Skip to content

feat(release_create): add virustotal scanning #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ReenigneArcher merged 1 commit into from
Jul 2, 2025
Merged

feat(release_create): add virustotal scanning #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ jobs:
-e 's|\${ secrets.GH_BOT_NAME }|${{ secrets.GH_BOT_NAME }}|g' \
-e 's|\${ secrets.GH_BOT_TOKEN }|${{ secrets.GH_BOT_TOKEN }}|g' \
-e 's|\${ secrets.GITHUB_TOKEN }|${{ secrets.GITHUB_TOKEN }}|g' \
-e 's|\${ secrets.VIRUSTOTAL_API_KEY }|${{ secrets.VIRUSTOTAL_API_KEY }}|g' \
"with_params.json"

# Output the processed parameters
Expand Down
1 change: 1 addition & 0 deletions actions/release_create/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ steps:
| sleepDuration | The duration to sleep in seconds before deleting tags. | `15` | `false` |
| tag | The tag to create. | | `true` |
| token | GitHub Token. | | `true` |
| virustotal_api_key | The VirusTotal API key to use for scanning artifacts. | | `false` |

## See Also

Expand Down
45 changes: 44 additions & 1 deletion actions/release_create/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,53 @@ inputs:
token:
description: 'Github Token.'
required: true
virustotal_api_key:
description: 'The VirusTotal API key to use for scanning the artifacts.'
required: false

runs:
using: "composite"
steps:
- name: VirusTotal
if: inputs.virustotal_api_key != ''
id: vt
uses: cssnr/virustotal-action@v1.3.1
with:
file_globs: ${{ inputs.artifacts }}
summary: true
update_release: false
vt_api_key: ${{ inputs.virustotal_api_key }}

- name: Format VirusTotal Results
if: inputs.virustotal_api_key != ''
id: format-vt
shell: bash
run: |
# Create body file with original content
cat > release_body.md << 'BODY_EOF'
${{ inputs.body }}
BODY_EOF

# If we have VT results, append them
if [ -n '${{ steps.vt.outputs.json }}' ]; then
# Add separator if body exists and isn't empty
if [ -s release_body.md ] && [ "$(cat release_body.md | tr -d '[:space:]')" != "" ]; then
echo "" >> release_body.md
fi

# Append VirusTotal results
echo "---" >> release_body.md
echo "🛡️ **VirusTotal Results:**" >> release_body.md
printf '%s\n' '${{ steps.vt.outputs.json }}' | jq -r '.[] | "- [\(.name)](\(.link))"' >> release_body.md
fi

# Set output
{
echo "body<<EOF"
cat release_body.md
echo "EOF"
} >> $GITHUB_OUTPUT

- name: Create/Update GitHub Release
if: >-
github.repository == 'LizardByte/actions' ||
Expand All @@ -70,7 +113,7 @@ runs:
allowUpdates: ${{ inputs.allowUpdates }}
artifactErrorsFailBuild: ${{ inputs.artifactErrorsFailBuild }}
artifacts: ${{ inputs.artifacts }}
body: ${{ inputs.body }}
body: ${{ steps.format-vt.outputs.body || inputs.body }}
commit: ${{ github.sha }}
generateReleaseNotes: ${{ inputs.generateReleaseNotes }}
name: ${{ inputs.name }}
Expand Down
5 changes: 3 additions & 2 deletions actions/release_create/ci-matrix.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@
"runs-on": "ubuntu-latest",
"with": {
"allowUpdates": false,
"artifacts": "",
"artifacts": "dist/*",
"body": "Test from PR-${ github.event.pull_request.number }",
"generateReleaseNotes": false,
"name": "pr-${ github.event.pull_request.number }-${ github.run_id }",
"prerelease": true,
"tag": "pr-${ github.event.pull_request.number }-${ github.run_id }",
"token": "${ secrets.GH_BOT_TOKEN }"
"token": "${ secrets.GH_BOT_TOKEN }",
"virustotal_api_key": "${ secrets.VIRUSTOTAL_API_KEY }"
}
}
]
26 changes: 26 additions & 0 deletions actions/release_create/pre-ci.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash
Copy link

Copilot AI Jul 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding set -euo pipefail after the shebang to fail early on errors and improve script robustness.

Copilot uses AI. Check for mistakes.

# Create a dummy binary file to simulate with virustotal scan

# Create output directory if it doesn't exist
mkdir -p dist

# Create a simple dummy executable
cat > dist/dummy-binary << 'EOF'
#!/bin/bash
echo "This is a dummy binary for VirusTotal testing"
exit 0
EOF

# Make it executable
chmod +x dist/dummy-binary

# Validate the binary file was created successfully
if [[ -f "dist/dummy-binary" && -x "dist/dummy-binary" ]]; then
echo "Valid dummy binary created at dist/dummy-binary"
echo "File size: $(stat -c%s dist/dummy-binary) bytes"
echo "File type: $(file dist/dummy-binary)"
else
echo "Error: Failed to create valid dummy binary"
exit 1
fi
Loading