From aa8586b7affcf5c649b8d718c9409d83383e4df9 Mon Sep 17 00:00:00 2001
From: Steven Rhodes <xtu3@cdc.gov>
Date: Thu, 27 Mar 2025 21:18:35 -0400
Subject: [PATCH 1/2] Testing Trivy

---
 .gitignore  |  1 +
 example.txt |  2 ++
 test.tf     | 13 +++++++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 example.txt
 create mode 100644 test.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7bb802e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.terraform
\ No newline at end of file
diff --git a/example.txt b/example.txt
new file mode 100644
index 0000000..a76c79d
--- /dev/null
+++ b/example.txt
@@ -0,0 +1,2 @@
+Just a simple test!
+This is for Trivy.
\ No newline at end of file
diff --git a/test.tf b/test.tf
new file mode 100644
index 0000000..7b27789
--- /dev/null
+++ b/test.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
+# Define a data object (local value in this case)
+data "local_file" "example" {
+  filename = "example.txt"
+}
+
+output "file_content" {
+  value = data.local_file.example.content
+}
+

From f63d2a5ca86bc082f96e59f9c39cff5e4982113d Mon Sep 17 00:00:00 2001
From: Steven Rhodes <xtu3@cdc.gov>
Date: Thu, 27 Mar 2025 21:35:20 -0400
Subject: [PATCH 2/2] ren file

---
 .github/workflows/trivy-test.yaml.hold | 50 ++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/trivy-test.yaml.hold

diff --git a/.github/workflows/trivy-test.yaml.hold b/.github/workflows/trivy-test.yaml.hold
new file mode 100644
index 0000000..472762d
--- /dev/null
+++ b/.github/workflows/trivy-test.yaml.hold
@@ -0,0 +1,50 @@
+name: Trivy Test.
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  trivy-comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Download Atlantis artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: atlantis-output
+          path: .
+
+      - name: Parse Trivy results
+        id: parse-trivy
+        run: |
+          if [ -f "trivy-results.json" ]; then
+            RESULTS=$(cat trivy-results.json)
+            echo "results=$RESULTS" >> $GITHUB_OUTPUT
+          else
+            echo "results={}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Format Trivy results
+        id: format-trivy
+        if: ${{ steps.parse-trivy.outputs.results != '{}' }}
+        run: |
+          RESULTS="${{ steps.parse-trivy.outputs.results }}"
+          FORMATTED_RESULTS=$(echo "$RESULTS" | jq -r '.Results[] | "Severity: \(.Severity), Resource: \(.Target), Message: \(.Messages[])"')
+          echo "formatted_results<<EOF" >> $GITHUB_OUTPUT
+          echo "$FORMATTED_RESULTS" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+      - name: Comment Trivy results
+        uses: peter-evans/create-or-update-comment@v3
+        if: ${{ steps.parse-trivy.outputs.results != '{}' }}
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            ## Trivy Scan Results
+
+            ```text
+            ${{ steps.format-trivy.outputs.formatted_results }}
+            ```
+          reactions: '+1'
\ No newline at end of file