Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues running cgr.dev/chainguard/apko in Gitlab CI: missing sh in image causes problems #1550

Open
kastl-ars opened this issue Feb 27, 2025 · 4 comments
Open

Issues running cgr.dev/chainguard/apko in Gitlab CI: missing sh in image causes problems #1550

kastl-ars opened this issue Feb 27, 2025 · 4 comments

Comments

@kastl-ars
Copy link

Dear maintainers,

I am trying to use the "official" cgr.dev/chainguard/apko image in Gitlab CI, but fail to get it working.

No matter what I try, I cannot get it to succeed, as Gitlab seems to require a shell inside the image. Omitting the script tag is not possible. Putting the full build command into the script tag fails, even with an empty entrypoint.

---
stages:
  - build
build_with_apko:
  stage: build
  image:
    name: cgr.dev/chainguard/apko
    entrypoint: [""]
  script:
    - apko version

---
stages:
  - build
build_with_apko:
  stage: build
  image:
    name: cgr.dev/chainguard/apko
    entrypoint: ["apko", "version"]
  script:
    - "" # or "true" or anything else

The error is always something along the lines of unable to start container process: exec: "sh": executable file not found in $PATH

I tested with the "old" one from ghcr.io/chainguard-dev/apko first, which starts but then fails due to being outdated (some new signatures being used).

Is there a way to do this properly? Or is there an offical image with a shell (other than the restricted latest-dev image)?

Kind Regards,
Johannes
@sanmai-NL
Copy link

It's a GitLab functional suitability quality defect. See: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26501

@sanmai-NL
Copy link

sanmai-NL commented Mar 1, 2025
edited
Loading

What GitLab CI/CD Runner do you use? The Docker Runner on SaaS, I presume? Otherwise, you can configure your GitLab CI/CD Runner to not override the entrypoint with /bin/sh.
Does https://docs.gitlab.com/runner/executors/docker/#configure-a-docker-entrypoint help?
Alternatively, you can run Podman as an image, with your podman run cgr.dev/chainguard/apko command as script. That adds overhead and indirection, but satisfies your requirement that the official apko image be run.

@Smana
Copy link

Smana commented Mar 9, 2025

Hello, I have the same issue

docker run -ti --rm --entrypoint /bin/bash cgr.dev/chainguard/apko
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "/bin/bash": stat /bin/bash: no such file or directory

but in a different context: I'm using this Dagger module, and I run commands under the container.

@kastl-ars
Copy link
Author

It's a GitLab functional suitability quality defect. See: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26501

Thanks for the link. However, there may be instances where fixing this on the Gitlab side may not be possible. So it would be nice to have the official image work with GitlabCI (or have a second image just containing a usable shell).

In the meantime I built my own image to not be blocked by this, but having an official image would be nice...
https://github.com/kastl-ars/wolfi-apko-with-bash

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sanmai-NL @Smana @kastl-ars