From 393da954ae40a86b5c3266b040ad45c357cb31b5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 24 May 2026 10:27:47 +0000 Subject: [PATCH 1/2] fix: truncate trivy PR comment if too long and upload to step summary Agent-Logs-Url: https://github.com/chgl/.github/sessions/ff21aff2-540b-439a-903d-a441c8f82a5d Co-authored-by: chgl <5307555+chgl@users.noreply.github.com> --- .github/workflows/standard-build.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/standard-build.yaml b/.github/workflows/standard-build.yaml index b9e224b..6824dcc 100644 --- a/.github/workflows/standard-build.yaml +++ b/.github/workflows/standard-build.yaml @@ -286,6 +286,19 @@ jobs: --ignore-unfixed="${TRIVY_IGNORE_UNFIXED}" \ "${IMAGE_TO_SCAN}" + - name: Upload trivy report to step summary and truncate PR comment if too long + if: ${{ github.event_name == 'pull_request' && inputs.enable-trivy-scan && !github.event.pull_request.head.repo.fork }} + env: + SUMMARY_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + run: | + cat trivy-pr-report.md >> "$GITHUB_STEP_SUMMARY" + # GitHub PR comments are limited to 65536 characters + MAX_PR_COMMENT_SIZE=65536 + report_size=$(wc -c < trivy-pr-report.md) + if [ "$report_size" -gt "$MAX_PR_COMMENT_SIZE" ]; then + printf "The Trivy vulnerability report is too large to display as a PR comment.\n\nPlease view the full report in the [workflow run summary](%s).\n" "$SUMMARY_URL" > trivy-pr-report.md + fi + - name: Add trivy report PR comment uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 # when running from a fork, the CI token doesn't have enough permissions to create PR comments From e9e63e08be94735f1c86f68f6a36dc280d4354a9 Mon Sep 17 00:00:00 2001 From: chgl Date: Sun, 24 May 2026 12:33:27 +0200 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/standard-build.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/standard-build.yaml b/.github/workflows/standard-build.yaml index 6824dcc..ec48760 100644 --- a/.github/workflows/standard-build.yaml +++ b/.github/workflows/standard-build.yaml @@ -287,15 +287,16 @@ jobs: "${IMAGE_TO_SCAN}" - name: Upload trivy report to step summary and truncate PR comment if too long - if: ${{ github.event_name == 'pull_request' && inputs.enable-trivy-scan && !github.event.pull_request.head.repo.fork }} + if: ${{ github.event_name == 'pull_request' && inputs.enable-trivy-scan }} env: SUMMARY_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + IS_FORK: "${{ github.event.pull_request.head.repo.fork }}" run: | cat trivy-pr-report.md >> "$GITHUB_STEP_SUMMARY" # GitHub PR comments are limited to 65536 characters MAX_PR_COMMENT_SIZE=65536 report_size=$(wc -c < trivy-pr-report.md) - if [ "$report_size" -gt "$MAX_PR_COMMENT_SIZE" ]; then + if [ "$IS_FORK" != "true" ] && [ "$report_size" -gt "$MAX_PR_COMMENT_SIZE" ]; then printf "The Trivy vulnerability report is too large to display as a PR comment.\n\nPlease view the full report in the [workflow run summary](%s).\n" "$SUMMARY_URL" > trivy-pr-report.md fi