Give good report if no CVEs found in trivy (#10853)

Signed-off-by: Derek Nola <derek.nola@suse.com>
k3s-io · Sep 6, 2024 · 61c7011 · 61c7011
1 parent c4c11e5
commit 61c7011
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -39,9 +39,15 @@ jobs:
 
     - name: Add Trivy Report to PR
       run: |
-        echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt
-        echo '```' >> trivy-report.txt
-        gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        sudo chown runner:runner trivy-report.txt
+        if [ -s trivy-report.txt ] && [ -n "$(grep -v '^\s*$' trivy-report.txt)" ]; then
+          echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt
+          echo '```' >> trivy-report.txt
+          gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        else
+          echo ':star2: No High or Critical CVEs Found :star2:' > trivy-report.txt
+          gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        fi
     
     - name: Report Failure
       if: ${{ failure() }}