Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on image load if prefixed with a variable #1230

Open
MaximilianB134 opened this issue Apr 13, 2023 · 1 comment
Open

Error on image load if prefixed with a variable #1230

MaximilianB134 opened this issue Apr 13, 2023 · 1 comment
Labels
bug Something went wrong

Comments

@MaximilianB134
Copy link

Describe the bug
Some of our Dockerfiles start with these or similar lines:

ARG ARCH=""
FROM ${ARCH}php:7.4-apache-buster AS builder

We did this mainly for historical reasons so that our devs with a Mac with an Apple Silicon chip can build images for another architecture. They would then set the ARCH build argument to amd64/. If the build argument is omitted the image will build for the current architecture.

Unfortunately tern does not recognize the build argument correctly and fails on Dockerfiles with this construct. It seems that it tries to prepend the quotes to the image and tag and then fails to find the image.

To Reproduce

  1. Let a dockerfile start with the lines stated above.
  2. Run tern report -d Dockerfile.

Error in terminal

2023-04-13 06:31:09,953 - DEBUG - __main__ - Starting...
2023-04-13 06:31:09,954 - DEBUG - prep - Setting up...
2023-04-13 06:31:09,954 - DEBUG - rootfs - Running command: chmod +x /usr/local/lib/python3.9/site-packages/tern/tools/fs_hash.sh
2023-04-13 06:31:09,960 - DEBUG - run - Parsing Dockerfile...
2023-04-13 06:31:09,966 - DEBUG - run - Building Docker image with Dockerfile: /builds/sonstige/hackathon-desksharing/desksharing/build/app/Dockerfile_1
2023-04-13 06:32:34,293 - WARNING - docker_api - Build failed: COPY failed: file not found in build context or excluded by .dockerignore: stat build/app/php.dev.ini: file does not exist
2023-04-13 06:32:34,294 - WARNING - docker_api - Could not build Docker image
2023-04-13 06:32:34,294 - WARNING - run - Cannot build image
2023-04-13 06:32:34,294 - DEBUG - run - Analyzing base image...
2023-04-13 06:32:34,332 - DEBUG - docker_api - Checking if image """php:7.4-apache-buster" is available on disk...
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://docker:2376/v1.41/images/%22%22php:7.4-apache-buster/json
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
  File "/usr/local/bin/tern", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/tern/__main__.py", line 311, in main
    do_main(args)
  File "/usr/local/lib/python3.9/site-packages/tern/__main__.py", line 115, in do_main
    drun.execute_dockerfile(args)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/dockerfile/run.py", line 211, in execute_dockerfile
    image_list = analyze_multistage_dockerfile(dfobj, args)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/dockerfile/run.py", line 260, in analyze_multistage_dockerfile
    imlist = analyze_single_dockerfile(dfile, options)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/dockerfile/run.py", line 191, in analyze_single_dockerfile
    image_list = base_and_run_analysis(dockerfile, options)
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/dockerfile/run.py", line 149, in base_and_run_analysis
    base_image = load_base_image()
  File "/usr/local/lib/python3.9/site-packages/tern/analyze/default/dockerfile/run.py", line 88, in load_base_image
    if docker_api.dump_docker_image(base_image.repotag):
  File "/usr/local/lib/python3.9/site-packages/tern/load/docker_api.py", line 209, in dump_docker_image
    image = get_docker_image(image_tag, client)
  File "/usr/local/lib/python3.9/site-packages/tern/load/docker_api.py", line 179, in get_docker_image
    image = check_image(image_tag_string, client)
  File "/usr/local/lib/python3.9/site-packages/tern/load/docker_api.py", line 155, in check_image
    image_obj = client.images.get(image_tag_string)
  File "/usr/local/lib/python3.9/site-packages/docker/models/images.py", line 335, in get
    return self.prepare_model(self.client.api.inspect_image(name))
  File "/usr/local/lib/python3.9/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/docker/api/image.py", line 251, in inspect_image
    return self._result(
  File "/usr/local/lib/python3.9/site-packages/docker/api/client.py", line 274, in _result
    self._raise_for_status(response)
  File "/usr/local/lib/python3.9/site-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e) from e
  File "/usr/local/lib/python3.9/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 400 Client Error for https://docker:2376/v1.41/images/%22%22php:7.4-apache-buster/json: Bad Request ("no such image: ""php:7.4-apache-buster: invalid reference format")

Expected behavior
I expect that the variable is resolved and therefore the Dockerfile is evaluated correctly. That especially means that the quotes from the default value are not taken literally into the image string.

Environment you are running Tern on
Output of 'tern --version':

Tern version 2.12.0
   python version = 3.9.16 (main, Apr 12 2023, 12:09:18)

We run tern in a docker container built from the Dockerfile this project provides here: https://github.com/tern-tools/tern/blob/main/docker/Dockerfile
The docker image is then started with two volumes, one with the dockerfile and one volume shared with a docker-in-docker setup to provide certificates to connect to the docker daemon. These env vars are provided in addition to that:

DOCKER_TLS_CERTDIR: '/certs'
DOCKER_HOST: 'tcp://docker:2376'
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"

The complete setup runs in our Gitlab CI with the docker-in-docker as a service to the job and the job being the tern container.
@rnjudge rnjudge added the bug Something went wrong label Apr 13, 2023
@mukultaneja
Copy link
Contributor

Hi @MaximilianB134, I have been trying to repro this issue but I am not able to. I am running tern with the below Dockerfile and it seems working fine for me.

(base) [root@sc2-10-186-97-98 code]# cat Dockerfile2
ARG ARCH=""
FROM ${ARCH}php:7.4-apache-buster AS builder

(base) [root@sc2-10-186-97-98 code]# tern report -d Dockerfile2
2023-06-08 07:03:07,493 - DEBUG - __main__ - Starting...
2023-06-08 07:03:07,494 - DEBUG - prep - Setting up...
2023-06-08 07:03:07,773 - DEBUG - rootfs - Running command: chmod +x /root/code/tern/tern/tools/fs_hash.sh
2023-06-08 07:03:07,779 - DEBUG - run - Parsing Dockerfile...
2023-06-08 07:03:07,781 - DEBUG - run - [{'instruction': 'ARG', 'startline': 0, 'endline': 0, 'content': 'ARG ARCH=""\n', 'value': 'ARCH=""'}, {'instruction': 'FROM', 'startline': 1, 'endline': 1, 'content': 'FROM ${ARCH}php:7.4-apache-buster AS builder\n', 'value': '${ARCH}php:7.4-apache-buster AS builder'}]
2023-06-08 07:03:07,781 - DEBUG - run - Building Docker image with Dockerfile: Dockerfile2
2023-06-08 07:03:07,792 - DEBUG - docker_api - ARG ARCH=""
FROM ${ARCH}php:7.4-apache-buster AS builder

2023-06-08 07:03:20,618 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp.tar
2023-06-08 07:03:20,628 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp.tar -C /root/.tern/temp
2023-06-08 07:03:21,621 - DEBUG - run - Docker image successfully built. Analyzing...
2023-06-08 07:03:21,623 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/1315799ae78a9e99be0e37f9de5d7ff26a793cf82f36b15bbc48e5a2b7cbe005/layer.tar
2023-06-08 07:03:21,642 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/1315799ae78a9e99be0e37f9de5d7ff26a793cf82f36b15bbc48e5a2b7cbe005/layer.tar -C /root/.tern/temp/1315799ae78a9e99be0e37f9de5d7ff26a793cf82f36b15bbc48e5a2b7cbe005/contents
2023-06-08 07:03:21,794 - DEBUG - rootfs - Running command: /root/code/tern/tern/tools/fs_hash.sh /root/.tern/temp/1315799ae78a9e99be0e37f9de5d7ff26a793cf82f36b15bbc48e5a2b7cbe005/contents
2023-06-08 07:03:28,475 - DEBUG - rootfs - Running command: tar -tf /root/.tern/temp/4673faf60d7ab7786359a7972251c1150d8f621a2f82e9033cef5983ce72080e/layer.tar
2023-06-08 07:03:28,481 - DEBUG - rootfs - Running command: tar -x -f /root/.tern/temp/4673faf60d7ab7786359a7972251c1150d8f621a2f82e9033cef5983ce72080e/layer.tar -C /root/.tern/temp/4673faf60d7ab7786359a7972251c1150d8f621a2f82e9033cef5983ce72080e/content
.....

The below 2 statements from your traceback are looking different than the Dockerfile you mentioned, Could you please provide the exact content of the Dockerfile that you are using

2023-04-13 06:31:09,966 - DEBUG - run - Building Docker image with Dockerfile: /builds/sonstige/hackathon-desksharing/desksharing/build/app/Dockerfile_1
2023-04-13 06:32:34,293 - WARNING - docker_api - Build failed: COPY failed: file not found in build context or excluded by .dockerignore: stat build/app/php.dev.ini: file does not exist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something went wrong
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rnjudge @MaximilianB134 @mukultaneja