search

alexjurkiewicz / ecr-scan-image

Github Action to run AWS ECR vulnerability scan on Docker image
MIT License
28 stars 23 forks source link

General HTTP proxy support #11

Closed donovanmuller closed 3 years ago

donovanmuller commented 3 years ago

Using this action in a corporate environment that mandates an HTTP proxy is currently not possible. Both from an action build and making the ECR.* calls perspective.

See below for a build error example:

Build container for action use: '/runner/_work/_actions/alexjurkiewicz/ecr-scan-image/v1.5.0/Dockerfile'.
  /usr/local/bin/docker build -t 60e226:38f07414663140b39b81e3849026b1d6 -f "/runner/_work/_actions/alexjurkiewicz/ecr-scan-image/v1.5.0/Dockerfile" "/runner/_work/_actions/alexjurkiewicz/ecr-scan-image/v1.5.0"
  Sending build context to Docker daemon  17.92kB

  Step 1/5 : FROM node:12-alpine as builder
  12-alpine: Pulling from library/node
  ddad3d7c1e96: Pulling fs layer
  3a8370f05d5d: Pulling fs layer
  71a8563b7fea: Pulling fs layer
  119c7e14957d: Pulling fs layer
  119c7e14957d: Waiting
  ddad3d7c1e96: Verifying Checksum
  ddad3d7c1e96: Download complete
  71a8563b7fea: Verifying Checksum
  71a8563b7fea: Download complete
  3a8370f05d5d: Verifying Checksum
  3a8370f05d5d: Download complete
  ddad3d7c1e96: Pull complete
  119c7e14957d: Verifying Checksum
  119c7e14957d: Download complete
  3a8370f05d5d: Pull complete
  71a8563b7fea: Pull complete
  119c7e14957d: Pull complete
  Digest: sha256:9923c9efb13cf7535f67e49b03010f0977a800068e4c8e0e2c93433a6bfa1e77
  Status: Downloaded newer image for node:12-alpine
   ---> deeae3752431
  Step 2/5 : COPY package.json package-lock.json /
   ---> 1e3fc88a0051
  Step 3/5 : RUN npm install
   ---> Running in 9fed180666ba
  npm ERR! code ETIMEDOUT
  npm ERR! errno ETIMEDOUT
  npm ERR! network request to registry.npmjs.org/events/-/events-1.1.1.tgz failed, reason: connect ETIMEDOUT 104.16.19.35:443
  npm ERR! network This is a problem related to network connectivity.
  npm ERR! network In most cases you are behind a proxy or have bad network settings.
  npm ERR! network 
  npm ERR! network If you are behind a proxy, please make sure that the
  npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

  npm ERR! A complete log of this run can be found in:
  npm ERR!     /root/.npm/_logs/2021-05-17T12_11_52_408Z-debug.log
  The command '/bin/sh -c npm install' returned a non-zero code: 1

Ideally, we could use a pre-built image that doesn't require a npm install and the ECR.* calls supported using a HTTP proxy.

donovanmuller commented 3 years ago

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/node-configuring-proxies.html

alexjurkiewicz commented 3 years ago

I won't implement this myself but I'll accept a PR which does.