Failed to parse CLI arguments; Failed to load sh: File not found

[tkreuder]

Hi,
thanks a lot for your work on the tflint image!

I am running the image on the latest version of gitlab-runner and do get:

Executing "step_script" stage of the job script
00:01
Using docker image sha256:7bb16013e6077cb34a49d4f93b07f0eff81301f094e3a21231ea64856d01c860 for ghcr.io/terraform-linters/tflint-bundle:v0.41.0.1 with digest ghcr.io/terraform-linters/tflint-bundle@sha256:c1a9ab620e8d1473ee564a7b971a6fa02b7bc7a7d9842123c6fd0aac6548fe[18]...
Failed to parse CLI arguments; Failed to load `sh`: File not found

The logs of the container are empty.

This is how the gitlab pipeline stage looks like:

lint-modules:
  stage: tflint
  image: ghcr.io/terraform-linters/tflint-bundle:v0.41.0.1
  script:
    - tflint --init
    - tflint modules/xyz

[wata727]

I'm not familiar with GitLab CI, but this error seems to occur when running tflint sh.
It's probably better to check the entrypoint.

[tkreuder]

I just face the issue with this image and as the 'Dockerfile' contains 'tflint' as entrypoint and my gitlab runner is configured to allow for entrypoint overrides, I am quiet puzzled, where this issue comes from. So the combination of gitlab runner and this image seems to result in this issue for me.

[runningman]

I also came across this issue which then led me to this issue. You can solve it by changing the entrypoint in your job:

tflint:
  image: 
    name: ghcr.io/terraform-linters/tflint-bundle:v0.45.0.0
    entrypoint: [ '/bin/sh', '-c' ]
  script:
    - tflint

[csmatt4]

I am encountering this issue as well. @runningman suggestion to alter the entrypoint appears to have been deprecated as a valid option in Gitlab. If you try to use it gitlab-ci.yml file to fail validation. I noticed the tflint image also fails when simply launching it with >docker run -it ghcr.io/terraform-linters/tflint-bundle:v0.45.0.0 sh or bash.

[runningman]

I don't think its deprecated, it is still documented https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#override-the-entrypoint-of-an-image

[csmatt4]

That's odd. Here is my gitlab-ci.yml file.

`stages:

• lint

variables:
TFLINT_VERSION: "v0.45.0.2"
TFLINT_CONFIG: ".tflint.hcl"

lint:
stage: lint
image: ghcr.io/terraform-linters/tflint-bundle:${TFLINT_VERSION}
script:
- tflint --version
- tflint --init
- tflint modules/aws
- tflint --config=${TFLINT_CONFIG} --format=json > gl-tf-lint.json
- find . -type f -name "*.tf" -exec dirname {} ; | sort -u | while read line; do (cd "$line" && tflint --config=${TFLINT_CONFIG}); done
artifacts:
paths:
- gl-tf-lint.json`

When I validate the file against the gitlab API it returns as valid.

http POST "https://gitlab.com/api/v4/ci/lint" "Content-Type:application/json" "PRIVATE-TOKEN:xxxxx" content="$(cat .gitlab-ci.yml)" ref=main options:='{"gitlab_version":"15.0"}'

{
"errors": [],
"includes": [],
"status": "valid",
"valid": true,
"warnings": []
}`

Then when I add the entrypoint entrypoint: [ '/bin/sh', '-c' ]

It returns ...

{
"errors": [
"jobs:lint config contains unknown keys: entrypoint"
],
"includes": [],
"status": "invalid",
"valid": false,
"warnings": []
}`

[csmatt4]

I finally got it to work. I restructured my gitlab-ci.yml like this.

`stages:

• lint

variables:
TFLINT_VERSION: "v0.45.0.2"
TFLINT_CONFIG: ".tflint.hcl"

lint:
image:
name: ghcr.io/terraform-linters/tflint-bundle:${TFLINT_VERSION}
entrypoint: [""]
stage: lint
script:
- tflint --version
- tflint --init
- tflint --config=${TFLINT_CONFIG} --format=json > gl-tf-lint.json
- find . -type f -name "*.tf" -exec dirname {} ; | sort -u | while read line; do (cd "$line" && tflint --config=${TFLINT_CONFIG}); done
artifacts:
paths:
- gl-tf-lint.json`

Apparently the trick was to add the "name" key as a separate indented line under the "image" key. Then when I added the "entrypoint" line below that it returned as a valid file.