Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Action has stopped working, fails to download syft #472

Closed
martincostello opened this issue Jun 6, 2024 · 12 comments · Fixed by #477
Closed

Action has stopped working, fails to download syft #472

martincostello opened this issue Jun 6, 2024 · 12 comments · Fixed by #477
Assignees

Comments

@martincostello
Copy link

Since some time yesterday morning, the action has started failing to download syft in one of my repositories: logs

------------------------------ Running SBOM Action -----------------------------
::group::Got github context:
Got github context:
##[debug]isExplicit: 1.4.1
##[debug]explicit? true
##[debug]checking cache: C:\hostedtoolcache\windows\syft.exe\1.4.1\x64
##[debug]not found
##[debug]Installing syft v1.4.1
##[debug]Downloading https://raw.githubusercontent.com/anchore/syft/main/install.sh
##[debug]Destination D:\a\_temp\8121acb8-e422-4995-8af8-e1c646b74cd8
##[debug]download complete
"C:\Program Files\Git\bin\sh.exe" D:\a\_temp\8121acb8-e422-4995-8af8-e1c646b74cd8 -d -b D:\a\_temp\8121acb8-e422-4995-8af8-e1c646b74cd8_syft v1.4.1
[debug] checking github for release tag='v1.4.1' 
[debug] http_download(url=https://github.com/anchore/syft/releases/v1.4.1) 
Error:  received HTTP status=000 for url='https://github.com/anchore/syft/releases/v1.4.1' 
Error:  unable to find tag='' 
Error:  do not specify a version or select a valid version from https://github.com/anchore/syft/releases 
Error: The process 'C:\Program Files\Git\bin\sh.exe' failed with exit code 1
##[debug]Node Action run completed with exit code 1

I've also tried explicitly updating to a newer version of syft, and that also fails:

------------------------------ Running SBOM Action -----------------------------
::group::Got github context:
Got github context:
##[debug]isExplicit: 1.5.0
##[debug]explicit? true
##[debug]checking cache: C:\hostedtoolcache\windows\syft.exe\1.5.0\x64
##[debug]not found
##[debug]Installing syft v1.5.0
##[debug]Downloading https://raw.githubusercontent.com/anchore/syft/main/install.sh
##[debug]Destination D:\a\_temp\a676dc61-1046-48b4-8ed6-b02c33920005
##[debug]download complete
"C:\Program Files\Git\bin\sh.exe" D:\a\_temp\a676dc61-1046-48b4-8ed6-b02c33920005 -d -b D:\a\_temp\a676dc61-1046-48b4-8ed6-b02c33920005_syft v1.5.0
[debug] checking github for release tag='v1.5.0' 
[debug] http_download(url=https://github.com/anchore/syft/releases/v1.5.0) 
Error:  received HTTP status=000 for url='https://github.com/anchore/syft/releases/v1.5.0' 
Error:  unable to find tag='' 
Error:  do not specify a version or select a valid version from https://github.com/anchore/syft/releases 
Error: The process 'C:\Program Files\Git\bin\sh.exe' failed with exit code 1
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Generate SBOM

I'm using the action pinned to e8d2a69 for the v0.16 tag.

@tgerla
Copy link

tgerla commented Jun 6, 2024

Hi @martincostello, thanks for the report. I did a little bit of basic testing on my macOS machine and it looks like GitHub is working OK right now. We have seen rare API outages from GitHub which cause problems like this but I don't think that's the case here. Looking at your builds it looks like the Windows version is the only one that's failing. Am I reading that right? Have there been any other changes to your environment lately, particularly in the Windows build?

@martincostello
Copy link
Author

It's true that it's the Windows version, but I only generate the SBOM on Windows as that's the platform I ship my artifacts from of the three. I've not explicitly changed anything myself in the environment, I just use the windows-latest label and get whatever GitHub serves up.

@tgerla
Copy link

tgerla commented Jun 6, 2024

OK. Can you do me a favor and manually trigger one of these jobs and make sure it repeats the failure? I am not getting any useful info from the logs, it looks like a generic networking error fetching the release archive. I looked at the GitHub runner commits and it looks like some Docker components updated on the standard images yesterday. (actions/runner-images@7992e7f)

@martincostello
Copy link
Author

@tgerla
Copy link

tgerla commented Jun 6, 2024

Thank you. That is odd. The received HTTP status=000 message is shown "for any 200 or 206 responses with a client abort: the object was served correctly from the origin or edge, but the end-user terminated the connection/transaction before it completed."

We don't think we've made any chances on our side that would cause this. I am seeing some other folks reporting various problems with the new windows-latest image: actions/runner-images#10004 -- different symptoms, though. Unfortunately I don't believe there is any way to request a previous version of the runner image to eliminate that as a variable, unless I am missing something. I will let you know if we run across anything else helpful in the meantime.

@kzantow
Copy link
Contributor

kzantow commented Jun 6, 2024

I can confirm this looks to be failing on windows runners: https://github.com/kzantow-anchore/sbom-action-test/actions/runs/9405721903/job/25907548486

Seeing as nothing has changed in sbom-action or syft, I suspect @tgerla is right that something has changed on the most recent windows runner. It's unclear exactly what we could do to solve this.

@martincostello
Copy link
Author

Finding this in more or more repos as dependabot updates are coming in - for now I'm just going to have to turn it off as otherwise it's blocking my releases 😢

@kzantow
Copy link
Contributor

kzantow commented Jun 7, 2024

This appears to be exactly the issue affecting the sbom-action: actions/runner-images#10009

@popey
Copy link
Contributor

popey commented Jun 29, 2024

Thanks for the issue report. This is looking like an upstream runner-on-windows curl issue which appears to now be fixed?

Do feel free to file a new issue if the sbom-action continues to fail. Thanks again 🙏

@popey popey closed this as completed Jun 29, 2024
@martincostello
Copy link
Author

The fix doesn't appear to have rolled out to the Windows runner. The action still fails for me.

@popey popey reopened this Jun 29, 2024
@kzantow
Copy link
Contributor

kzantow commented Jun 29, 2024

I'm not sure why they closed actions/runner-images#10009, it hasn't been fixed although a fix looks like it's been made in curl it hasn't been incorporated back into the runners. 😕

@willmurphyscode
Copy link
Contributor

@martincostello https://github.com/anchore/sbom-action/releases/tag/v0.16.1 should be fixed now. Please let us know if you have any issues. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants