Skip to content

Fix release step

Fix release step #66

name: GLPI Agent Monitor CI
on:
push:
pull_request:
branches:
- main
jobs:
windows-compile:
runs-on: windows-latest
strategy:
matrix:
arch: [ x64, x86 ]
steps:
- uses: actions/checkout@v4
- uses: ilammy/[email protected]
with:
arch: ${{ matrix.arch }}
- name: Set version
run: |
shopt -s extglob
echo "#define VI_FILENAME \"GLPI-AgentMonitor-$ARCH.exe\"" > version.h
if [ -z "${GITHUB_REF##refs/tags/*}" ]; then
TAG=${GITHUB_REF#refs/tags/}
VTAG=${TAG#*-}
if [ -n "$TAG" -a -z "${TAG##+([[:digit:]]).+([[:digit:]]).+([[:digit:]])?(-*)}" ]; then
FULLVERSION=${TAG%%-*}
BUILD_VERSION=${FULLVERSION##*.}
VERSION=${FULLVERSION%.*}
MAJOR_VERSION=${VERSION%.*}
MINOR_VERSION=${VERSION#*.}
echo "#define VI_VERSIONDEF $MAJOR_VERSION,$MINOR_VERSION,$BUILD_VERSION,0" >> version.h
echo "#define VI_VERSIONSTRING \"$MAJOR_VERSION.$MINOR_VERSION.$BUILD_VERSION.0\"" >> version.h
fi
if [ -n "$VTAG" ]; then
echo "#define VI_PRODUCTNAME \"GLPI Agent Monitor ($VTAG)\"" >> version.h
fi
fi
shell: bash
env:
ARCH: ${{ matrix.arch }}
- name: Compile and link
run: |
msbuild GLPI-AgentMonitor.vcxproj -p:Configuration=Release -p:Platform=${{ matrix.arch }} -p:OutDir=Release\ -p:IntermediateOutputPath=Release\ -v:detailed -fl -flp:logfile=Release\msbuild.log
- name: Rename built binary to include ${{ matrix.arch }}
run: |
mv -f "Release\\GLPI-AgentMonitor.exe" "Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe"
shell: bash
- name: Code Signing
id: signing
if: ${{ startsWith(github.ref, 'refs/tags/') && env.CODESIGN_COMMAND && vars.WIN32_SIGNING != 'no' }}
run: |
umask 0077
mkdir ~/.ssh
echo "$CODESIGN_KNOWNHOST" > ~/.ssh/known_hosts
echo "$CODESIGN_PRIVATE" > private.key
umask 0002
EXE="GLPI-AgentMonitor-${{ matrix.arch }}.exe"
cat "Release\\$EXE" | $CODESIGN_COMMAND codesign "$EXE" > "$EXE"
rm -f private.key ~/.ssh/known_hosts "Release\\$EXE"
mv -f "$EXE" "Release\\$EXE"
read SHA256 XXX <<<$(sha256sum "Release\\$EXE")
echo "$EXE SHA256: $SHA256"
echo "sha256=$SHA256" >>$GITHUB_OUTPUT
shell: bash
env:
CODESIGN_KNOWNHOST: ${{ secrets.CODESIGN_KNOWNHOST }}
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }}
CODESIGN_PRIVATE: ${{ secrets.CODESIGN_PRIVATE }}
- name: Upload built artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: GLPI-AgentMonitor-Build-${{ matrix.arch }}
path: |
Release\*.exe
- name: Upload build logs artifact
uses: actions/upload-artifact@v4
if: success() || failure()
with:
name: GLPI-AgentMonitor-BuildLogs-${{ matrix.arch }}
path: |
Release\msbuild.log
Release\*.tlog
version.h
- name: VirusTotal Scan submission
if: startsWith(github.ref, 'refs/tags/')
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
Release\\GLPI-AgentMonitor-${{ matrix.arch }}.exe
- name: VirusTotal Analysis report check
if: startsWith(github.ref, 'refs/tags/') && env.VT_API_KEY
run: |
let TRY=20
while curl -s --request GET --url https://www.virustotal.com/api/v3/files/$SHA256 --header "x-apikey: $VT_API_KEY" >vt.json
do
ERRCODE=$(jq .error.code vt.json 2>&1)
if [ "$ERRCODE" == "null" ]; then
if [ "$(jq .data.attributes.last_analysis_results.VBA32 vt.json)" != "null" ]; then
echo "$(date): Current analysis stats:"
jq .data.attributes.last_analysis_stats vt.json
MALICIOUS="$(jq .data.attributes.last_analysis_stats.malicious vt.json)"
SUSPICIOUS="$(jq .data.attributes.last_analysis_stats.suspicious vt.json)"
if [ -n "$MALICIOUS" -a "$MALICIOUS" != "null" -a "$MALICIOUS" -gt 0 ]; then
echo "::warning title=Malicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256"
fi
if [ -n "$SUSPICIOUS" -a "$SUSPICIOUS" != "null" -a "$SUSPICIOUS" -gt 0 ]; then
echo "::warning title=Suspicious analysis reporting for GLPI-AgentMonitor-${{ matrix.arch }}.exe::See https://www.virustotal.com/gui/file/$SHA256"
fi
break
else
echo "$(date): Analysis is running"
fi
else
echo "$(date): $ERRCODE"
if [ "$TRY" -lt 15 -a "$ERRCODE" != '"NotFoundError"' ]; then
echo "$(date): Failing to access VT reporting"
break
fi
fi
rm -f vt.json
if (( --TRY < 0 )); then
echo "$(date): Nothing to report"
break
fi
sleep 15
done
exit 0
shell: bash
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
SHA256: ${{ steps.signing.outputs.sha256 }}
release:
runs-on: ubuntu-latest
if: ${{ startsWith(github.ref, 'refs/tags/') }}
needs: [ windows-compile ]
steps:
- name: Download x64 Artifact
uses: actions/download-artifact@v4
with:
pattern: GLPI-AgentMonitor-Build-*
merge-multiple: true
- name: Get sha256 sums
id: sha256
run: |
read X64 XXX <<< $( sha256sum GLPI-AgentMonitor-x64.exe )
read X86 XXX <<< $( sha256sum GLPI-AgentMonitor-x86.exe )
echo "GLPI-AgentMonitor-x64.exe SHA256: $X64"
echo "GLPI-AgentMonitor-x86.exe SHA256: $X86"
echo "x64=$X64" >>$GITHUB_OUTPUT
echo "x86=$X86" >>$GITHUB_OUTPUT
shell: bash
- name: Publish release
uses: softprops/action-gh-release@v2
with:
draft: ${{ contains(github.ref_name, 'test') }}
prerelease: ${{ contains(github.ref_name, 'beta') }}
name: GLPI Agent Monitor v${{ github.ref_name }}
body: |
## For 64 bits Windows OS, use:
[GLPI-AgentMonitor-x64.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x64.exe)
## For 32 bits Windows OS, use:
[GLPI-AgentMonitor-x86.exe](https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/GLPI-AgentMonitor-x86.exe)
## VirusTotal reports
* [GLPI-AgentMonitor-x64.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x64 }})
* [GLPI-AgentMonitor-x86.exe VirusTotal report](https://www.virustotal.com/gui/file/${{ steps.sha256.outputs.x86 }})
fail_on_unmatched_files: true
files: |
GLPI-AgentMonitor-*.exe