/entrypoint.sh: line 212: unexpected EOF while looking for matching `"'

[aitrics-ray]

Hello. I added docker image scan from git action to my CI course, but sometimes I get

/entrypoint.sh: line 212: unexpected EOF while looking for matching `"' 

error.

      - name: Scan the docker that is the tag.
        if: ${{ github.ref_type == 'tag' }}
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.environment || 'dev' }}/vc-backend:${{ needs.get-image-tag.outputs.image_tag }}
          format: 'json'
          scan-type: image
          severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
          output: vc-backend.json
        env:
          AWS_DEFAULT_REGION: ap-northeast-2

[nicolargo]

Also reproduced on my pipeline:

0s
Run aquasecurity/trivy-action@master
/usr/bin/docker run --name b5d4574f422b560fc4ec7bca065ce9277da71_414fe0 --label 1b5d45 --workdir /github/workspace --rm -e "INPUT_SCAN-TYPE" -e "INPUT_IGNORE-UNFIXED" -e "INPUT_FORMAT" -e "INPUT_OUTPUT" -e "INPUT_SEVERITY" -e "INPUT_IMAGE-REF" -e "INPUT_INPUT" -e "INPUT_SCAN-REF" -e "INPUT_EXIT-CODE" -e "INPUT_VULN-TYPE" -e "INPUT_TEMPLATE" -e "INPUT_SKIP-DIRS" -e "INPUT_SKIP-FILES" -e "INPUT_CACHE-DIR" -e "INPUT_TIMEOUT" -e "INPUT_IGNORE-POLICY" -e "INPUT_HIDE-PROGRESS" -e "INPUT_LIST-ALL-PKGS" -e "INPUT_SCANNERS" -e "INPUT_TRIVYIGNORES" -e "INPUT_ARTIFACT-TYPE" -e "INPUT_GITHUB-PAT" -e "INPUT_TRIVY-CONFIG" -e "INPUT_TF-VARS" -e "INPUT_LIMIT-SEVERITIES-FOR-SARIF" -e "INPUT_DOCKER-HOST" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/glances/glances":"/github/workspace" 1b5d45:74f422b560fc4ec7bca065ce9277da71  "-a fs" "-b sarif" "-c " "-d " "-e true" "-f os,library" "-g CRITICAL" "-h trivy-results.sarif" "-i " "-j ." "-k " "-l " "-m " "-n " "-o " "-p " "-q " "-r false" "-s " "-t " "-u " "-v " "-x " "-z " "-y "
/entrypoint.sh: line 212: unexpected EOF while looking for matching `"'

Unatended char " in the last commit: https://github.com/aquasecurity/trivy-action/commit/ee6a4f5af1dbe22ccc11905a61abd2db301d532c

Please revert @arairyus

[r4jeshwar]

We are also facing the issue on github action while scanning the source code

/entrypoint.sh: line 212: unexpected EOF while looking for matching `"'

[RClaudiuM]

I'm facing the same issue since this morning. Any updates on this?

[adamwrobel-ext-gd]

I think the pipeline didnt build the fixed image. Our CI/CD is also broken by this.

[prabhu-karni]

suddenly the pipeline started failing because of the /entrypoint.sh: line 212: unexpected EOF while looking for matching `"' this error

[simar7]

Sorry about that. I've reverted the last commit. https://github.com/aquasecurity/trivy-action/commit/7088d18dcb87884bc7b5a4000d5517d758e9aa13

It might be a good idea to pin to a release (instead of latest) to avoid such breakages in the future.

[AkselAllas]

It might be a good idea to pin to a release (instead of latest) to avoid such breakages in the future

@simar7 This repo's README points everyone to use master. As long as this is the case, then master always needs to be fully stable.

This PR should have failed via an automated test. Such a mistake going to master just wasted a lot of time for a lot people.

[AkselAllas]

In SRE terms this was an incident since it caused an outage for your clients (devs). And all incidents need to be analyzed in regards to what action items need to be implemented so that we can automatically avoid the same kind of thing from happening in the future.