Add workflow for VirusTotal results #1676
Conversation
I've done something similar for Desktop a while ago via python script and virustotal-python pip package, though it is a manual process. Script has served well over the last year, though I had to add large file support initially. Repo maintainer was quick and on the ball. |
I personally try to stay away as many dependencies as I can. I think virus total file scannning thing could be even done in a 30-40 lines of shell script(which can be used in any CI runner like gitlab, travis, etc). I am fine with merging/using this. Later on we can create a detailed security analysis script that also checks for virus total. Until then, let's use this one. |
Closes #790
I've added my VirusTotal API key to github secrets for this repo.
Tested workflow in fork at https://github.com/smk762/atomicDEX-API/actions
Example results at https://github.com/smk762/atomicDEX-API/releases/tag/test
Current triggers will initiate workflow whenever a release is created, edited, prereleased or published. In testing, it was found that the VirusTotal results will append to the release body, which will result in duplicated VirusTotal results section if prior results not deleted.
We can limit the triggers, or just make sure to remove old results from the release body text when edits are made (e.g. file uploads, adding changelog etc).