Allow configuration of Rootlesskit's CopyUpDirs through an environment variable #228

	name: PR Comment Triggered Trivy Scan

	on:
	issue_comment:
	types: [created]

	jobs:
	trivy_scan:
	if: github.event.issue.pull_request && github.event.comment.body == '/trivy'
	runs-on: ubuntu-latest
	permissions:
	pull-requests: write
	env:
	GH_TOKEN: ${{ github.token }}
	steps:
	- name: Checkout PR code
	uses: actions/checkout@v4
	with:
	ref: refs/pull/${{ github.event.issue.number }}/head

	- name: Comment Status on PR
	run: \|
	gh repo set-default ${{ github.repository }}
	gh pr comment ${{ github.event.issue.number }} -b ":construction: Running Trivy scan on PR :construction: "

	- name: Build K3s Image
	run: \|
	make local
	make package-image
	make tag-image-latest

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@0.24.0
	with:
	image-ref: 'rancher/k3s:latest'
	format: 'table'
	severity: "HIGH,CRITICAL"
	output: "trivy-report.txt"

	- name: Add Trivy Report to PR
	run: \|
	sudo chown runner:runner trivy-report.txt
	if [ -s trivy-report.txt ] && [ -n "$(grep -v '^\s*$' trivy-report.txt)" ]; then
	echo '```' \| cat - trivy-report.txt > temp && mv temp trivy-report.txt
	echo '```' >> trivy-report.txt
	gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
	else
	echo ':star2: No High or Critical CVEs Found :star2:' > trivy-report.txt
	gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt
	fi

	- name: Report Failure
	if: ${{ failure() }}
	run: \|
	gh issue comment ${{ github.event.issue.number }} --edit-last -b ":x: Trivy scan action failed, check logs :x:"

Provide feedback