Skip to content

Scan a batch of add-ons #55

Scan a batch of add-ons

Scan a batch of add-ons #55

name: Scan a batch of add-ons
on:
# Every day at 6pm UTC.
# 6 hours is max job length.
# API limits reset at midnight.
# This ensures API usage doesn't spill over across days,
# and minimizes preventing new submissions from being
# scanned due to API limits being reached.
schedule:
- cron: '0 18 * * *'
workflow_dispatch:
env:
BRANCH_NAME: addScanResults${{ github.run_number }}
jobs:
virusTotal-analysis:
runs-on: windows-latest
permissions:
contents: write
pull-requests: write
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
VT_API_LIMIT: ${{ vars.VT_API_LIMIT }}
BATCH_SIZE: 10
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
ref: ${{ github.ref }}
- name: Create branch
run: |
git checkout -b ${{ env.BRANCH_NAME }}
- name: Install virusTotal
run: choco install vt-cli
- name: Install Node.js
uses: actions/setup-node@v4
- name: Install npm dependencies
run: npm install uuid
- name: Get add-on filenames without scan results
shell: bash
run: |
for file in ./addons/*/*.json; do
if (jq -r '.scanResults.virusTotal' "$file" | grep -q '^null\|""$'); then
echo "$file" >> addonsWithoutVT.txt
fi
done
wc -l addonsWithoutVT.txt | awk '{print "Total add-ons without scan results: " $1}'
- name: Set Virus Total analysis status
id: setVirusTotalAnalysisStatus
uses: actions/github-script@v7
with:
script: |
const setVirusTotalAnalysisStatus = require('./.github/workflows/virusTotalAnalysis.js')
const fs = require('fs')
const addonsWithoutVT = fs.readFileSync('addonsWithoutVT.txt', 'utf-8').split('\n').filter(Boolean)
setVirusTotalAnalysisStatus({core}, addonsWithoutVT.slice(0, ${{ env.BATCH_SIZE }}))
- name: Push updated VT urls
shell: bash
run: |
git add addons
git config user.name "github-actions"
git config user.email "github-actions@github.com"
git commit -m "Add VirusTotal results"
git push --set-upstream origin ${{ env.BRANCH_NAME }}
env:
GH_TOKEN: ${{ github.token }}
pull-request:
needs: virusTotal-analysis
runs-on: windows-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
ref: ${{ env.BRANCH_NAME }}
- name: Open pr and merge
shell: bash
run: |
gh pr create \
--title "Add scanning results" \
--base ${{ github.ref }} \
--head ${{ env.BRANCH_NAME }} \
--body "Add scanning results to add-ons"
gh pr merge --merge "${{ env.BRANCH_NAME }}"
env:
GH_TOKEN: ${{ github.token }}