Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intermittent 'Error installing Debricked CLI' #56

Open
HarrisonFBG opened this issue Oct 4, 2024 · 2 comments
Open

Intermittent 'Error installing Debricked CLI' #56

HarrisonFBG opened this issue Oct 4, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@HarrisonFBG
Copy link

Current Behavior

Since the update to v1.31 our we have been getting the following error and workflow failure.
This issue seems to happen at random since it occurs in different repos and sometimes only 1/3 jobs in a workflow will fail but rerunning the workflow will usually be successful.

RUN PACKAGE: /runner/_work/_temp/fortify/tools/sc-client/24.2.0/bin/scancentral package -o package.zip -bt mvn -bf pom.xml -oss -o package.zip
  launcher.log will be stored in "/home/runner/.fortify/scancentral-24.2.0/log" directory.
  scancentral.log will be stored in "/home/runner/.fortify/scancentral-24.2.0/log" directory.
  No installed Debricked CLI was found.
  Error installing Debricked CLI.
  Error retrieving latest Debricked CLI version from GitHub.
  Shutting down with errors. Please see log for details.
Summary:
  PACKAGE: ERROR
Failing commands:
  PACKAGE: /runner/_work/_temp/fortify/tools/sc-client/24.2.0/bin/scancentral package -o package.zip -bt mvn -bf pom.xml -oss -o package.zip

This issue did not occur in prior versions of the action or in workflows that specify an older sc-client with the definition below

  uses: fortify/github-action/setup@v1
    with:
      sc-client: 23.1.0

Expected Behavior

Debricked CLI is successfully installed and the workflow proceeds with all of the subsequent steps to build/package
A successful run has the following

RUN PACKAGE: /runner/_work/_temp/fortify/tools/sc-client/24.2.0/bin/scancentral package -o package.zip -bt mvn -bf pom.xml -oss -o package.zip
  launcher.log will be stored in "/home/runner/.fortify/scancentral-24.2.0/log" directory.
  scancentral.log will be stored in "/home/runner/.fortify/scancentral-24.2.0/log" directory.
  No installed Debricked CLI was found.
  A new Debricked CLI version is available: 2.1.4.
  Cleanup the existing Debricked CLI installation.
  Installing Debricked CLI...
  Debricked CLI is installed at /runner/_work/_temp/fortify/tools/sc-client/24.2.0/Core/lib/debricked

Steps To Reproduce

In any repo run the following workflow step

- name: Run FoD SAST Scan
      # https://github.com/fortify/github-action?tab=readme-ov-file#fortify-github-action-fod-sast-scan
      uses: fortify/github-action/fod-sast-scan@v1
      env:
        FOD_URL: "https://ams.fortify.com"
        FOD_TENANT: "TENANT"
        FOD_RELEASE: ${{ steps.get-release-id.outputs.releaseId }}
        PACKAGE_EXTRA_OPTS: '-bt mvn -bf pom.xml -oss -o package.zip'
        FOD_SAST_SCAN_EXTRA_OPTS: '--notes="Triggered by GitHub Actions (actions/runs/${{ github.run_id }})"'

Environment

Github action runner: v2.319.1
Java: Java_Corretto_jdk/17.0.12-7.1/x64
fortify/github-action: v1.3.1
sc-client: 24.2.0

Anything else?

No response
@HarrisonFBG HarrisonFBG added the bug Something isn't working label Oct 4, 2024
@HarrisonFBG
Copy link
Author

HarrisonFBG commented Oct 9, 2024
edited
Loading

Did some more testing and it seems to be an issue with the latest scancentral version installing its own debricked copy. Even when running locally scancentral showed the same error.

Fortify_ScanCentral_Client_Latest_x64/bin/scancentral package -oss -o package.zip 
launcher.log will be stored in "/Users/username/.fortify/scancentral-24.2.0/log" directory.
scancentral.log will be stored in "/Users/username/.fortify/scancentral-24.2.0/log" directory.
No installed Debricked CLI was found.
A new Debricked CLI version is available: 2.1.4.
Error installing Debricked CLI.

Fixed it by adding the following steps to the github workflow before the fortify/github-action/fod-sast-scan step to avoid a race condition on the debricked installation

    - name: Setup Fortify Tools
      uses: fortify/github-action/setup@v1
      with:
        debricked-cli: latest
        sc-client: 24.2

    - name: Copy Debricked for ScanCentral 24.2
      shell: bash
      run: |
        cp -R "${{ env.DEBRICKED_CLI_BIN_DIR }}" "${{ env.SC_CLIENT_INSTALL_DIR }}/Core/lib/debricked"

@rsenden
Copy link
Contributor

rsenden commented Oct 11, 2024

Hi, thanks for reporting this. I forwarded this issue to the product manager responsible for ScanCentral Client; he thinks this might be due to ScanCentral Client running into GitHub rate limits while checking for/downloading the latest Debricked CLI. He'll look into improving this in a next version of ScanCentral Client.

The fortify/github-action/setup action uses a slightly different approach for locating and downloading the latest Debricked CLI, and likely benefits from higher rate limits by automatically (implicitly) using authenticated GitHub API requests based on the GITHUB_TOKEN that's automatically provided by GitHub on every workflow run. I'll see whether I can incorporate your work-around in our Fortify GitHub Action.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rsenden @HarrisonFBG