From 61c7011cab263efb3a836e6b2738fb93f581c5ef Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Fri, 6 Sep 2024 14:58:26 -0700
Subject: [PATCH] Give good report if no CVEs found in trivy (#10853)

Signed-off-by: Derek Nola <derek.nola@suse.com>
---
 .github/workflows/trivy.yaml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 9b7a574a14b9..8385b97534e1 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -39,9 +39,15 @@ jobs:
     
     - name: Add Trivy Report to PR
       run: |
-        echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt
-        echo '```' >> trivy-report.txt
-        gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        sudo chown runner:runner trivy-report.txt
+        if [ -s trivy-report.txt ] && [ -n "$(grep -v '^\s*$' trivy-report.txt)" ]; then
+          echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt
+          echo '```' >> trivy-report.txt
+          gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        else
+          echo ':star2: No High or Critical CVEs Found :star2:' > trivy-report.txt
+          gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
+        fi
     
     - name: Report Failure
       if: ${{ failure() }}