Fix release step #66
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GLPI Agent Monitor CI | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
windows-compile: | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
arch: [ x64, x86 ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ilammy/[email protected] | |
with: | |
arch: ${{ matrix.arch }} | |
- name: Set version | |
run: | | |
shopt -s extglob | |
echo "#define VI_FILENAME \"GLPI-AgentMonitor-$ARCH.exe\"" > version.h | |
if [ -z "${GITHUB_REF##refs/tags/*}" ]; then | |
TAG=${GITHUB_REF#refs/tags/} | |
VTAG=${TAG#*-} | |
if [ -n "$TAG" -a -z "${TAG##+([[:digit:]]).+([[:digit:]]).+([[:digit:]])?(-*)}" ]; then | |
FULLVERSION=${TAG%%-*} | |
BUILD_VERSION=${FULLVERSION##*.} | |
VERSION=${FULLVERSION%.*} | |
MAJOR_VERSION=${VERSION%.*} | |
MINOR_VERSION=${VERSION#*.} | |
echo "#define VI_VERSIONDEF $MAJOR_VERSION,$MINOR_VERSION,$BUILD_VERSION,0" >> version.h | |
echo "#define VI_VERSIONSTRING \"$MAJOR_VERSION.$MINOR_VERSION.$BUILD_VERSION.0\"" >> version.h | |
fi | |
if [ -n "$VTAG" ]; then | |
echo "#define VI_PRODUCTNAME \"GLPI Agent Monitor ($VTAG)\"" >> version.h | |
fi | |
fi | |
shell: bash | |
env: | |
ARCH: ${{ matrix.arch }} | |
- name: Compile and link | |
run: | | |
msbuild GLPI-AgentMonitor.vcxproj -p:Configuration=Release -p:Platform=${{ matrix.arch }} -p:OutDir=Release\ -p:IntermediateOutputPath=Release\ -v:detailed -fl -flp:logfile=Release\msbuild.log | |
- name: Rename built binary to include ${{ matrix.arch }} | |
run: | | |
mv -f "Release\\GLPI-AgentMonitor.exe" "Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe" | |
shell: bash | |
- name: Code Signing | |
id: signing | |
if: ${{ startsWith(github.ref, 'refs/tags/') && env.CODESIGN_COMMAND && vars.WIN32_SIGNING != 'no' }} | |
run: | | |
umask 0077 | |
mkdir ~/.ssh | |
echo "$CODESIGN_KNOWNHOST" > ~/.ssh/known_hosts | |
echo "$CODESIGN_PRIVATE" > private.key | |
umask 0002 | |
EXE="GLPI-AgentMonitor-${{ matrix.arch }}.exe" | |
cat "Release\\$EXE" | $CODESIGN_COMMAND codesign "$EXE" > "$EXE" | |
rm -f private.key ~/.ssh/known_hosts "Release\\$EXE" | |
mv -f "$EXE" "Release\\$EXE" | |
read SHA256 XXX <<<$(sha256sum "Release\\$EXE") | |
echo "$EXE SHA256: $SHA256" | |
echo "sha256=$SHA256" >>$GITHUB_OUTPUT | |
shell: bash | |
env: | |
CODESIGN_KNOWNHOST: ${{ secrets.CODESIGN_KNOWNHOST }} | |
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }} | |
CODESIGN_PRIVATE: ${{ secrets.CODESIGN_PRIVATE }} | |
- name: Upload built artifact | |
uses: actions/upload-artifact@v4 | |
if: success() || failure() | |
with: | |
name: GLPI-AgentMonitor-Build-${{ matrix.arch }} | |
path: | | |
Release\*.exe | |
- name: Upload build logs artifact | |
uses: actions/upload-artifact@v4 | |
if: success() || failure() | |
with: | |
name: GLPI-AgentMonitor-BuildLogs-${{ matrix.arch }} | |
path: | | |
Release\msbuild.log | |
Release\*.tlog | |
version.h | |
- name: VirusTotal Scan submission | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: crazy-max/ghaction-virustotal@v4 | |
with: | |
vt_api_key: ${{ secrets.VT_API_KEY }} | |
files: | | |
Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe | |
- name: VirusTotal Analysis report check | |
if: startsWith(github.ref, 'refs/tags/') && env.VT_API_KEY | |
run: | | |
let TRY=20 | |
while curl -s --request GET --url https://www.virustotal.com/api/v3/files/$SHA256 --header "x-apikey: $VT_API_KEY" >vt.json | |
do | |
ERRCODE=$(jq .error.code vt.json 2>&1) | |
if [ "$ERRCODE" == "null" ]; then | |
if [ "$(jq .data.attributes.last_analysis_results.VBA32 vt.json)" != "null" ]; then | |
echo "$(date): Current analysis stats:" | |
jq .data.attributes.last_analysis_stats vt.json | |
MALICIOUS="$(jq .data.attributes.last_analysis_stats.malicious vt.json)" | |
SUSPICIOUS="$(jq .data.attributes.last_analysis_stats.suspicious vt.json)" | |
if [ -n "$MALICIOUS" -a "$MALICIOUS" != "null" -a "$MALICIOUS" -gt 0 ]; then | |
echo "::warning title=Malicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256" | |
fi | |
if [ -n "$SUSPICIOUS" -a "$SUSPICIOUS" != "null" -a "$SUSPICIOUS" -gt 0 ]; then | |
echo "::warning title=Suspicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256" | |
fi | |
break | |
else | |
echo "$(date): Analysis is running" | |
fi | |
else | |
echo "$(date): $ERRCODE" | |
if [ "$TRY" -lt 15 -a "$ERRCODE" != '"NotFoundError"' ]; then | |
echo "$(date): Failing to access VT reporting" | |
break | |
fi | |
fi | |
rm -f vt.json | |
if (( --TRY < 0 )); then | |
echo "$(date): Nothing to report" | |
break | |
fi | |
sleep 15 | |
done | |
exit 0 | |
shell: bash | |
env: | |
VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
SHA256: ${{ steps.signing.outputs.sha256 }} | |
release: | |
runs-on: ubuntu-latest | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
needs: [ windows-compile ] | |
steps: | |
- name: Download x64 Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: GLPI-AgentMonitor-Build-* | |
merge-multiple: true | |
- name: Get sha256 sums | |
id: sha256 | |
run: | | |
read X64 XXX <<< $( sha256sum GLPI-AgentMonitor-x64.exe ) | |
read X86 XXX <<< $( sha256sum GLPI-AgentMonitor-x86.exe ) | |
echo "GLPI-AgentMonitor-x64.exe SHA256: $X64" | |
echo "GLPI-AgentMonitor-x86.exe SHA256: $X86" | |
echo "x64=$X64" >>$GITHUB_OUTPUT | |
echo "x86=$X86" >>$GITHUB_OUTPUT | |
shell: bash | |
- name: Publish release | |
uses: softprops/action-gh-release@v2 | |
with: | |
draft: ${{ contains(github.ref_name, 'test') }} | |
prerelease: ${{ contains(github.ref_name, 'beta') }} | |
name: GLPI Agent Monitor v${{ github.ref_name }} | |
body: | | |
## For 64 bits Windows OS, use: | |
[GLPI-AgentMonitor-x64.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x64.exe) | |
## For 32 bits Windows OS, use: | |
[GLPI-AgentMonitor-x86.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x86.exe) | |
## VirusTotal reports | |
* [GLPI-AgentMonitor-x64.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x64 }}) | |
* [GLPI-AgentMonitor-x86.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x86 }}) | |
fail_on_unmatched_files: true | |
files: | | |
GLPI-AgentMonitor-*.exe |