Skip to content

BUG: Pinned-Dependencies fails to handle Dockerfiles with here-docs #3335

New issue
New issue
Closed
#3774
Closed
BUG: Pinned-Dependencies fails to handle Dockerfiles with here-docs#3335
#3774
Labels
kind/bugSomething isn't working
@pnacht

Description

@pnacht
pnacht
opened on Jul 31, 2023

Describe the bug
Dockerfiles with here-docs crash the Pinned-Deps check

Reproduction steps
Run scorecard --checks Pinned-Dependencies --repo moby/moby (also works with --repo distribution/distribution)

Error: check runtime error: Pinned-Dependencies: internal error: error parsing shell code: Dockerfile:1:1: unclosed here-document 'EOT'
2023/07/31 16:52:39 error during command execution: check runtime error: Pinned-Dependencies: internal error: error parsing shell code: Dockerfile:1:1: unclosed here-document 'EOT'

moby/moby/Dockerfile and distribution/distribution/dockerfiles/vendor.Dockerfile have RUN commands such as

RUN --mount=target=/context \
    --mount=target=.,type=tmpfs  \
    --mount=target=/go/pkg/mod,type=cache <<EOT
  set -e
  rsync -a /context/. .
  go mod tidy
  go mod vendor
  mkdir /out
  cp -r go.mod go.sum vendor /out
EOT

Expected behavior
The Dockerfile should be correctly parsed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions