sbom-action icon indicating copy to clipboard operation
sbom-action copied to clipboard
verified publisher icon anchore

Error "accepts at most 1 arg(s), received 2" is there in v0

Open LinLiKinto opened this issue 1 year ago • 3 comments

It worked well till 5th March. But on 6th March, job failed. I never changed my source code during these 2 days. I think it was because of this PR:https://github.com/anchore/sbom-action/pull/446 New version is released, v0(I was using) is also updated after this PR. I tried the old version of v0.15.8. It worked.

image

LinLiKinto avatar Mar 06 '24 05:03 LinLiKinto

Chiming in with two additional observations:

We see it failing specifically in case of running against a path:

Run anchore/sbom-action@v0
  with:
    syft-version: v0.86.1
    format: spdx-json
    artifact-name: data_sbom.spdx.json
    output-file: data_sbom.spdx.json
    path: .
    github-token: ***
    dependency-snapshot: false
    upload-artifact: true
    upload-artifact-retention: 0
    upload-release-assets: true
[...]
Error: The process '/opt/hostedtoolcache/syft/0.86.1/x64/syft' failed with exit code 1

Docker images are processed just fine:

Run anchore/sbom-action@v0
  with:
    format: spdx-json
    artifact-name: container_sbom.spdx.json
    output-file: container_sbom.spdx.json
    image: container:1.1.1
    path: .
    github-token: ***
    dependency-snapshot: false
    upload-artifact: true
    upload-artifact-retention: 0
    upload-release-assets: true

[...]
SBOM scan completed in: 11.002s
------------------------- Uploading workflow artifacts -------------------------
/tmp/sbom-action-H7hNah/container_sbom.spdx.json

Edit: actually, removing the pin to v0.86.1 and having it use the upstream version v0.105.0 makes things work again 🎉

harmw avatar Mar 06 '24 12:03 harmw

Thanks @harmw -- it looks like @LinLiKinto, you're using an older version of Syft and need to update to a version that uses the scan command, rather than packages. Just removing any pinned version should fix the problem. Are you able to give that a try?

kzantow avatar Mar 06 '24 15:03 kzantow

@kzantow Thank you for your advice. But we are using https://github.com/xeol-io/xeol/pull/294 after anchore/sbom-action. They are not updated for new version of syft. If we update the version of syft, we will encounter error in that GitHub Action. But I got the point now. I will wait for their update. Before that, I will fix the version to v0.15.8. Thank you very much. I think we cleared this issue. Should we close it?

LinLiKinto avatar Mar 07 '24 14:03 LinLiKinto

Looks like the upstream issue on xeol is closed, so I presume this is no longer an sbom-action issue? I'll close this, but feel free to open a new issue if required 🙏

popey avatar Jun 29 '24 00:06 popey