search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
250 stars 60 forks source link

docker scout could not get the image from cache #92

Closed nautique69 closed 4 months ago

nautique69 commented 5 months ago

Running scout through GitLab CI and am getting the following ->

...Storing image for indexing ERROR Status: could not get the image ***** from cache: failed to copy image: failed to create new image source: unable to load image: could not read image: open /tmp/docker-scout/sha256/d3d42c7a4abaec6d33dd564208188cd7a43e11ff2b42e687db45117acd4bdf59/197066d1-0b96-46d8-92c9-5e3f87cda038/blobs/sha256/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820: no such file or directory, Code: 1 Cleaning up project directory and file based variables ERROR: Job failed: exit status 1

scout version=1.3.0 GitLab-runner version=16.8.0 Debian 12 100G volume with 85G free

CI code ->


  image: docker:latest
  stage: docker
  services:
    - docker:dind
  before_script:
    # Install curl and the Docker Scout CLI
    - curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- 
    - docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD  
  rules:
    - if: $CI_COMMIT_BRANCH =~ /^(master|main|development|dockerfile-update)$/ && $DOCKER_REPO
  script:
    - docker build --build-arg FONTAWESOME_TOKEN=$FONTAWESOME_TOKEN --build-arg SENTRY_AUTH_TOKEN:$SENTRY_AUTH_TOKEN -t $DOCKER_REPO:$CI_COMMIT_REF_NAME .
    - |
      if [[ $GITLAB_USER_ID != 1 ]]; then
        # Get a CVE report for the built image and fail the pipeline when critical or high CVEs are detected
        docker scout cves "$DOCKER_REPO:$CI_COMMIT_REF_NAME" --only-severity critical,high --exit-code 
      fi
    - docker push $DOCKER_REPO:$CI_COMMIT_REF_NAME```

 Before this it just used to fail at ->
 ``    ...Storing image for indexing` with exit code 1
cdupuis commented 5 months ago

Thanks for raising this @nautique69. You are hitting same issue as #90.

As a work-around, can you try setting DOCKER_SCOUT_CACHE_FORMAT=tar?

nautique69 commented 5 months ago

Added DOCKER_SCOUT_CACHE_FORMAT=tar First try ->

...Storing image for indexing
    ✓ Image stored for indexing
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit status 1

Second try (took a while !) ->

    ...Storing image for indexing
    ✓ Image stored for indexing
    ...Indexing
    ✓ Indexed 937 packages
    ✗ Detected 1 vulnerable package with 1 vulnerability
## Overview
                    │             Analyzed Image              
────────────────────┼─────────────────────────────────────────
  Target            │  *****   
    digest          │  *****                           
    platform        │ linux/amd64                             
    vulnerabilities │    0C     1H     0M     0L              
    size            │ 600 MB                                  
    packages        │ 937

I'll run some more images through in the morning.

nautique69 commented 5 months ago

So I've done a few more runs and no luck :( 

    ...Storing image for indexing
    ✓ Image stored for indexing
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit status 1

tars are being created.

cdupuis commented 4 months ago

This should be fixed in recent v1.4.1.

nautique69 commented 4 months ago

I've been testing this out and we whilst a few have worked, most of the time we're getting the following ->

oci
    ...Storing image for indexing
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit status 1

Tried cache format set to tar and oci but same results

Shivanimishakavi commented 4 months ago

Hi @cdupuis,

I'm also facing the same issue, can you help me to mitigate this.