search

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
MIT License
1.63k stars 133 forks source link

docker build fails #747

Closed bignay2000 closed 1 month ago

bignay2000 commented 1 month ago

Unable to docker build v.2.2.9 or v.2.2.8. 

admin@vmdecld01 /srv/dockersource/sbom-tool $ docker build . -t ms_sbom_tool
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

Sending build context to Docker daemon  4.165MB
Step 1/12 : FROM mcr.microsoft.com/dotnet/sdk AS build-env
 ---> 3d4b35ceef07
Step 2/12 : COPY . /app
 ---> 9bc82bd0d10d
Step 3/12 : WORKDIR /app/src/Microsoft.Sbom.Tool
 ---> Running in 7528e76c69a3
Removing intermediate container 7528e76c69a3
 ---> 5d3a11ee097a
Step 4/12 : ARG RUNTIME=linux-x64
 ---> Running in d32ea4ef6ea3
Removing intermediate container d32ea4ef6ea3
 ---> 30bf3fe4ebf9
Step 5/12 : RUN dotnet publish -f net8.0 -r $RUNTIME --self-contained true -p:DebugType=None -p:DebugSymbols=false -p:PublishSingleFile=true -p:IncludeAllContentForSelfExtract=true -o output
 ---> Running in 8ee4b9c6d41d
  Determining projects to restore...
  Restored /app/src/Microsoft.Sbom.Contracts/Microsoft.Sbom.Contracts.csproj (in 2.14 min).
  Restored /app/src/Microsoft.Sbom.Adapters/Microsoft.Sbom.Adapters.csproj (in 2.4 min).
  Restored /app/src/Microsoft.Sbom.Common/Microsoft.Sbom.Common.csproj (in 19.27 sec).
  Restored /app/src/Microsoft.Sbom.Api/Microsoft.Sbom.Api.csproj (in 21.94 sec).
  Restored /app/src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Microsoft.Sbom.Parsers.Spdx22SbomParser.csproj (in 12 ms).
/app/src/Microsoft.Sbom.Extensions/Microsoft.Sbom.Extensions.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4 [/app/src/Microsoft.Sbom.Tool/Microsoft.Sbom.Tool.csproj]
  Failed to restore /app/src/Microsoft.Sbom.Extensions/Microsoft.Sbom.Extensions.csproj (in 18 ms).
  Restored /app/src/Microsoft.Sbom.Tool/Microsoft.Sbom.Tool.csproj (in 18.73 sec).
  Restored /app/src/Microsoft.Sbom.Extensions.DependencyInjection/Microsoft.Sbom.Extensions.DependencyInjection.csproj (in 89 ms).
The command '/bin/sh -c dotnet publish -f net8.0 -r $RUNTIME --self-contained true -p:DebugType=None -p:DebugSymbols=false -p:PublishSingleFile=true -p:IncludeAllContentForSelfExtract=true -o output' returned a non-zero code: 1
admin@vmdecld01 /srv/dockersource/sbom-tool $ cat .git/HEAD
08ba73d303228eb4d92a6a5f75350d78230bca30
admin@vmdecld01 /srv/dockersource/sbom-tool $ git describe --exact-match --tags
v2.2.8
bignay2000 commented 1 month ago

Can you let me know a version that does a docker build successfully

kpb commented 1 month ago

I had this problem earlier, but it seems to be fixed in the main branch.

$ cat .git/HEAD 
ref: refs/heads/main

$ docker build . -t ms_sbom_tool
[+] Building 194.2s (15/15) FINISHED                                                                               docker:default
 => [internal] load build definition from Dockerfile                                                                         0.0s
 => => transferring dockerfile: 659B                                                                                         0.0s
 => [internal] load metadata for mcr.microsoft.com/dotnet/runtime-deps:6.0.8-bullseye-slim-amd64                             0.6s
 => [internal] load metadata for mcr.microsoft.com/dotnet/sdk:latest                                                         0.5s
 => [internal] load .dockerignore                                                                                            0.0s
 => => transferring context: 2B                                                                                              0.0s
 => [internal] load build context                                                                                            0.1s
 => => transferring context: 4.40MB                                                                                          0.1s
 => CACHED [build-env 1/4] FROM mcr.microsoft.com/dotnet/sdk:latest@sha256:ff705b99a06144190e2638f8ede64a753915df5ea27fff55  0.0s
 => [stage-1 1/5] FROM mcr.microsoft.com/dotnet/runtime-deps:6.0.8-bullseye-slim-amd64@sha256:e3c2fd4ca373facb6b0e79630a9f3  0.0s
 => CACHED [stage-1 2/5] WORKDIR /app/src/Microsoft.Sbom.Tool                                                                0.0s
 => [build-env 2/4] COPY . /app                                                                                              0.1s
 => [build-env 3/4] WORKDIR /app/src/Microsoft.Sbom.Tool                                                                     0.0s
 => [build-env 4/4] RUN dotnet publish -f net8.0 -r linux-x64 --self-contained true -p:DebugType=None -p:DebugSymbols=fals  55.0s
 => [stage-1 3/5] COPY --from=build-env /app/src/Microsoft.Sbom.Tool/output .                                                0.1s 
 => [stage-1 4/5] RUN apt update -y && apt install -y python golang nuget npm cargo ruby maven                             130.2s 
 => [stage-1 5/5] RUN useradd -ms /bin/bash sbom                                                                             0.1s 
 => exporting to image                                                                                                       7.6s 
 => => exporting layers                                                                                                      7.6s 
 => => writing image sha256:01e93426e0f72431f056283ab6d6f2451f032931c638ca59f825c953849fde7b                                 0.0s 
 => => naming to docker.io/library/ms_sbom_tool
bignay2000 commented 1 month ago

Deleted my checkout of this repo and did a clean git clone.

I was successful in building the container from the latest master.

So hopefully we can get a new minor minor release v.2.2.9.1 that contains this fix from the master branch.

DaveTryon commented 1 month ago

@bignay2000, we aren't planning on more 2.x releases, but this is fixed in the 3.0.1 release.

bignay2000 commented 3 weeks ago

Any plans to put the docker image release hosted on hub.docker.com?