Doesn't seem to play nicely with ECR #16
Description
I have tried to integrate this with a test build pipeline using both remote and local methods and neither seems to work with the following error:
2024-07-25T08:15:47.455|ERRO|SCN|main.scanOnDemand: Failed to scan repository - error=Image not found registry=539613588543.dkr.ecr.eu-west-1.amazonaws.com repo=test-dan-humphries/hello-bosun tag=dd02b326
Image: 539613588543.dkr.ecr.eu-west-1.amazonaws.com/test-dan-humphries/hello-bosun:dd02b326
neuvector.scanner
jq: error (at <stdin>:4): Cannot iterate over null (null)
The workflow as it stands is setup for remote scanning and is below:
Thing to note is bosun-actions-setup handles signing into ECR for the workflow so the runner will have authenticated access to the image which i can confirm exists so the prior error seems incorrect.
name: Reusable Build
on:
workflow_call:
outputs:
image-tag:
description: The image tag to pass to the deploy job.
value: ${{ jobs.build.outputs.short-sha }}
app-name:
description: The name of the app
value: ${{ jobs.build.outputs.app-name }}
jobs:
build:
runs-on:
- self-hosted
- build
steps:
- uses: actions/checkout@v4
- uses: sainsburys-tech/bosun-actions-setup@main
name: Setup
id: setup
with:
token: ${{ secrets.GITHUB_TOKEN }}
job-name: "build / build"
- name: Build and push
id: buildpush
uses: docker/build-push-action@v3
with:
push: true
secrets: ${{ fromJson(steps.setup.outputs.dockerParams).secrets }}
build-args: ${{ fromJson(steps.setup.outputs.dockerParams).build-args }}
tags: ${{ fromJson(steps.setup.outputs.dockerParams).tags }}
context: ${{ fromJson(steps.setup.outputs.dockerParams).context }}
- uses: winterjung/split@v2
id: split
with:
msg: ${{ fromJson(steps.setup.outputs.dockerParams).tags }}
separator: ':'
- uses: winterjung/split@v2
id: split2
with:
msg: ${{ steps.split.outputs._0 }}
separator: '/'
- name: Scan Image
uses: neuvector/scan-action@main
with:
image-registry: ${{ steps.split2.outputs._0 }}
image-repository: ${{ steps.split2.outputs._1 }}/${{ steps.split2.outputs._2 }}
image-tag: ${{ steps.split.outputs._1 }}
debug: true
outputs:
short-sha: ${{ fromJson(steps.setup.outputs.buildInfo).shortTag }}
app-name: ${{ env.BOSUN_APP }}
I'm not sure if the issue is just one of the action assuming all remote repositories are either user/pass authenticated or no-auth or if i am missing something.
As an aside it would be nice to have an option to just pass in a full image name rather than having to split it into registry/repository/tag as i have the full name but as you can see have to do some gross splitting to separate it into what you are expecting