run docker image without shell | Feature Requests | harness - The Modern Software Delivery Platform®

run docker image without shell

complete

Raisin Anglerfish

We are looking to create SBOMs using syft (https://github.com/anchore/syft) docker image. We have created RUN step which uses the syft image and bash shell to run the syft command. It keeps failing with 'exec: "bash": executable file not found in $PATH'.
We have run syft docker image locally and it runs fine.
'docker run anchore/syft:v0.86.1 packages registry:containerregistry/abc/xyz-image:0.0 -o spdx-tag-value'
syft image is based on scratch with no sh or bash. We need to be able to use an image in CI step which doesnt have any shell

Created by lijo.jacob

August 17, 2023

Autopilot

Merged in a post:

Support distroless images within Containerized Steps

Graceful Marmoset

I built a distroless image which has an ENTRYPOINT to a golang CLI. This is very minimal in size (4MB) as opposed to using official golang images (Alpine is 230MB!).

I want to essentially create a Containerized Step to run this distroless image within my pipelines, but in order for Containerized Steps to work they must have a full shell. Adding the shell significantly increases the size of my container image, and thus the time to pull layers, etc.

August 16, 2024

Nofar Bluestein

Hey, can you please further explain the ask? is there a technical challenge, or is the ask is more about caching these images for faster pulling time.
Like the request we have here:  https://harness-io.canny.io/admin/feedback/feature-request/p/ability-to-cache-build-images?boards=feature-request 
Thank you

Nofar Bluestein

marked this post as

complete

Nofar Bluestein

Hey, wanted to let you know that this request have been delivered. 
Regards, 
Nofar Bluestein, 
CI product team.

Bradley Rydzewski

marked this post as

in progress

The team is working on this improvement in the current sprint. We will post an update once this feature is released.

Bradley Rydzewski

hey Raisin Anglerfish thanks for taking the time to provide feedback! I wanted to follow up and let you know this is planned and the engineering team will be picking this up in an upcoming sprint. We will post updates here once work has started.

Bradley Rydzewski

marked this post as

planned

Rose Gull

Hi Sushant,

If you have a Docker image that you just want to run the existing ENTRYPOINT, instead of running your own command script, you can instead use a Plugin step.

The Plugin steps are intended to be used for Drone Plugins, but potentially will work for your use case.

Here's an example YAML for a Plugin step using anchore/syft:

              - step:
                  type: Plugin
                  name: Syft
                  identifier: Syft
                  spec:
                    connectorRef: Docker_Hub
                    image: anchore/syft:v0.86.1
                    entrypoint:
                      - /syft
                      - packages
                      - alpine:latest
                      - "-o"
                      - spdx-tag-value