From db6cf5459e121ed75ea75a435aba604db6063346 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Mon, 14 Apr 2025 16:09:22 +0200 Subject: [PATCH] CI: Update and split up anti virus whitelisting flow (#3817) --- .github/workflows/av-whitelist.yml | 66 ++++++++++++++++++++++++++---- .github/workflows/win-exe.yml | 2 +- 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml index aeece4e83..3cc164b30 100644 --- a/.github/workflows/av-whitelist.yml +++ b/.github/workflows/av-whitelist.yml @@ -13,15 +13,48 @@ on: description: "Url to the file to upload" required: true type: string + avast: + description: "Upload to Avast" + required: false + type: boolean + default: false + kaspersky: + description: "Upload to Kaspersky" + required: false + type: boolean + default: false jobs: - allowlist: - name: Anti Virus Allowlisting + download-file: + name: Downloads the file into the VM runs-on: ubuntu-latest + outputs: + fileName: ${{ steps.extractName.outputs.fileName}} steps: - - name: Download file + - name: Extract file name + id: extractName run: | - curl --remote-name ${{ inputs.url }} -L + url="${{ inputs.url }}" + echo "fileName=${url##*/}" >> $GITHUB_OUTPUT + - name: Download file + run: curl --remote-name ${{ inputs.url }} -L -o ${{steps.extractName.outputs.fileName}} + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.extractName.outputs.fileName }} + path: ${{ steps.extractName.outputs.fileName }} + if-no-files-found: error + allowlist-kaspersky: + name: Anti Virus Allowlisting Kaspersky + runs-on: ubuntu-latest + needs: download-file + if: github.event_name == 'workflow_call' || inputs.kaspersky + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ needs.download-file.outputs.fileName }} + path: upload - name: Upload to Kaspersky uses: SamKirkland/FTP-Deploy-Action@v4.3.5 with: @@ -30,11 +63,26 @@ jobs: port: 990 username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }} password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }} - - name: Upload to Avast - uses: SamKirkland/FTP-Deploy-Action@v4.3.5 + local-dir: ./upload/ + allowlist-avast: + name: Anti Virus Allowlisting Avast + runs-on: ubuntu-latest + needs: download-file + if: github.event_name == 'workflow_call' || inputs.avast + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ needs.download-file.outputs.fileName }} + path: upload + - name: Upload to Avast + uses: wlixcc/SFTP-Deploy-Action@v1.2.5 with: - protocol: ftp server: whitelisting.avast.com - port: 21 + port: 22 username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }} - password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }} \ No newline at end of file + password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }} + ssh_private_key: '' + sftp_only: true + local_path: './upload/*' + remote_path: '/data' \ No newline at end of file diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index c208f73cb..e42c8486b 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -394,7 +394,7 @@ jobs: allowlist-exe: uses: ./.github/workflows/av-whitelist.yml - needs: [publish] + needs: [publish, allowlist-msi] with: url: ${{ needs.publish.outputs.download-url-exe }} secrets: inherit