From 88b7146fdff4dd1c72b65800cd75bea8ef4158ca Mon Sep 17 00:00:00 2001 From: Milos Kaurin <2141359+Kaurin@users.noreply.github.com> Date: Fri, 23 Feb 2024 16:50:06 +0000 Subject: [PATCH] feat: Add virustotal automated scanning We are now using virustotal to scan our .exe file(s) That are released. Currently not applied to test releases. --- .github/workflows/on_release.yml | 16 ++++++++++++++++ doc/dev/Readme.md | 10 +++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yml index 450c481..db2271b 100644 --- a/.github/workflows/on_release.yml +++ b/.github/workflows/on_release.yml @@ -32,3 +32,19 @@ jobs: secrets: GOOGLE_CREDS: ${{ secrets.GOOGLE_CREDS }} ASSETS: ${{ secrets.ASSETS }} + virustotal: + needs: main_release + runs-on: ${{ startsWith( github.ref_name, 'test' ) && 'self-hosted' || 'ubuntu-22.04' }} + steps: + - name: Sleep for 60 seconds + run: sleep 60s + shell: bash + + - name: VirusTotal Scan + uses: crazy-max/ghaction-virustotal@v4 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + update_release_body: true + vt_api_key: ${{ secrets.VT_API_KEY }} + files: | + .exe$ diff --git a/doc/dev/Readme.md b/doc/dev/Readme.md index 83b2bad..69d43f1 100644 --- a/doc/dev/Readme.md +++ b/doc/dev/Readme.md @@ -335,4 +335,12 @@ Once a release is created on the main branch, a workflow will trigger. It curren ### Et voila -Once the release is done, do another test, and then distribute to folks waiting for their fancy planes! \ No newline at end of file +Once the release is done, do another test, and then distribute to folks waiting for their fancy planes! + + +## VirusTotal automated scanning + +This required setting up a free VirusTotal account and then using the [virustotal][virustotal-gh-action] github action in the workflow. +We are scanning all released `.exe` files at the time of writing this. + +[virustotal-gh-action]: https://github.com/marketplace/actions/virustotal-github-action