Skip to content

feat(release_create): add virustotal scanning #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ReenigneArcher merged 1 commit into from
Jul 2, 2025
Merged

feat(release_create): add virustotal scanning #13

ReenigneArcher merged 1 commit into from
Jul 2, 2025

Conversation

@ReenigneArcher
Copy link
Member

@ReenigneArcher ReenigneArcher commented Jul 2, 2025
edited
Loading

Description

This PR adds virustotal automated scanning to the release_create action

Screenshot

image

Issues Fixed or Closed

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Dependency update (updates to dependencies)
  • Documentation update (changes to documentation)
  • Repository update (changes to repository files, e.g. .github/...)

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated the in code docstring/documentation-blocks for new or existing methods/components

@codecov
Copy link

codecov bot commented Jul 2, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (58a32e0) to head (8214656).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master       #13   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines          384       384           
=========================================
  Hits           384       384
Flag Coverage Δ
Linux 100.00% <ø> (ø)
Windows 67.70% <ø> (ø)
macOS 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@ReenigneArcher ReenigneArcher marked this pull request as ready for review July 2, 2025 03:25
@ReenigneArcher ReenigneArcher force-pushed the feat/release_create/add-virustotal-scanning branch from 906485a to 40cb92b Compare July 2, 2025 21:00
@ReenigneArcher ReenigneArcher force-pushed the feat/release_create/add-virustotal-scanning branch from 40cb92b to 8214656 Compare July 2, 2025 21:01
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 2, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ReenigneArcher ReenigneArcher requested a review from Copilot July 2, 2025 21:10
Copilot AI reviewed Jul 2, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds VirusTotal automated scanning to the release_create action by generating a test binary, accepting an API key, running a scan, and appending results to the release body.

  • Introduce pre-ci.sh to produce a dummy binary for scanning
  • Update CI matrix and action.yml to accept virustotal_api_key and trigger a scan + formatting step
  • Document the new input and inject the secret in the workflow

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
actions/release_create/pre-ci.sh Create and validate a dummy binary for VirusTotal testing
actions/release_create/ci-matrix.json Add dist/* artifacts and virustotal_api_key to the CI matrix
actions/release_create/action.yml Define new input, run VirusTotal scan, format and override release body
actions/release_create/README.md Document the virustotal_api_key input
.github/workflows/ci.yml Populate VIRUSTOTAL_API_KEY in workflow parameters
Comments suppressed due to low confidence (3)

actions/release_create/action.yml:88

  • The single quotes prevent ${{ steps.vt.outputs.json }} from being expanded. Use double quotes instead: if [ -n "${{ steps.vt.outputs.json }}" ].
        if [ -n '${{ steps.vt.outputs.json }}' ]; then

actions/release_create/action.yml:97

  • Single quotes around ${{ steps.vt.outputs.json }} will not expand the output. Switch to double quotes: printf '%s\n' "${{ steps.vt.outputs.json }}".
          printf '%s\n' '${{ steps.vt.outputs.json }}' | jq -r '.[] | "- [\(.name)](\(.link))"' >> release_body.md

actions/release_create/action.yml:83

  • [nitpick] The here-doc is indented, which may introduce unwanted leading spaces in the release body. Consider using an unindented << 'BODY_EOF' or a tab-stripping <<- 'BODY_EOF' syntax.
        cat > release_body.md << 'BODY_EOF'

actions/release_create/pre-ci.sh
@@ -0,0 +1,26 @@
#!/bin/bash
Copy link

Copilot AI Jul 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding set -euo pipefail after the shebang to fail early on errors and improve script robustness.

Copilot uses AI. Check for mistakes.
@ReenigneArcher ReenigneArcher merged commit 6282ddd into master Jul 2, 2025
38 checks passed
@ReenigneArcher ReenigneArcher deleted the feat/release_create/add-virustotal-scanning branch July 2, 2025 21:14
@ReenigneArcher ReenigneArcher mentioned this pull request Jul 2, 2025
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

automate virus total reports

2 participants

@ReenigneArcher