-
Notifications
You must be signed in to change notification settings - Fork 6
159 lines (149 loc) · 6.25 KB
/
glpi-agentmonitor-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: GLPI Agent Monitor CI
on:
push:
pull_request:
branches:
- main
jobs:
windows-compile:
runs-on: windows-latest
strategy:
matrix:
arch: [ x64, x86 ]
steps:
- uses: actions/checkout@v4
- uses: ilammy/[email protected]
with:
arch: ${{ matrix.arch }}
- name: Set version
run: |
shopt -s extglob
echo "#define VI_FILENAME \"GLPI-AgentMonitor-$ARCH.exe\"" > version.h
if [ -z "${GITHUB_REF##refs/tags/*}" ]; then
TAG=${GITHUB_REF#refs/tags/}
VTAG=${TAG#*-}
if [ -n "$TAG" -a -z "${TAG##+([[:digit:]]).+([[:digit:]]).+([[:digit:]])?(-*)}" ]; then
FULLVERSION=${TAG%%-*}
BUILD_VERSION=${FULLVERSION##*.}
VERSION=${FULLVERSION%.*}
MAJOR_VERSION=${VERSION%.*}
MINOR_VERSION=${VERSION#*.}
echo "#define VI_VERSIONDEF $MAJOR_VERSION,$MINOR_VERSION,$BUILD_VERSION,0" >> version.h
echo "#define VI_VERSIONSTRING \"$MAJOR_VERSION.$MINOR_VERSION.$BUILD_VERSION.0\"" >> version.h
fi
if [ -n "$VTAG" ]; then
echo "#define VI_PRODUCTNAME \"GLPI Agent Monitor ($VTAG)\"" >> version.h
fi
fi
shell: bash
env:
ARCH: ${{ matrix.arch }}
- name: Compile and link
run: |
msbuild GLPI-AgentMonitor.vcxproj -p:Configuration=Release -p:Platform=${{ matrix.arch }} -p:OutDir=Release\ -p:IntermediateOutputPath=Release\ -v:detailed -fl -flp:logfile=Release\msbuild.log
- name: Rename built binary to include ${{ matrix.arch }}
run: |
mv -f "Release\\GLPI-AgentMonitor.exe" "Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe"
shell: bash
- name: Upload built artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: GLPI-AgentMonitor-Build-${{ matrix.arch }}
path: |
Release\*.exe
- name: Upload build logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: GLPI-AgentMonitor-BuildLogs-${{ matrix.arch }}
path: |
Release\msbuild.log
Release\*.tlog
version.h
- name: VirusTotal Scan submission
if: startsWith(github.ref, 'refs/tags/')
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe
- name: VirusTotal Analysis report check
if: startsWith(github.ref, 'refs/tags/') && env.VT_API_KEY
run: |
let TRY=20
while curl -s --request GET --url https://www.virustotal.com/api/v3/files/$SHA256 --header "x-apikey: $VT_API_KEY" >vt.json
do
ERRCODE=$(jq .error.code vt.json 2>&1)
if [ "$ERRCODE" == "null" ]; then
if [ "$(jq .data.attributes.last_analysis_results.VBA32 vt.json)" != "null" ]; then
echo "$(date): Current analysis stats:"
jq .data.attributes.last_analysis_stats vt.json
MALICIOUS="$(jq .data.attributes.last_analysis_stats.malicious vt.json)"
SUSPICIOUS="$(jq .data.attributes.last_analysis_stats.suspicious vt.json)"
if [ -n "$MALICIOUS" -a "$MALICIOUS" != "null" -a "$MALICIOUS" -gt 0 ]; then
echo "::warning title=Malicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256"
fi
if [ -n "$SUSPICIOUS" -a "$SUSPICIOUS" != "null" -a "$SUSPICIOUS" -gt 0 ]; then
echo "::warning title=Suspicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256"
fi
break
else
echo "$(date): Analysis is running"
fi
else
echo "$(date): $ERRCODE"
if [ "$TRY" -lt 15 -a "$ERRCODE" != '"NotFoundError"' ]; then
echo "$(date): Failing to access VT reporting"
break
fi
fi
rm -f vt.json
if (( --TRY < 0 )); then
echo "$(date): Nothing to report"
break
fi
sleep 15
done
exit 0
shell: bash
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
SHA256: ${{ steps.signing.outputs.sha256 }}
release:
runs-on: ubuntu-latest
if: ${{ startsWith(github.ref, 'refs/tags/') }}
needs: [ windows-compile ]
steps:
- name: Download x64 Artifact
uses: actions/download-artifact@v4
with:
pattern: GLPI-AgentMonitor-Build-*
merge-multiple: true
- name: Get sha256 sums
id: sha256
run: |
read X64 XXX <<< $( sha256sum GLPI-AgentMonitor-x64.exe )
read X86 XXX <<< $( sha256sum GLPI-AgentMonitor-x86.exe )
echo "GLPI-AgentMonitor-x64.exe SHA256: $X64"
echo "GLPI-AgentMonitor-x86.exe SHA256: $X86"
echo "x64=$X64" >>$GITHUB_OUTPUT
echo "x86=$X86" >>$GITHUB_OUTPUT
shell: bash
- name: Publish release
uses: softprops/action-gh-release@v2
with:
draft: ${{ contains(github.ref_name, 'test') }}
prerelease: ${{ contains(github.ref_name, 'beta') }}
name: GLPI Agent Monitor v${{ github.ref_name }}
body: |
## For 64 bits Windows OS, use:
[GLPI-AgentMonitor-x64.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x64.exe)
## For 32 bits Windows OS, use:
[GLPI-AgentMonitor-x86.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x86.exe)
## VirusTotal reports
* [GLPI-AgentMonitor-x64.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x64 }})
* [GLPI-AgentMonitor-x86.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x86 }})
fail_on_unmatched_files: true
files: |
GLPI-AgentMonitor-*.exe