Checkov install silently fails during image build (and is also missing when pulling from ghcr.io) #634
Labels
Comments
|
This looks to be the same as #633, is it? |
4 tasks
|
It looks the same, apologies my search missed it, I only looked at open issues. |
|
No worries. I'm not a macOS user hence am just guesstimating whether these two are of the same essence. |
|
This issue has been resolved in version 1.88.1 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
On macos M2 Max (arm/aarch64)
Using docker image dhcr.io/atonbabenko/pre-commit-terraform:latest (since Oct 23, but up to and including a local build of main (v1.88.0).
When executing terraform_checkov during pre-commit the 'checkov command is not found'
Cause
Rather than all the logs for diagnosis I can supply root cause.
pip install of checkov requires 0.13.0<rustworkx<0.14.0
Similar to the current limitation in dockerfile where cffi requires to build from source due to lack of musl wheel for aarch64 (update to this has been requested), rustworkx only had musl wheel for aarch64 added in 0.14.0, and current version is 0.14.1.
A request to checkov to bump rustworkx to at least 0.14.0 has been requested, although I'm not sure if that may have breaking changes or require further testing from them, so don't know the delivery time.
In the meantime adding/removing rust and cargo to the apk before checkov install allows [email protected] to be compiled meeting the checkov dependency (albeit very slowly) until such time as they resolve it.
I have raised a PR to this effect.
There is also some confusion in the error handling in the dockerfile, where because the pip install checkov fails in the first block it then tries to run the pip install checkov==latest in the or block. Obviously happy path this isn't won't occur, but confuses the error-handling slightly when the first install fails.
Environment information
The text was updated successfully, but these errors were encountered: