add virustotal scan to CI release workflow #580
Conversation
There was a problem hiding this comment.
Apparently it won't work becasue github actions won't trigger other github action events (https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token)
This is to avoid recursive workflow runs
…DED]: Request body larger than maxBodyLength limit`, should be fixed in v2.3.0 (for ref crazy-max/ghaction-virustotal#60)
.github/workflows/release.yml
Outdated
| - name: VirusTotal Scan | ||
| uses: crazy-max/ghaction-virustotal@v2 | ||
| with: | ||
| vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }} | ||
| vt_monitor: true | ||
| files: | | ||
| release/*.exe | ||
| arduino-create-agent-windows-2019-386/arduino-create-agent.exe | ||
| arduino-create-agent-windows-2019-amd64/arduino-create-agent.exe | ||
|
|
There was a problem hiding this comment.
Removed in the release workflow because the workflow is not triggered by a release and so update_release_body: true cannot be used (not tested yet)
This reverts commit ff3b995.
`update_release_body: true` won't work trigger type is not release
| @@ -426,6 +426,7 @@ jobs: | |||
| id: release_body | |||
| run: | | |||
| vt_links="$(echo ${{ steps.virustotal_step.outputs.analysis}} | sed 's/release\///g' | sed 's/,/\n/g' | sed 's/^/- [/' | sed 's/=/](/' | sed 's/$/)/')" | |||
| vt_links="${vt_links//$'\n'/'%0A'}" # replace \n with a special character -> generates a single lines, \n will be reintroduced later | |||
There was a problem hiding this comment.
|
Result produced: |
.github/workflows/release.yml
Outdated
| uses: crazy-max/ghaction-virustotal@v2 | ||
| with: | ||
| vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Do we trust this 3rd party action?
There was a problem hiding this comment.
The only thing it does is uploading binaries to virustotal. I don't see the problem
There was a problem hiding this comment.
Probably the github token is not required
There was a problem hiding this comment.
Is it used to update the release artifacts?
There was a problem hiding this comment.
Yeah, but it's not used because the workflow is not triggered by a release (The trigger is on:push:tags)
|
Added dropdown with virustotal link files. By default the dropdown is compressed |
* add virustotal scan to CI release workflow * use analysis output from virustotal action to put links in release body * refactor release body (use dropdown: less confusing for the user)
Please check if the PR fulfills these requirements
before creating one)
CI
Sometimes the windows binary is flagged as a virus by diffentent antivirus software.
This contribution should upload automagically the binaries and installers to virustotal 🧙♂️
no