feat(release_create): add virustotal scanning

[ReenigneArcher]

Description

This PR adds virustotal automated scanning to the release_create action

Screenshot

Issues Fixed or Closed

• Closes automate virus total reports roadmap#86

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Dependency update (updates to dependencies)
• Documentation update (changes to documentation)
• Repository update (changes to repository files, e.g. .github/...)

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated the in code docstring/documentation-blocks for new or existing methods/components

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (58a32e0) to head (8214656).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master       #13   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines          384       384           
=========================================
  Hits           384       384           

Flag	Coverage Δ
Linux	100.00% <ø> (ø)
Windows	67.70% <ø> (ø)
macOS	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull Request Overview

Adds VirusTotal automated scanning to the release_create action by generating a test binary, accepting an API key, running a scan, and appending results to the release body.

• Introduce pre-ci.sh to produce a dummy binary for scanning
• Update CI matrix and action.yml to accept virustotal_api_key and trigger a scan + formatting step
• Document the new input and inject the secret in the workflow

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
actions/release_create/pre-ci.sh	Create and validate a dummy binary for VirusTotal testing
actions/release_create/ci-matrix.json	Add dist/* artifacts and virustotal_api_key to the CI matrix
actions/release_create/action.yml	Define new input, run VirusTotal scan, format and override release body
actions/release_create/README.md	Document the virustotal_api_key input
.github/workflows/ci.yml	Populate VIRUSTOTAL_API_KEY in workflow parameters

Comments suppressed due to low confidence (3)

actions/release_create/action.yml:88

• The single quotes prevent ${{ steps.vt.outputs.json }} from being expanded. Use double quotes instead: if [ -n "${{ steps.vt.outputs.json }}" ].

        if [ -n '${{ steps.vt.outputs.json }}' ]; then

actions/release_create/action.yml:97

• Single quotes around ${{ steps.vt.outputs.json }} will not expand the output. Switch to double quotes: printf '%s\n' "${{ steps.vt.outputs.json }}".

          printf '%s\n' '${{ steps.vt.outputs.json }}' | jq -r '.[] | "- [\(.name)](\(.link))"' >> release_body.md

actions/release_create/action.yml:83

• [nitpick] The here-doc is indented, which may introduce unwanted leading spaces in the release body. Consider using an unindented << 'BODY_EOF' or a tab-stripping <<- 'BODY_EOF' syntax.

        cat > release_body.md << 'BODY_EOF'

[Copilot]

Consider adding set -euo pipefail after the shebang to fail early on errors and improve script robustness.