Errors are not properly propagated causing app to re-execute cmds

[acornett21]

The application does not seem to be propagating errors properly, leading to the entry point getting executed again on failures. This causes an exit 255 error code. In my opinion success should exit 0 and error or failure should exit 1. This inconsistency, makes it difficult to tell if tool finished it's check to completion, or failed mid way through the execution.

Explain below

check-payload
❯ sudo ./check-payload scan local --path ./helm-operator
I0918 14:59:57.154136   78701 main.go:308] using config file: config.toml
I0918 14:59:57.154178   78701 types_config.go:12] using config &{Components:[] FailOnWarnings:false FilterFile: FromFile: FromURL: InsecurePull:false Limit:-1 ContainerImageComponent: ContainerImage: OutputFile: OutputFormat:table Parallelism:5 Java:false PrintExceptions:false PullSecret: TimeLimit:1h0m0s Verbose:false UseRPMScan:false ConfigFile:{FilterFiles:[] FilterDirs:[/lib/firmware /lib/modules /usr/lib/.build-id /usr/lib/firmware /usr/lib/grub /usr/lib/modules /usr/share/app-info /usr/share/doc /usr/share/fonts /usr/share/icons /usr/share/openshift /usr/src/plugins /rootfs /sysroot] FilterImages:[] JavaDisabledAlgorithms:[DH keySize < 2048 TLSv1.1 TLSv1 SSLv3 SSLv2 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 DHE_DSS RSA_EXPORT DHE_DSS_EXPORT DHE_RSA_EXPORT DH_DSS_EXPORT DH_RSA_EXPORT DH_anon ECDH_anon DH_RSA DH_DSS ECDH 3DES_EDE_CBC DES_CBC RC4_40 RC4_128 DES40_CBC RC2 HmacMD5] CertifiedDistributions:[] PayloadIgnores:map[openshift-enterprise-pod-container:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/bin/pod] Dirs:[] Tags:[]}]} openshift-istio-cni-rhel8-container:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrLibcryptoSoMissing Files:[/opt/cni/bin/istio-cni-rhel9] Dirs:[] Tags:[]}]} openshift-virtualization-cdi-container:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoNotCgoEnabled Files:[/usr/bin/cdi-containerimage-server] Dirs:[] Tags:[]}]} openshift-virtualization-virt-container:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/bin/container-disk] Dirs:[] Tags:[]}]}] TagIgnores:map[] RPMIgnores:map[containernetworking-plugins:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[] Dirs:[/usr/libexec/cni] Tags:[]}]} cri-o:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/crio /usr/bin/crio-status] Dirs:[] Tags:[]} {Error:ErrNotDynLinked Files:[/usr/bin/pinns] Dirs:[] Tags:[]}]} cri-tools:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/crictl] Dirs:[] Tags:[]}]} glibc:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/sbin/ldconfig /sbin/ldconfig] Dirs:[] Tags:[]}]} glibc-common:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/sbin/build-locale-archive] Dirs:[] Tags:[]}]} ignition:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/lib/dracut/modules.d/30ignition/ignition] Dirs:[] Tags:[]}]} podman:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/podman /usr/libexec/podman/quadlet /usr/libexec/podman/rootlessport] Dirs:[] Tags:[]} {Error:ErrNotDynLinked Files:[/usr/libexec/podman/catatonit] Dirs:[] Tags:[]}]} podman-catatonit:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/libexec/catatonit/catatonit] Dirs:[] Tags:[]}]} runc:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/runc] Dirs:[] Tags:[]} {Error:ErrGoInvalidTag Files:[/usr/bin/runc] Dirs:[] Tags:[]} {Error:ErrGoMissingSymbols Files:[/usr/bin/runc] Dirs:[] Tags:[]} {Error:ErrLibcryptoMissing Files:[/usr/bin/runc] Dirs:[] Tags:[]}]} skopeo:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/skopeo] Dirs:[] Tags:[]}]} tini:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/bin/tini-static] Dirs:[] Tags:[]}]}] ErrIgnores:[]}}
I0918 14:59:57.154227   78701 main.go:103] "scan" version="d67cb51b"
I0918 14:59:57.193388   78701 validations.go:397] rpm -qf error: exit status 1 (stderr=rpm: arguments to --root (-r) must begin with a /)
I0918 14:59:57.193440   78701 scan.go:460] "scanning failed" image="" path="/usr/local/bin/helm-operator" error="go binary is not CGO_ENABLED" component="" tag="" rpm="" status="failed"
I0918 14:59:57.200220   78701 validations.go:397] rpm -qf error: exit status 1 (stderr=rpm: arguments to --root (-r) must begin with a /)
I0918 14:59:57.200257   78701 scan.go:460] "scanning failed" image="" path="/usr/sbin/ldconfig" error="executable is not dynamically linked" component="" tag="" rpm="" status="failed"
---- Failure Report
+------------------------------+--------------------------------------+
| EXECUTABLE NAME              | STATUS                               |
+------------------------------+--------------------------------------+
| /usr/local/bin/helm-operator | go binary is not CGO_ENABLED         |
| /usr/sbin/ldconfig           | executable is not dynamically linked |
+------------------------------+--------------------------------------+
Usage:
  check-payload scan local [flags]

Flags:
  -h, --help          help for local
      --path string   Path to the local unpacked image bundle

Global Flags:
      --add_dir_header                   If true, adds the file directory to the header of the log messages
      --alsologtostderr                  log to standard error as well as files (no effect when -logtostderr=true)
      --components strings               Filter scans by component. Payload scans support a list of components. Local scans support at most one component, which is intended to match the local unpacked image.
  -c, --config string                    use toml config file (default: config.toml)
  -V, --config-for-version string        use embedded toml config file for specified version
      --cpuprofile string                write CPU profile to file
      --fail-on-warnings                 fail on warnings
      --filter-dirs strings              
      --filter-files strings             
      --filter-images strings            
      --insecure-pull                    use insecure pull
      --limit int                        limit the number of pods scanned (default -1)
      --log_backtrace_at traceLocation   when logging hits line file:N, emit a stack trace (default :0)
      --log_dir string                   If non-empty, write log files in this directory (no effect when -logtostderr=true)
      --log_file string                  If non-empty, use this log file (no effect when -logtostderr=true)
      --log_file_max_size uint           Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                      log to standard error instead of files (default true)
      --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
      --output-file string               write report to file
      --output-format string             output format (table, csv, markdown, html) (default "table")
      --parallelism int                  how many pods to check at once (default 5)
  -p, --print-exceptions                 display exception list
      --pull-secret string               pull secret to use for pulling images
      --skip_headers                     If true, avoid header prefixes in the log messages
      --skip_log_headers                 If true, avoid headers when opening log files (no effect when -logtostderr=true)
      --stderrthreshold severity         logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
      --time-limit duration              limit running time (default 1h0m0s)
  -v, --v Level                          number for the log level verbosity
      --verbose                          verbose
      --vmodule moduleSpec               comma-separated list of pattern=N settings for file-filtered logging

F0918 14:59:57.205156   78701 main.go:296] Error: run failed

check-payload
❯ echo $?
255

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale