Skip to content

fix: upload trivy report to step summary and truncate PR comment if too large#246

Merged
chgl merged 2 commits into
masterfrom
copilot/fix-comment-body-length-issue
May 24, 2026
Merged

fix: upload trivy report to step summary and truncate PR comment if too large#246
chgl merged 2 commits into
masterfrom
copilot/fix-comment-body-length-issue

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 24, 2026

marocchino/sticky-pull-request-comment fails with a GitHub API validation error when the Trivy report exceeds the 65,536-character PR comment limit. Large images with many vulnerabilities reliably hit this ceiling.

Changes

  • New step inserted before the sticky comment step that:
    • Always writes the full report to GITHUB_STEP_SUMMARY
    • If wc -c on trivy-pr-report.md exceeds MAX_PR_COMMENT_SIZE=65536, overwrites the file with a short fallback message linking to the workflow run summary
  • The sticky comment step is unchanged — it continues to post whatever is in trivy-pr-report.md, which is now guaranteed to be within the API limit

@chgl chgl marked this pull request as ready for review May 24, 2026 10:30
Copilot AI review requested due to automatic review settings May 24, 2026 10:30
Copilot AI reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Trivy PR-report publishing flow to avoid marocchino/sticky-pull-request-comment failing when the generated report exceeds GitHub’s PR comment size limits, while still preserving access to the full report via the workflow run UI.

Changes:

  • Adds a step to append the full trivy-pr-report.md content to GITHUB_STEP_SUMMARY.
  • Adds logic to overwrite trivy-pr-report.md with a short fallback message linking to the workflow run when the report is too large for a PR comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/standard-build.yaml
@chgl
Potential fix for pull request finding
e9e63e0 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 24, 2026
edited
Loading

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 4 0 0 0.11s
✅ COPYPASTE jscpd yes no no 1.31s
✅ DOCKERFILE hadolint 1 0 0 0.18s
✅ JSON jsonlint 3 0 0 0.5s
✅ JSON prettier 3 0 0 0.5s
✅ JSON v8r 3 0 0 2.64s
✅ MARKDOWN markdownlint 1 0 0 0.57s
✅ MARKDOWN markdown-table-formatter 1 0 0 0.24s
✅ PYTHON bandit 1 0 0 2.43s
✅ PYTHON black 1 0 0 0.88s
✅ PYTHON flake8 1 0 0 0.59s
✅ PYTHON isort 1 0 0 0.21s
✅ PYTHON mypy 1 0 0 3.3s
✅ PYTHON pylint 1 0 0 3.76s
✅ PYTHON pyright 1 0 0 1.82s
✅ PYTHON ruff 1 0 0 0.04s
✅ REPOSITORY checkov yes no no 23.93s
✅ REPOSITORY dustilock yes no no 0.02s
✅ REPOSITORY gitleaks yes no no 0.28s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 53.91s
✅ REPOSITORY kics yes no no 3.57s
✅ REPOSITORY kingfisher yes no no 5.11s
✅ REPOSITORY secretlint yes no no 1.32s
✅ REPOSITORY syft yes no no 2.25s
✅ REPOSITORY trivy yes no no 10.0s
✅ REPOSITORY trivy-sbom yes no no 0.14s
✅ REPOSITORY trufflehog yes no no 3.74s
✅ YAML prettier 6 0 0 0.73s
✅ YAML v8r 6 0 0 6.61s
✅ YAML yamllint 6 0 0 0.58s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 24, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-246 (debian 13.4)

16 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 13 LOW: 2)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc-bin CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libcap2 CVE-2026-4878 HIGH 1:2.75-10+b8 1:2.75-10+deb13u1
libsystemd0 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
sed CVE-2026-5958 MEDIUM 4.9-2 4.9-2+deb13u1

No Misconfigurations found

Python

2 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 2 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
pip CVE-2026-3219 MEDIUM 26.0.1 26.1
pip CVE-2026-6357 MEDIUM 26.0.1 26.1

No Misconfigurations found

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 24, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.4)

16 known vulnerabilities found (HIGH: 1 MEDIUM: 13 LOW: 2 CRITICAL: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc-bin CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libcap2 CVE-2026-4878 HIGH 1:2.75-10+b8 1:2.75-10+deb13u1
libsystemd0 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
sed CVE-2026-5958 MEDIUM 4.9-2 4.9-2+deb13u1

No Misconfigurations found

Python

2 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 2 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
pip CVE-2026-3219 MEDIUM 26.0.1 26.1
pip CVE-2026-6357 MEDIUM 26.0.1 26.1

No Misconfigurations found

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 24, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-246 (debian 13.4)

16 known vulnerabilities found (CRITICAL: 0 HIGH: 1 MEDIUM: 13 LOW: 2)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libc-bin CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc-bin CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4046 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4437 MEDIUM 2.41-12+deb13u2 2.41-12+deb13u3
libc6 CVE-2026-4438 LOW 2.41-12+deb13u2 2.41-12+deb13u3
libcap2 CVE-2026-4878 HIGH 1:2.75-10+b8 1:2.75-10+deb13u1
libsystemd0 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libsystemd0 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-29111 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40225 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-40226 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
libudev1 CVE-2026-4105 MEDIUM 257.9-1~deb13u1 257.13-1~deb13u1
sed CVE-2026-5958 MEDIUM 4.9-2 4.9-2+deb13u1

No Misconfigurations found

Python

2 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 0 MEDIUM: 2)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
pip CVE-2026-3219 MEDIUM 26.0.1 26.1
pip CVE-2026-6357 MEDIUM 26.0.1 26.1

No Misconfigurations found

@chgl chgl merged commit dfd313e into master May 24, 2026
41 checks passed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 24, 2026

🎉 This PR is included in version 1.11.33 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@chgl chgl

Copilot code review Copilot

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chgl