search

reviewdog / action-trivy

MIT License
9 stars 8 forks source link

Error on launching the default example #45

Open irizzant opened 5 months ago

irizzant commented 5 months ago

I tried to execute the action with this workflow

      - name: Run trivy with reviewdog output on the PR
        uses: reviewdog/action-trivy@v1.5.2
        with:
          github_token: ${{ secrets.github_token }}
          trivy_command: config # Change trivy command
          trivy_target: . # Change trivy target directory
          level: info # Get more output from reviewdog
          reporter: github-pr-review # Change reviewdog reporter
          filter_mode: nofilter # Check all files, not just the diff
          fail_on_error: false # Fail action if errors are found
          flags: -tee # Add debug flag to reviewdog
          trivy_flags: "" # Optional

The action reports an error immagine

but I see no review created on my PR.

I've also tried to change the command like this:

- name: Run trivy with reviewdog output on the PR
        uses: reviewdog/action-trivy@v1.5.2
        with:
          github_token: ${{ secrets.github_token }}
          trivy_command: filesystem # Change trivy command
          trivy_target: . # Change trivy target directory
          level: info # Get more output from reviewdog
          reporter: github-pr-review # Change reviewdog reporter
          filter_mode: nofilter # Check all files, not just the diff
          fail_on_error: false # Fail action if errors are found
          flags: -tee # Add debug flag to reviewdog
          trivy_flags: "--cache-dir  .trivy --vuln-type os,library" # Optional

and the result is the pipeline is successful but without any issue detected: immagine

which isn't possible since there are issues: immagine

nayuta commented 5 months ago

@irizzant I tested in my fork with your settings, without reporter changes. However, I couldn't reproduce the error. Can you try with the newest versions?

Code: https://github.com/nayuta/action-trivy/pull/11/files#diff-1db27d93186e46d3b441ece35801b244db8ee144ff1405ca27a163bfe878957fR57 Action result: https://github.com/nayuta/action-trivy/actions/runs/9467294468/job/26081008166?pr=11

zubeyiro commented 4 months ago

@irizzant @nayuta Im having the same issue, any chance on this? All seems fine, I see the output in CI action but no review comments are being created by reviewdog

nayuta commented 4 months ago

@irizzant @zubeyiro I need to confirm whether you're trying to comment on the changed files on the PR. Unfortunately, we cannot create comments on unchanged files.

I tested it on this PR: https://github.com/nayuta/action-trivy/pull/16 Could you check about it?

zubeyiro commented 4 months ago

@irizzant @zubeyiro I need to confirm whether you're trying to comment on the changed files on the PR. Unfortunately, we cannot create comments on unchanged files.

I tested it on this PR: nayuta#16 Could you check about it?

@nayuta I have tried this, first my report has created errors on CI flow, then I have made a change on one file -didnt fix the error- but still no comment on PR