Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown #415

Open
Dr-DevOps opened this issue Oct 15, 2024 · 4 comments

Comments

@Dr-DevOps
Copy link
Contributor

Dr-DevOps commented Oct 15, 2024

  - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: '***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:${{ github.sha }}'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
          format: 'table'
          scanners: 'vuln,config'

I have written the above code on my GHA.
I am running GHA self-managed.
Earlier Action was running fine, but for the last week, it has kept failing.
EKS Version 1.28

Error Log-

Run aquasecurity/setup-trivy@v0.1.0
Run lowercase_repo=$(echo "Linux" | tr '[:upper:]' '[:lower:]')
  lowercase_repo=$(echo "Linux" | tr '[:upper:]' '[:lower:]')
  echo "PLATFORM=${lowercase_repo}" >> $GITHUB_OUTPUT
  shell: bash --noprofile --norc -e -o pipefail {0}
  env:
    AWS_DEFAULT_REGION: ap-southeast-1
    AWS_REGION: ap-southeast-1
    AWS_ACCESS_KEY_ID: ***
    AWS_SECRET_ACCESS_KEY: ***
    AWS_SESSION_TOKEN: ***
    DOCKER_METADATA_OUTPUT_VERSION: v2.0.2
    DOCKER_METADATA_OUTPUT_TAGS: ***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:v2.0.2
  ***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:ecc90d3
  ***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:latest
    DOCKER_METADATA_OUTPUT_LABELS: org.opencontainers.image.created=2024-10-15T08:38:31.1[60](https://github.com/org/reponame/actions/runs/11342371684/job/31542624648#step:5:62)Z
  org.opencontainers.image.description=
  org.opencontainers.image.licenses=
  org.opencontainers.image.revision=ecc90d399de8cdeaccb9238fd6314aaae7f0a512
  org.opencontainers.image.source=https://github.com/org/reponame
  org.opencontainers.image.title=reponame
  org.opencontainers.image.url=https://github.com/org/reponame
  org.opencontainers.image.version=v2.0.2
    DOCKER_METADATA_OUTPUT_JSON: {"tags":["***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:v2.0.2","***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:ecc90d3","***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:latest"],"labels":{"org.opencontainers.image.created":"2024-10-15T08:38:31.160Z","org.opencontainers.image.description":"","org.opencontainers.image.licenses":"","org.opencontainers.image.revision":"ecc90d399de8cdeaccb9238fd[63](https://github.com/org/reponame/actions/runs/11342371684/job/31542624648#step:5:65)14aaae7f0a512","org.opencontainers.image.source":"https://github.com/org/reponame","org.opencontainers.image.title":"api-gateway","org.opencontainers.image.url":"https://github.com/org/reponame","org.opencontainers.image.version":"v2.0.2"}}
    DOCKER_METADATA_OUTPUT_BAKE_FILE: /tmp/docker-actions-toolkit-oCjCJH/docker-metadata-action-bake.json
OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown
Error: Process completed with exit code 126.

I am unable to fix it yet. :(

@simar7
Copy link
Member

simar7 commented Oct 15, 2024

hi @Dr-DevOps could you try the latest release of trivy-action? We've released some fixed that hopefully should address this. cc @DmitriyLewen

@DmitriyLewen
Copy link
Contributor

Hello @Dr-DevOps
IIUC your action doesn't have bash, right?
IN this case you can install trivy yourself and run trivy-action with skip-setup-trivy input.
See this example - https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#setting-up-trivy-manually

@Dr-DevOps
Copy link
Contributor Author

  build_image:
    permissions:
      contents: write
      pull-requests: write
    name: Build Image for UAT
    runs-on:
      labels: [self-hosted,image-builder]
    container: 
      image: docker:rc-dind

I am using this as a base docker image to create a docker build and then using it for trivy scan.

  - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: '***.dkr.ecr.ap-southeast-1.amazonaws.com/reponame:${{ github.sha }}'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
          format: 'table'
          scanners: 'vuln,config'

@DmitriyLewen
Copy link
Contributor

Hello @Dr-DevOps

You got same error for aquasecurity/setup-trivy@v0.2.2, right?


  labels: [self-hosted,image-builder]

You use self-hosted runner. Your runner doesn't have bash.
So i see 2 ways:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants