copacetic icon indicating copy to clipboard operation
copacetic copied to clipboard
verified publisher icon project-copacetic

Runtime error: nil pointer dereference during copa patch execution in GitLab CI environment

Open salvasser opened this issue 1 year ago • 2 comments

Version of copa

v0.9.0

Expected Behavior

The copa patch command should complete successfully without crashing, applying necessary patches to the specified Docker image.

Actual Behavior

The command fails with a segmentation fault specifically when executed within GitLab CI. The error does not occur when the command is executed in a local Docker container. Below is the error output captured from the GitLab CI job:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc4832f]
goroutine 51 [running]:
github.com/cpuguy83/go-docker/transport.(*Transport).DoRaw(...)
...
created by google.golang.org/grpc.(*acBalancerWrapper).Connect in goroutine 50
...

Interestingly, the same command executes successfully when run locally in a Docker container, indicating that the issue may be specific to the GitLab CI environment.

Steps To Reproduce

  1. Pull any Docker image within a GitLab CI job.
  2. Execute a vulnerability scan on the image using Trivy within the same CI job.
  3. Attempt to patch the image using copa patch within the GitLab CI job.

Commands Executed:

# Vulnerability scan
trivy image --pkg-types os --ignore-unfixed -f json -o output.json $IMAGE

# Image patching
copa patch -i $IMAGE -r output.json -t patched

Dockerfile

FROM golang:alpine3.21 AS build

RUN apk add --no-cache bash make git && \
    git config --global core.compression 0 && git clone --depth 1 https://github.com/project-copacetic/copacetic && \
    cd copacetic && make

FROM moby/buildkit:v0.18.1

RUN apk add --no-cache curl bash jq docker-cli && \
    curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.58.0

COPY --from=build /go/copacetic/dist/linux_amd64/release/copa /usr/local/bin/copa

Are you willing to submit PRs to contribute to this bug fix?

  • [ ] Yes, I am willing to implement it.

salvasser avatar Dec 10 '24 11:12 salvasser

@salvasser I am not able to build the Dockerfile, where is this used and how is it built?

ashnamehrotra avatar Dec 10 '24 16:12 ashnamehrotra

@ashnamehrotra I build this Dockerfile locally and on gitlab runner, no problems

salvasser avatar Dec 11 '24 03:12 salvasser

@robert-cronin

leodewang avatar Jul 23 '25 22:07 leodewang

I think we can close this issue as the DoRaw panic was solved in go-docker v0.4.0

robert-cronin avatar Jul 28 '25 00:07 robert-cronin