From 077d14c326e6f79bd9b24c48b08801b83f368d93 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:25:22 +0400 Subject: [PATCH 1/8] || ( echo "Update failed!"; exit 1 ) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 800049e..2163ba5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - /bin/grype db update -v + /bin/grype db update -v || ( echo "Update failed!"; exit 1 ) FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From b6be78aa95f560969cd9766c475ce3825f2051c2 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:33:26 +0400 Subject: [PATCH 2/8] meh --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2163ba5..648b8de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - /bin/grype db update -v || ( echo "Update failed!"; exit 1 ) + if [ -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update') ]; then echo "Update failed!"; exit 1; fi FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From 1e65362d42ec942955359b7a7206f33be32af42c Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:34:45 +0400 Subject: [PATCH 3/8] meeh --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 648b8de..dd9edf7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - if [ -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update') ]; then echo "Update failed!"; exit 1; fi + if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From 7bd3943b1d67f9d3a0a1d6719e7f7fe422466c16 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:36:19 +0400 Subject: [PATCH 4/8] meeeh --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index dd9edf7..7563d60 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static -RUN set -ex && \ +RUN set -ex -o pipefail && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ -- GitLab From cbaf38e8d1b4732f36ed9a8e2414d03ace8195d4 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:41:34 +0400 Subject: [PATCH 5/8] test pipefail --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7563d60..23eb576 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,12 +9,12 @@ ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static -RUN set -ex -o pipefail && \ +RUN set -ex && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi + set -o pipefail && if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From 54322b5f1f266378326ccc7c1f29566ebbaaadb9 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:44:03 +0400 Subject: [PATCH 6/8] =?UTF-8?q?=D0=B5=D1=83=D1=8B=D0=B5=20=D0=B7=D1=88?= =?UTF-8?q?=D0=B7=D1=83=D0=B0=D1=84=D1=88=D0=B4=202?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 23eb576..e5db3ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,12 +9,13 @@ ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static -RUN set -ex && \ +RUN set -o pipefail && \ + set -ex && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - set -o pipefail && if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi + if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From e5cbf3a0938f0f6ea2d1f8589f8ee3e27b8c2dc2 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:46:01 +0400 Subject: [PATCH 7/8] fial3 --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e5db3ea..4a6da4d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,13 +9,12 @@ ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_AUTO_UPDATE="false" COPY --from=base /grype /bin/grype ARG CACHEBUST=static -RUN set -o pipefail && \ - set -ex && \ +RUN set -ex && \ chmod a+x /bin/grype && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; fi + test -z "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')" || ( echo "Update failed!"; exit 1 ) FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab From 3e52942ccc4b4b8ea45141ace5186475c9596199 Mon Sep 17 00:00:00 2001 From: Dmitriy Safronov Date: Thu, 29 Jun 2023 16:49:34 +0400 Subject: [PATCH 8/8] fail 4 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4a6da4d..adc1035 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ FROM $DOCKER_REGISTRY/tools/docker/grype:latest AS base FROM $DOCKER_REGISTRY/tools/docker/alpine:latest AS common FROM common AS executor +SHELL ["/bin/ash", "-euo", "pipefail", "-c"] ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ GRYPE_DB_CACHE_DIR="/tmp/db" \ GRYPE_DB_AUTO_UPDATE="false" @@ -14,7 +15,7 @@ RUN set -ex && \ mkdir -p ${GRYPE_DB_CACHE_DIR} && \ chmod -R 0777 ${GRYPE_DB_CACHE_DIR} && \ echo ${CACHEBUST} && \ - test -z "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')" || ( echo "Update failed!"; exit 1 ) + if test -n "$(/bin/grype db update -v | grep 'unable to check for vulnerability database update')"; then echo "Update failed!"; exit 1; else true; fi FROM common AS runtime ENV GRYPE_CHECK_FOR_APP_UPDATE="false" \ -- GitLab