses: docker/build-push-action@v3
        with:
          push: true
          secrets: ${{ fromJson(steps.setup.outputs.dockerParams).secrets }}
          build-args: ${{ fromJson(steps.setup.outputs.dockerParams).build-args }}
          tags: ${{ fromJson(steps.setup.outputs.dockerParams).tags }}
          context: ${{ fromJson(steps.setup.outputs.dockerParams).context }}
      - uses: winterjung/split@v2
        id: split
        with:
          msg: ${{ fromJson(steps.setup.outputs.dockerParams).tags }}
          separator: ':'
      - uses: winterjung/split@v2
        id: split2
        with:
          msg: ${{ steps.split.outputs._0 }}
          separator: '/'
      - name: Scan Image
        uses: neuvector/scan-action@main
        with:
          image-registry: ${{ steps.split2.outputs._0 }}
          image-repository: ${{ steps.split2.outputs._1 }}/${{ steps.split2.outputs._2 }}
          image-tag: ${{ steps.split.outputs._1 }}
          debug: true
    outputs:
      short-sha: ${{ fromJson(steps.setup.outputs.buildInfo).shortTag }}
      app-name: ${{ env.BOSUN_APP }}

I'm not sure if the issue is just one of the action assuming all remote repositories are either user/pass authenticated or no-auth or if i am missing something.

As an aside it would be nice to have an option to just pass in a full image name rather than having to split it into registry/repository/tag as i have the full name but as you can see have to do some gross splitting to separate it into what you are expecting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dhumphries-sainsburys