search

anchore / ci-tools

Contains scripts for running anchore engine in CI pipelines
Apache License 2.0
34 stars 33 forks source link

anchore_ci_tools.py error /usr/bin/env: python3: No such file or directory #29

Open jeff-cook opened 4 years ago

jeff-cook commented 4 years ago

The problem

When running in GitLab CI there

$ anchore_ci_tools.py -a -r --timeout 500 --image $IMAGE_COMMIT
/usr/bin/env: python3: No such file or directory

Environment

GitLab Ci on gitlab.com

Details

Actual Behaviour

Running with gitlab-runner 12.1.0 (de7731dd)
   on test-zip-files usRsAsNe
Using Docker executor with image docker.io/anchore/inline-scan:latest ...
 Starting service docker.io/anchore/inline-scan:latest ...
 Pulling docker image docker.io/anchore/inline-scan:latest ...
 Using docker image sha256:fb97ec7e421ef4b7df63218a3a8650879727c521ecefd121a4ee2fd9f0694ffe for docker.io/anchore/inline-scan:latest ...
 Waiting for services to be up and running...
Running on runner-usRsAsNe-project-14523306-concurrent-0 via 55e872d2a5a8...
00:01
Skipping Git repository setup
00:02
 Skipping Git checkout
 Skipping Git submodules setup
$ anchore-cli system wait
 Starting checks to wait for anchore-engine to be available timeout=-1.0 interval=5.0
 API availability: Checking anchore-engine URL (http://anchore-engine:8228/v1)...
 API availability: Success.
 Service availability: Checking for service set (catalog,apiext,policy_engine,simplequeue,analyzer)...
 Service availability: Checking for service set (catalog,apiext,policy_engine,simplequeue,analyzer)...
 Service availability: Checking for service set (catalog,apiext,policy_engine,simplequeue,analyzer)...
 Service availability: Success.
 Feed sync: Checking sync completion for feed set (vulnerabilities)...
 Feed sync: Success.
 $ anchore-cli registry add "$CI_REGISTRY" gitlab-ci-token "$CI_JOB_TOKEN" --skip-validate
 Registry: registry.gitlab.com
 Name: registry.gitlab.com
 User: gitlab-ci-token
 Type: docker_v2
 Verify TLS: True
 Created: 2020-01-24T19:10:24Z
 Updated: 2020-01-24T19:10:24Z
 $ anchore_ci_tools.py -a -r --timeout 500 --image $IMAGE_COMMIT
 /usr/bin/env: python3: No such file or directory
 ERROR: Job failed: exit code 1

Expected Behaviour

How do you reproduce the error?

container_scan_service:
  stage: post_build
  variables:
    ANCHORE_CLI_URL: "http://anchore-engine:8228/v1"
    GIT_STRATEGY: none
  image: docker.io/anchore/inline-scan:latest
  services:
  - name: docker.io/anchore/inline-scan:latest
    alias: anchore-engine
    command: ["start"]

  script:
  - anchore-cli system wait
  - anchore-cli registry add "$CI_REGISTRY" gitlab-ci-token "$CI_JOB_TOKEN" --skip-validate 
  - anchore_ci_tools.py -a -r --timeout 500 --image $IMAGE_COMMIT

  artifacts:
    name: ${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}
    paths:
    - anchore-reports/*
Btodhunter commented 4 years ago

hey @jeff-cook thanks for pointing this issue out! A quick fix is to add source /opt/rh/rh-python36/enable before trying to run anchore_ci_tools.py. That gets sourced in the docker-entrypoint.sh but it looks like GitLab doesn't preserve the ENV when it shells you into the container.

jeff-cook commented 4 years ago

@Btodhunter that worked. Can we add that to /examples/gitlab/inline_scan/.gitlab-ci.yml?

Btodhunter commented 4 years ago

@jeff-cook I'm working on an update that will hopefully make that step unnecessary. I'll update the issue when it's in.