Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

install.sh looking for 1.16.0 checksum.txt not in release assets #162

Closed
timothycarambat opened this issue Dec 12, 2024 · 2 comments
Closed

install.sh looking for 1.16.0 checksum.txt not in release assets #162

timothycarambat opened this issue Dec 12, 2024 · 2 comments
Assignees
@cdupuis
Labels
bug Something isn't working

Comments

@timothycarambat
Copy link

timothycarambat commented Dec 12, 2024
edited
Loading

Hey y'all

Noticed today a bunch of CI failures when trying to run some docker scout-cli actions. We run the install script directly and do not use the uses: docker-scout/cli@v1 Github actions key - so that could be the issue.

This seems specific to the latest release 1.16.0.

The specific error is

received HTTP status=404 for url='https://github.com/docker/scout-cli/releases/download/v1.16.0/docker-scout_1.16.0_checksums.txt' 
Error:  could not find release asset for os='linux' arch='amd64' format='tar.gz'  
Error:  failed to install docker-scout

So it seems like some checksum text file does not exist, that is all. Old implementation of our action is below

      # Working pre 1.16.0 release
      
      - name: Add VEX attestations
        env:
          CVE_EXCEPTIONS: ${{ steps.cve-list.outputs.CVE_EXCEPTIONS }}
        run: |
          echo $CVE_EXCEPTIONS
          curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
          for cve in $CVE_EXCEPTIONS; do
            for tag in "${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}"; do
              echo "Attaching VEX exception $cve to $tag"
              docker scout attestation add \
              --file "./docker/vex/$cve.vex.json" \
              --predicate-type https://openvex.dev/ns/v0.2.0 \
              $tag
            done
          done
        shell: bash

Changing curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- to curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- v1.15.1 seems to still work OK.
@timothycarambat
Copy link
Author

timothycarambat commented Dec 12, 2024
edited
Loading

Looks like the checksum file exists in dist in the repo right now
https://raw.githubusercontent.com/docker/scout-cli/refs/heads/main/dist/docker-scout_1.16.0_checksums.txt

But was not an asset in the release, so I'm guessing that is what happened or assets are added after the release publish and my CI actions were just unfortunately timed

@timothycarambat timothycarambat changed the title install.sh script broken as of 1.16.0 install.sh looking for 1.16.0 checksum.txt not in release assets Dec 12, 2024
@timothycarambat timothycarambat mentioned this issue Dec 12, 2024
Merged
@cdupuis cdupuis self-assigned this Dec 13, 2024
@cdupuis cdupuis added the bug Something isn't working label Dec 13, 2024
@cdupuis
Copy link
Collaborator

cdupuis commented Dec 13, 2024

Thanks for raising this @timothycarambat .

Some recent internal changes broke our release pipeline. The missing artefacts have no been added to the release. Apologies for the troubles this has caused.

@cdupuis cdupuis closed this as completed Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cdupuis cdupuis

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdupuis @timothycarambat