From d38d620a846e351be2ad6ced5af3e6b85782e53a Mon Sep 17 00:00:00 2001 From: Macocian Alexandru Victor Date: Wed, 11 Dec 2024 12:36:39 +0100 Subject: [PATCH] Add VirusTotal scanning to CD pipeline (#911) --- .github/workflows/cd.yaml | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index ec9b5078..6f8f824c 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -98,6 +98,31 @@ jobs: .\Scripts\BuildRelease.ps1 -version $env:Version shell: pwsh + - name: Submit virustotal scan + shell: pwsh + run: | + $apiKey = "${{ secrets.VIRUSTOTAL_APIKEY }}" + $uploadUrlResponse = curl https://www.virustotal.com/api/v3/files/upload_url -H x-apikey:"$apiKey" + $uploadUrlJson = $uploadUrlResponse | ConvertFrom-Json + $uploadUrl = $uploadUrlJson.data + $uploadResponse = curl --request POST --header x-apikey:"$apiKey" --header 'content-type: multipart/form-data' --form file='@.\Publish\daybreakv${{ env.Version }}' --url $uploadUrl + $uploadResponseJson = $uploadResponse | ConvertFrom-Json + $resultsUrl = "https://www.virustotal.com/api/v3/analyses/$($uploadResponseJson.data.id)" + # Poll the results until the status is "completed" + $status = "" + while ($status -ne "completed") { + Start-Sleep -Seconds 10 # Wait for 10 seconds between checks + $results = curl --header x-apikey:"$apiKey" --url $resultsUrl + $resultsJson = $results | ConvertFrom-Json + $status = $resultsJson.data.attributes.status + Write-Host "Current status: $status" + } + + $resultsJson.data.attributes.results | ConvertTo-Json | Out-File -FilePath ".\Publish\VirusTotal.Results.json" -Encoding UTF8 + $resultsJson.data.attributes.stats | ConvertTo-Json | Out-File -FilePath ".\Publish\VirusTotal.Stats.json" -Encoding UTF8 + $stats = $resultsJson.data.attributes.stats + echo "::set-env name=VirusTotalStats::$stats" + - name: Publish blob files run: | Write-Host $env @@ -110,10 +135,19 @@ jobs: mode: update tag_name: v${{ env.Version }} release_name: Daybreak v${{ env.Version }} - assets: .\Publish\daybreakv${{ env.Version }}.zip + assets: | + .\Publish\daybreakv${{ env.Version }}.zip + .\Publish\VirusTotal.Results.json + .\Publish\VirusTotal.Stats.json github_token: ${{ env.GITHUB_TOKEN }} replace_assets: true - body_mrkdwn: ${{ env.Changelog }} + body_mrkdwn: | + ${{ env.Changelog }} + + ** VirustTotal Stats: ** + ``` + ${{ env.VirusTotalStats }} + ``` isDraft: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}