merilstack
Reputation: 868
Invalid OCI archive error for snyk/actions/docker@master
I am trying to implement the following workflow for my image which was built successfully:
# Step 1: Build a Docker image
- name: Build a Docker image
run: docker build --no-cache -f ./Dockerfile --build-arg NPM_TOKEN=${{ secrets.NPM_INSTALL_TOKEN }} --build-arg BUILD_VERSION=$BUILD_VERSION -t registry.domain.io:5000/my-app:$BUILD_VERSION .
# Step 2: Run Snyk to check Docker image for vulnerabilities
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
uses: snyk/actions/docker@master
id: docker-image-scan
env:
SNYK_TOKEN: ${{ secrets.SNYK_CLI }}
with:
image: registry.domain.io:5000/my-app:$BUILD_VERSION
args: --sarif-file-output=snyk.sarif --file=Dockerfile
- name: Replace security-severity undefined for license-related findings
continue-on-error: true
run: |
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
In Step 1, I was able to build the image successfully. But in Step 2 when I run snyk to check docker image vulnerabilities, it fails with Invalid OCI archive error and the subsequent step fails as well:
### Run snyk/actions/docker@master
with:
image: registry.domain.io:5000/my-app:$BUILD_VERSION
args: --sarif-file-output=snyk.sarif --file=Dockerfile
command: test
json: false
sarif: true
env:
LAST_BUILD_DATE: 2024-05-15
BUILD_VERSION: v2024.0515.9
BUILD: true
SNYK_TOKEN: ***
/usr/bin/docker run --name snyksnykdocker_f8eeab --label ef2332 --workdir /github/workspace --rm -e "LAST_BUILD_DATE" -e "BUILD_VERSION" -e "BUILD" -e "SNYK_TOKEN" -e "INPUT_IMAGE" -e "INPUT_ARGS" -e "INPUT_COMMAND" -e "INPUT_JSON" -e "INPUT_SARIF" -e "SNYK_INTEGRATION_NAME" -e "SNYK_INTEGRATION_VERSION" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_AC
Invalid OCI archive
### Run sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
shell: /usr/bin/bash -e {0}
env:
LAST_BUILD_DATE: 2024-05-15
BUILD_VERSION: v2024.0515.9
BUILD: true
sed: can't read snyk.sarif: No such file or directory
Error: Process completed with exit code 2.
I don't see any detailed error messages anywhere. Is there a way I can find more info regarding the error or something that's causing this issue?
Upvotes: 1
Views: 1159
Answers (0)
Related Questions
- Docker complains about "no space left on device", how to clean up?
- docker push error: denied: requested access to the resource is denied
- Using Snyk Build Task in Azure DevOps Pipeline Error for .Net 8 Project
- How to force Docker for a clean build of an image
- How to customize the configuration file of the official PostgreSQL Docker image?
- Repository is not signed in docker build
- Why does Snyk GitHub Actions fail due to ".. Your package.json and undefined are probably out of sync ..."
- Docker GitHub actions with parameters on build step