add virustotal scan to CI release workflow (#580)

umbynos · umbynos · commit 5a619dbc28c6 · 2020-12-30T10:55:32.000+01:00
* add virustotal scan to CI release workflow

* use analysis output from virustotal action to put links in release body

* refactor release body (use dropdown: less confusing for the user)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -410,14 +410,36 @@ jobs:
           rm -v release/._ArduinoCreateAgent*.dmg
           mv -v ArduinoCreateAgent-windows*/* release/
 
+      - name: VirusTotal Scan
+        id: virustotal_step
+        uses: crazy-max/ghaction-virustotal@v2
+        with:
+          vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}
+          update_release_body: false # `true` won't work becasue trigger type is not release
+          files: |
+            release/*.exe
+            arduino-create-agent-windows-2019-386/arduino-create-agent.exe
+            arduino-create-agent-windows-2019-amd64/arduino-create-agent.exe
+
+      - name: Organize release body message #use sed to clean and format the output markdown style
+        id: release_body
+        run: |
+          vt_title_pre="<details close>\n<summary>VirusTotal analysis 🛡</summary>\n\n"
+          vt_links="$(echo ${{ steps.virustotal_step.outputs.analysis}} | sed 's/release\///g' | sed 's/,/\n/g' | sed 's/^/- [/' | sed 's/=/](/' | sed 's/$/)/')"
+          vt_title_post="\n</details>"
+          vt_title_pre="${vt_title_pre//'\n'/'%0A'}"
+          vt_links="${vt_links//$'\n'/'%0A'}" # replace \n with a special character -> generates a single lines, \n will be reintroduced later
+          vt_title_post="${vt_title_post//'\n'/'%0A'}"
+          echo "::set-output name=RBODY::$vt_title_pre$vt_links$vt_title_post"
+
       - name: Create Github Release
         uses: actions/create-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag_name: ${{ github.ref }}
           release_name: ${{ github.ref }}
-          body: ""
+          body: ${{ steps.release_body.outputs.RBODY}}
           draft: false
           prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
 
