Enhance VirusTotal scan error handling in release workflow. Updated error messages to warnings and added a continue-on-error flag to allow the workflow to proceed despite scan failures. Improved reporting in vt_results.md for better visibility of issues encountered during the scan process.

This commit is contained in:
AndyMik90
2025-12-22 14:34:39 +01:00
parent 326118bd59
commit d23fcd8669
+11 -18
View File
@@ -280,6 +280,7 @@ jobs:
- name: Scan with VirusTotal
id: virustotal
continue-on-error: true
if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.dry_run != true) }}
env:
VT_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
@@ -293,8 +294,6 @@ jobs:
echo "## VirusTotal Scan Results" > vt_results.md
echo "" >> vt_results.md
scan_failed=false
for file in release-assets/*.{exe,dmg,AppImage,deb}; do
[ -f "$file" ] || continue
filename=$(basename "$file")
@@ -310,9 +309,9 @@ jobs:
upload_url=$(echo "$upload_url_response" | jq -r '.data // empty')
if [ -z "$upload_url" ]; then
echo "::error::Failed to get upload URL for large file $filename"
echo "::warning::Failed to get upload URL for large file $filename"
echo "Response: $upload_url_response"
scan_failed=true
echo "- $filename - ⚠️ Upload failed (large file)" >> vt_results.md
continue
fi
api_url="$upload_url"
@@ -328,9 +327,9 @@ jobs:
# Check if response is valid JSON before parsing
if ! echo "$response" | jq -e . >/dev/null 2>&1; then
echo "::error::VirusTotal returned invalid JSON for $filename"
echo "::warning::VirusTotal returned invalid JSON for $filename"
echo "Response (first 500 chars): ${response:0:500}"
scan_failed=true
echo "- $filename - ⚠️ Scan failed (invalid response)" >> vt_results.md
continue
fi
@@ -338,8 +337,8 @@ jobs:
error_code=$(echo "$response" | jq -r '.error.code // empty')
if [ -n "$error_code" ]; then
error_msg=$(echo "$response" | jq -r '.error.message // "Unknown error"')
echo "::error::VirusTotal API error for $filename: $error_code - $error_msg"
scan_failed=true
echo "::warning::VirusTotal API error for $filename: $error_code - $error_msg"
echo "- $filename - ⚠️ Scan failed ($error_code)" >> vt_results.md
continue
fi
@@ -347,9 +346,9 @@ jobs:
analysis_id=$(echo "$response" | jq -r '.data.id // empty')
if [ -z "$analysis_id" ]; then
echo "::error::Failed to upload $filename to VirusTotal"
echo "::warning::Failed to upload $filename to VirusTotal"
echo "Response: $response"
scan_failed=true
echo "- $filename - ⚠️ Upload failed" >> vt_results.md
continue
fi
@@ -401,9 +400,8 @@ jobs:
vt_url="https://www.virustotal.com/gui/file/$file_hash"
if [ "$malicious" -gt 0 ] || [ "$suspicious" -gt 0 ]; then
echo "::error::$filename has $malicious malicious and $suspicious suspicious detections!"
echo "- [$filename]($vt_url) - ⚠️ **$malicious malicious, $suspicious suspicious** detections" >> vt_results.md
scan_failed=true
echo "::warning::$filename has $malicious malicious and $suspicious suspicious detections (likely false positives)"
echo "- [$filename]($vt_url) - ⚠️ **$malicious malicious, $suspicious suspicious** detections (review recommended)" >> vt_results.md
else
echo "$filename is clean ($undetected engines, 0 detections)"
echo "- [$filename]($vt_url) - ✅ Clean ($undetected engines, 0 detections)" >> vt_results.md
@@ -418,11 +416,6 @@ jobs:
cat vt_results.md >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
if [ "$scan_failed" = true ]; then
echo "::error::VirusTotal scan found issues. Review the results above."
exit 1
fi
- name: Dry run summary
if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }}
run: |