Home > database >  gitlab ci error /bin/sh: eval: line 138: docker: not found
gitlab ci error /bin/sh: eval: line 138: docker: not found

Time:10-21

gitlab runner throws error when i trying to build docker image

gitlab-ci.yml

container_scanning:
  stage: test
  image:
    name: $CI_REGISTRY/devops/trivy/trivy:0.20.1

  variables:
    GIT_STRATEGY: none
    FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
    # Tell docker CLI how to talk to Docker daemon.
    DOCKER_HOST: tcp://localhost:2375/
    # Use the overlayfs driver for improved performance.
    DOCKER_DRIVER: overlay2
    # Disable TLS since we're running inside local network.
    DOCKER_TLS_CERTDIR: ""
  script:
    - docker build -t testdocker .

Dockerfile

FROM 
Test.dev/devops/aquasec/trivy:0.16.0
RUN trivy filesystem --skip-update --exit-code 1 --no-progress /

error

/bin/sh: eval: line 138: docker: not found
$ docker build -t testdocker .

I have chcked the docker image history, the entry point is ENTRYPOINT ["trivy"] :

~$ docker image history --no-trunc aquasec/trivy:latest
IMAGE                                                                     CREATED       CREATED BY                                                                                          SIZE      COMMENT
sha256:9a0e347a8cda3c2bdf3f4d7aa24ccfb3e5dce8763bf6064526fdecd06aafd711   4 days ago    ENTRYPOINT ["trivy"]                                                                                0B        buildkit.dockerfile.v0
<missing>                                                                 4 days ago    COPY contrib/*.tpl contrib/ # buildkit                                                              14.7kB    buildkit.dockerfile.v0
<missing>                                                                 4 days ago    COPY trivy /usr/local/bin/trivy # buildkit                                                          39.3MB    buildkit.dockerfile.v0
<missing>                                                                 4 days ago    RUN /bin/sh -c apk --no-cache add ca-certificates git # buildkit                                    13.5MB    buildkit.dockerfile.v0
<missing>                                                                 7 weeks ago   /bin/sh -c #(nop)  CMD ["/bin/sh"]                                                                  0B        
<missing>                                                                 7 weeks ago   /bin/sh -c #(nop) ADD file:aad4290d27580cc1a094ffaf98c3ca2fc5d699fe695dfb8e6e9fac20f1129450 in /    5.6MB  

CodePudding user response:

The problem is that you're telling GitLab to run the Pipeline within a container with the image trivy image, which I suppose it's a custom Dockerfile using aquasec/trivy as base image.

If you haven't installed the Docker CLI in your custom image, there is no reason for it to be there.

 docker pull aquasec/trivy
Using default tag: latest
latest: Pulling from aquasec/trivy
a0d0a0d46f8b: Already exists
330bb1eb9af6: Pull complete
de4b3e2cc536: Pull complete
65a5529ac0a6: Pull complete
Digest: sha256:c5e2a98e1c1a34f2f6d80f02b4f78fb25ddafbadb8f2b3962059b14c8da1d6f8
Status: Downloaded newer image for aquasec/trivy:latest
docker.io/aquasec/trivy:latest
 docker run --rm -it --entrypoint sh aquasec/trivy
/ # docker --version
sh: docker: not found

If I scan that image with docker scan I can see it uses alpine:3.14.2 as base image and apk as package manager; so, in order to use Docker within that container, your custom image (the one under $CI_REGISTRY/devops/trivy/trivy:0.20.1) should have the Docker CLI installed.

Dockerfile

FROM aquasec/trivy

RUN apk add docker-cli

And of course have defined in the Docker Runners configuration under configuration.toml that the used images perform a bind-mount of /var/run/docker.sock.

Another option is to use Docker-in-Docker (directly install the whole Docker within the container and start the daemon on it).

To use Docker in Docker you'd have to modify a little bit your job:

container_scanning:
  stage: test
  image:
    name: $CI_REGISTRY/devops/trivy/trivy:0.20.1

  services:
    - docker:19.03.12-dind

  variables:
    GIT_STRATEGY: none
    FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
    # Tell docker CLI how to talk to Docker daemon.
    DOCKER_HOST: tcp://localhost:2375/
    # Use the overlayfs driver for improved performance.
    DOCKER_DRIVER: overlay2
    # Disable TLS since we're running inside local network.
    DOCKER_TLS_CERTDIR: ""

  script:
    - docker build -t testdocker .

Keep in mind that in case you decide to use Docker in Docker instead of actually mount the socket, you'll have the following limitations: https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#limitations-of-docker-in-docker

  • Related