From 82146563a05e364600010021f43c9ecb24fec482 Mon Sep 17 00:00:00 2001
From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
Date: Tue, 1 Jul 2025 23:19:52 -0400
Subject: [PATCH] feat(release_create): add virustotal scanning

---
 .github/workflows/ci.yml              |  1 +
 actions/release_create/README.md      |  1 +
 actions/release_create/action.yml     | 45 ++++++++++++++++++++++++++-
 actions/release_create/ci-matrix.json |  5 +--
 actions/release_create/pre-ci.sh      | 26 ++++++++++++++++
 5 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 actions/release_create/pre-ci.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c330ed9..3e131fd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -91,6 +91,7 @@ jobs:
             -e 's|\${ secrets.GH_BOT_NAME }|${{ secrets.GH_BOT_NAME }}|g' \
             -e 's|\${ secrets.GH_BOT_TOKEN }|${{ secrets.GH_BOT_TOKEN }}|g' \
             -e 's|\${ secrets.GITHUB_TOKEN }|${{ secrets.GITHUB_TOKEN }}|g' \
+            -e 's|\${ secrets.VIRUSTOTAL_API_KEY }|${{ secrets.VIRUSTOTAL_API_KEY }}|g' \
             "with_params.json"
 
           # Output the processed parameters
diff --git a/actions/release_create/README.md b/actions/release_create/README.md
index f21c259..d342dd9 100644
--- a/actions/release_create/README.md
+++ b/actions/release_create/README.md
@@ -38,6 +38,7 @@ steps:
 | sleepDuration           | The duration to sleep in seconds before deleting tags.                                               | `15`            | `false`  |
 | tag                     | The tag to create.                                                                                   |                 | `true`   |
 | token                   | GitHub Token.                                                                                        |                 | `true`   |
+| virustotal_api_key      | The VirusTotal API key to use for scanning artifacts.                                                |                 | `false`  |
 
 ## See Also
 
diff --git a/actions/release_create/action.yml b/actions/release_create/action.yml
index 8eaa295..27e10de 100644
--- a/actions/release_create/action.yml
+++ b/actions/release_create/action.yml
@@ -57,10 +57,53 @@ inputs:
   token:
     description: 'Github Token.'
     required: true
+  virustotal_api_key:
+    description: 'The VirusTotal API key to use for scanning the artifacts.'
+    required: false
 
 runs:
   using: "composite"
   steps:
+    - name: VirusTotal
+      if: inputs.virustotal_api_key != ''
+      id: vt
+      uses: cssnr/virustotal-action@v1.3.1
+      with:
+        file_globs: ${{ inputs.artifacts }}
+        summary: true
+        update_release: false
+        vt_api_key: ${{ inputs.virustotal_api_key }}
+
+    - name: Format VirusTotal Results
+      if: inputs.virustotal_api_key != ''
+      id: format-vt
+      shell: bash
+      run: |
+        # Create body file with original content
+        cat > release_body.md << 'BODY_EOF'
+        ${{ inputs.body }}
+        BODY_EOF
+
+        # If we have VT results, append them
+        if [ -n '${{ steps.vt.outputs.json }}' ]; then
+          # Add separator if body exists and isn't empty
+          if [ -s release_body.md ] && [ "$(cat release_body.md | tr -d '[:space:]')" != "" ]; then
+            echo "" >> release_body.md
+          fi
+
+          # Append VirusTotal results
+          echo "---" >> release_body.md
+          echo "🛡️ **VirusTotal Results:**" >> release_body.md
+          printf '%s\n' '${{ steps.vt.outputs.json }}' | jq -r '.[] | "- [\(.name)](\(.link))"' >> release_body.md
+        fi
+
+        # Set output
+        {
+          echo "body<<EOF"
+          cat release_body.md
+          echo "EOF"
+        } >> $GITHUB_OUTPUT
+
     - name: Create/Update GitHub Release
       if: >-
         github.repository == 'LizardByte/actions' ||
@@ -70,7 +113,7 @@ runs:
         allowUpdates: ${{ inputs.allowUpdates }}
         artifactErrorsFailBuild: ${{ inputs.artifactErrorsFailBuild }}
         artifacts: ${{ inputs.artifacts }}
-        body: ${{ inputs.body }}
+        body: ${{ steps.format-vt.outputs.body || inputs.body }}
         commit: ${{ github.sha }}
         generateReleaseNotes: ${{ inputs.generateReleaseNotes }}
         name: ${{ inputs.name }}
diff --git a/actions/release_create/ci-matrix.json b/actions/release_create/ci-matrix.json
index 6645e2a..ed5c1db 100644
--- a/actions/release_create/ci-matrix.json
+++ b/actions/release_create/ci-matrix.json
@@ -4,13 +4,14 @@
     "runs-on": "ubuntu-latest",
     "with": {
       "allowUpdates": false,
-      "artifacts": "",
+      "artifacts": "dist/*",
       "body": "Test from PR-${ github.event.pull_request.number }",
       "generateReleaseNotes": false,
       "name": "pr-${ github.event.pull_request.number }-${ github.run_id }",
       "prerelease": true,
       "tag": "pr-${ github.event.pull_request.number }-${ github.run_id }",
-      "token": "${ secrets.GH_BOT_TOKEN }"
+      "token": "${ secrets.GH_BOT_TOKEN }",
+      "virustotal_api_key": "${ secrets.VIRUSTOTAL_API_KEY }"
     }
   }
 ]
diff --git a/actions/release_create/pre-ci.sh b/actions/release_create/pre-ci.sh
new file mode 100644
index 0000000..8cef8fc
--- /dev/null
+++ b/actions/release_create/pre-ci.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Create a dummy binary file to simulate with virustotal scan
+
+# Create output directory if it doesn't exist
+mkdir -p dist
+
+# Create a simple dummy executable
+cat > dist/dummy-binary << 'EOF'
+#!/bin/bash
+echo "This is a dummy binary for VirusTotal testing"
+exit 0
+EOF
+
+# Make it executable
+chmod +x dist/dummy-binary
+
+# Validate the binary file was created successfully
+if [[ -f "dist/dummy-binary" && -x "dist/dummy-binary" ]]; then
+    echo "Valid dummy binary created at dist/dummy-binary"
+    echo "File size: $(stat -c%s dist/dummy-binary) bytes"
+    echo "File type: $(file dist/dummy-binary)"
+else
+    echo "Error: Failed to create valid dummy binary"
+    exit 1
+fi