ci: print Trivy fs findings to the workflow log

[muhammad-tahir-nawaz]

Summary

The reusable trivy-go-tests.yaml fs scan used output: 'trivy-results.txt', which writes the findings table to a file instead of stdout. That file used to be read by a "Comment Trivy Results on the Pull Request" step, but that step was removed (in the image-scan rollout), so the findings now go nowhere. A failing scan shows only:

[gomod] Detecting vulnerabilities...
##[error]Process completed with exit code 1.

…with no indication of which CVEs/packages failed, forcing people to reproduce the scan locally to triage.

This removes the output: redirect so Trivy prints the findings table directly to the workflow log. Failures become self-explanatory in the Actions UI.

Why

Restores visibility of Trivy findings in CI logs. No change to what is scanned or gated — same scan-type, severity, ignore-unfixed, and exit-code: '1'. Only where the output goes.

Notes

• Only the fs scan was affected; the deploy image scan in deployment.yaml already prints to the log (no output: redirect).

QA Report

• No QA report required

Integration Tests

• No integration tests required

[Copilot]

Pull request overview

This PR restores visibility of Trivy filesystem (fs) scan findings in CI by removing the output: redirection that wrote results to a file, allowing Trivy to print the findings table directly to the workflow log.

Changes:

• Removed output: 'trivy-results.txt' from the Trivy fs scan step so findings are emitted to stdout (and therefore visible in Actions logs).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[greptile-apps]

Greptile Summary

This PR removes the output: 'trivy-results.txt' redirect from the Trivy fs scan step so scan findings are printed directly to the Actions workflow log instead of being silently written to a file that nothing reads.

• The output: parameter was left over from a "Comment Trivy Results on the Pull Request" step that was removed during the image-scan rollout; without this fix, a failing scan exits with code 1 but produces no visible CVE details in the log.
• No scanning behavior changes: scan-type, severity, ignore-unfixed, and exit-code are all unchanged.
• Grep confirms trivy-results.txt is no longer referenced anywhere in .github/, so removing the redirect has no side-effects.

Confidence Score: 5/5

Safe to merge — one-line deletion with no downstream consumers of the removed file.

The change is a single-line deletion of a stale output: redirect. The file trivy-results.txt is not referenced anywhere else in .github/, the scan configuration itself is untouched, and the only effect is that Trivy now emits its findings table to stdout where they are immediately visible in the Actions log.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/trivy-go-tests.yaml	Removes the stale output: 'trivy-results.txt' parameter so Trivy prints findings to stdout; no other step in the workflow or repository references that file.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant GH as GitHub Actions Runner
    participant Trivy as aquasecurity/trivy-action
    participant Log as Workflow Log

    Note over GH,Log: Before this PR
    GH->>Trivy: "scan-type=fs, output=trivy-results.txt"
    Trivy-->>GH: writes findings to trivy-results.txt
    Note over GH: No step reads trivy-results.txt
    Note over Log: Findings never visible in log

    Note over GH,Log: After this PR
    GH->>Trivy: "scan-type=fs (no output redirect)"
    Trivy-->>Log: prints findings table to stdout
    Note over Log: Findings visible directly in Actions UI

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant GH as GitHub Actions Runner
    participant Trivy as aquasecurity/trivy-action
    participant Log as Workflow Log

    Note over GH,Log: Before this PR
    GH->>Trivy: "scan-type=fs, output=trivy-results.txt"
    Trivy-->>GH: writes findings to trivy-results.txt
    Note over GH: No step reads trivy-results.txt
    Note over Log: Findings never visible in log

    Note over GH,Log: After this PR
    GH->>Trivy: "scan-type=fs (no output redirect)"
    Trivy-->>Log: prints findings table to stdout
    Note over Log: Findings visible directly in Actions UI

Loading

_{Reviews (1): Last reviewed commit: "ci: print Trivy fs findings to the workf..." | Re-trigger Greptile}