feat(release_create): add virustotal scanning (#13)

ReenigneArcher · web-flow · commit 6282dddc3975 · 2025-07-02T17:14:09.000-04:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -91,6 +91,7 @@ jobs:
             -e 's|\${ secrets.GH_BOT_NAME }|${{ secrets.GH_BOT_NAME }}|g' \
             -e 's|\${ secrets.GH_BOT_TOKEN }|${{ secrets.GH_BOT_TOKEN }}|g' \
             -e 's|\${ secrets.GITHUB_TOKEN }|${{ secrets.GITHUB_TOKEN }}|g' \
+            -e 's|\${ secrets.VIRUSTOTAL_API_KEY }|${{ secrets.VIRUSTOTAL_API_KEY }}|g' \
             "with_params.json"
 
           # Output the processed parameters
diff --git a/actions/release_create/README.md b/actions/release_create/README.md
@@ -38,6 +38,7 @@ steps:
 | sleepDuration           | The duration to sleep in seconds before deleting tags.                                               | `15`            | `false`  |
 | tag                     | The tag to create.                                                                                   |                 | `true`   |
 | token                   | GitHub Token.                                                                                        |                 | `true`   |
+| virustotal_api_key      | The VirusTotal API key to use for scanning artifacts.                                                |                 | `false`  |
 
 ## See Also
 
diff --git a/actions/release_create/action.yml b/actions/release_create/action.yml
@@ -57,10 +57,53 @@ inputs:
   token:
     description: 'Github Token.'
     required: true
+  virustotal_api_key:
+    description: 'The VirusTotal API key to use for scanning the artifacts.'
+    required: false
 
 runs:
   using: "composite"
   steps:
+    - name: VirusTotal
+      if: inputs.virustotal_api_key != ''
+      id: vt
+      uses: cssnr/virustotal-action@v1.3.1
+      with:
+        file_globs: ${{ inputs.artifacts }}
+        summary: true
+        update_release: false
+        vt_api_key: ${{ inputs.virustotal_api_key }}
+
+    - name: Format VirusTotal Results
+      if: inputs.virustotal_api_key != ''
+      id: format-vt
+      shell: bash
+      run: |
+        # Create body file with original content
+        cat > release_body.md << 'BODY_EOF'
+        ${{ inputs.body }}
+        BODY_EOF
+
+        # If we have VT results, append them
+        if [ -n '${{ steps.vt.outputs.json }}' ]; then
+          # Add separator if body exists and isn't empty
+          if [ -s release_body.md ] && [ "$(cat release_body.md | tr -d '[:space:]')" != "" ]; then
+            echo "" >> release_body.md
+          fi
+
+          # Append VirusTotal results
+          echo "---" >> release_body.md
+          echo "🛡️ **VirusTotal Results:**" >> release_body.md
+          printf '%s\n' '${{ steps.vt.outputs.json }}' | jq -r '.[] | "- [\(.name)](\(.link))"' >> release_body.md
+        fi
+
+        # Set output
+        {
+          echo "body<<EOF"
+          cat release_body.md
+          echo "EOF"
+        } >> $GITHUB_OUTPUT
+
     - name: Create/Update GitHub Release
       if: >-
         github.repository == 'LizardByte/actions' ||
@@ -70,7 +113,7 @@ runs:
         allowUpdates: ${{ inputs.allowUpdates }}
         artifactErrorsFailBuild: ${{ inputs.artifactErrorsFailBuild }}
         artifacts: ${{ inputs.artifacts }}
-        body: ${{ inputs.body }}
+        body: ${{ steps.format-vt.outputs.body || inputs.body }}
         commit: ${{ github.sha }}
         generateReleaseNotes: ${{ inputs.generateReleaseNotes }}
         name: ${{ inputs.name }}
diff --git a/actions/release_create/ci-matrix.json b/actions/release_create/ci-matrix.json
@@ -4,13 +4,14 @@
     "runs-on": "ubuntu-latest",
     "with": {
       "allowUpdates": false,
-      "artifacts": "",
+      "artifacts": "dist/*",
       "body": "Test from PR-${ github.event.pull_request.number }",
       "generateReleaseNotes": false,
       "name": "pr-${ github.event.pull_request.number }-${ github.run_id }",
       "prerelease": true,
       "tag": "pr-${ github.event.pull_request.number }-${ github.run_id }",
-      "token": "${ secrets.GH_BOT_TOKEN }"
+      "token": "${ secrets.GH_BOT_TOKEN }",
+      "virustotal_api_key": "${ secrets.VIRUSTOTAL_API_KEY }"
     }
   }
 ]
diff --git a/actions/release_create/pre-ci.sh b/actions/release_create/pre-ci.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Create a dummy binary file to simulate with virustotal scan
+
+# Create output directory if it doesn't exist
+mkdir -p dist
+
+# Create a simple dummy executable
+cat > dist/dummy-binary << 'EOF'
+#!/bin/bash
+echo "This is a dummy binary for VirusTotal testing"
+exit 0
+EOF
+
+# Make it executable
+chmod +x dist/dummy-binary
+
+# Validate the binary file was created successfully
+if [[ -f "dist/dummy-binary" && -x "dist/dummy-binary" ]]; then
+    echo "Valid dummy binary created at dist/dummy-binary"
+    echo "File size: $(stat -c%s dist/dummy-binary) bytes"
+    echo "File type: $(file dist/dummy-binary)"
+else
+    echo "Error: Failed to create valid dummy binary"
+    exit 1
+fi

Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,14 @@`
`4`	`4`	`"runs-on": "ubuntu-latest",`
`5`	`5`	`"with": {`
`6`	`6`	`"allowUpdates": false,`
`7`		`- "artifacts": "",`
	`7`	`+ "artifacts": "dist/*",`
`8`	`8`	`"body": "Test from PR-${ github.event.pull_request.number }",`
`9`	`9`	`"generateReleaseNotes": false,`
`10`	`10`	`"name": "pr-${ github.event.pull_request.number }-${ github.run_id }",`
`11`	`11`	`"prerelease": true,`
`12`	`12`	`"tag": "pr-${ github.event.pull_request.number }-${ github.run_id }",`
`13`		`- "token": "${ secrets.GH_BOT_TOKEN }"`
	`13`	`+ "token": "${ secrets.GH_BOT_TOKEN }",`
	`14`	`+ "virustotal_api_key": "${ secrets.VIRUSTOTAL_API_KEY }"`
`14`	`15`	`}`
`15`	`16`	`}`
`16`	`17`	`]`