search

anchore / grype

A vulnerability scanner for container images and filesystems
Apache License 2.0
8.17k stars 528 forks source link

Add skopeo to managed utilities #1915

Closed wagoodman closed 4 weeks ago

wagoodman commented 1 month ago

When trouble shooting an issue in another PR https://github.com/hibare/grype/actions/runs/9402939074/job/25898220305 I found that there were utilities being referenced in legacy locations. It seems that skopeo was missed when porting the tool management approach and the cache was busted, revealing the issue:

task: [integration] go test -v ./test/integration
=== RUN   TestCompareSBOMInputToLibResults
    utils_test.go:42: Cache miss for image anchore/test_images:vulnerabilities-alpine; copying to archive at /home/runner/work/grype/grype/test/integration/test-fixtures/cache/anchore-test_images-vulnerabilities-alpine.tar
    utils_test.go:68: fork/exec /home/runner/work/grype/grype/.tmp/skopeo: no such file or directory

This PR adds skopeo as a managed tool and updates the test util code to reference the new location.

spiffcs commented 1 month ago

@wagoodman it looks like installing skopeo this way leads to a bootstrap error - Their install process seems to be a bit more complex than just running go install

Install/Build skopeo from Source

wagoodman commented 1 month ago

I think I need to set:

CGO_ENABLED=0 GO_DYN_FLAGS=""

I'll get a binny enhancement going to allow for env vars