Add VirusTotal scanning to CD pipeline (#911)

gwdevhub · Dec 11, 2024 · d38d620 · d38d620
1 parent ce810da
commit d38d620
Showing 1 changed file with 36 additions and 2 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -98,6 +98,31 @@ jobs:
         .\Scripts\BuildRelease.ps1 -version $env:Version
       shell: pwsh
 
+    - name: Submit virustotal scan
+      shell: pwsh
+      run: |
+        $apiKey = "${{ secrets.VIRUSTOTAL_APIKEY }}"
+        $uploadUrlResponse = curl https://www.virustotal.com/api/v3/files/upload_url -H x-apikey:"$apiKey"
+        $uploadUrlJson = $uploadUrlResponse | ConvertFrom-Json
+        $uploadUrl = $uploadUrlJson.data
+        $uploadResponse = curl --request POST --header x-apikey:"$apiKey" --header 'content-type: multipart/form-data' --form file='@.\Publish\daybreakv${{ env.Version }}' --url $uploadUrl
+        $uploadResponseJson = $uploadResponse | ConvertFrom-Json
+        $resultsUrl = "https://www.virustotal.com/api/v3/analyses/$($uploadResponseJson.data.id)"
+        # Poll the results until the status is "completed"
+        $status = ""
+        while ($status -ne "completed") {
+            Start-Sleep -Seconds 10 # Wait for 10 seconds between checks
+            $results = curl --header x-apikey:"$apiKey" --url $resultsUrl
+            $resultsJson = $results | ConvertFrom-Json
+            $status = $resultsJson.data.attributes.status
+            Write-Host "Current status: $status"
+        }
+
+        $resultsJson.data.attributes.results | ConvertTo-Json | Out-File -FilePath ".\Publish\VirusTotal.Results.json" -Encoding UTF8
+        $resultsJson.data.attributes.stats | ConvertTo-Json | Out-File -FilePath ".\Publish\VirusTotal.Stats.json" -Encoding UTF8
+        $stats = $resultsJson.data.attributes.stats
+        echo "::set-env name=VirusTotalStats::$stats"
+
     - name: Publish blob files
       run: |
         Write-Host $env
@@ -110,10 +135,19 @@ jobs:
         mode: update
         tag_name: v${{ env.Version }}
         release_name: Daybreak v${{ env.Version }}
-        assets: .\Publish\daybreakv${{ env.Version }}.zip
+        assets: |
+            .\Publish\daybreakv${{ env.Version }}.zip
+            .\Publish\VirusTotal.Results.json
+            .\Publish\VirusTotal.Stats.json
         github_token: ${{ env.GITHUB_TOKEN }}
         replace_assets: true
-        body_mrkdwn: ${{ env.Changelog }}
+        body_mrkdwn: |
+            ${{ env.Changelog }}
+
+            ** VirustTotal Stats: **
+            ```
+            ${{ env.VirusTotalStats }}
+            ```
         isDraft: true
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}