File: mcafee.yml

package info (click to toggle)
libvpl-tools 1.5.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 7,640 kB
  • sloc: cpp: 107,613; python: 4,303; ansic: 3,202; sh: 159; lisp: 52; makefile: 13
file content (106 lines) | stat: -rw-r--r-- 2,955 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
---
name: Malware scan
permissions: read-all

on:

  workflow_call:
    inputs:
      artifact_name:
        description: 'Artifact to test'
        type: string
      caas:
        description: 'CaaS Image'
        type: string
      write_test_file:
        description: 'Write EICAR test file (see https://www.eicar.org/)'
        type: boolean
      output_prefix:
        description: 'Prefix to add to output artifacts'
        required: false
        default: ''
        type: string

jobs:
  scan:
    runs-on: [self-hosted, linux, docker]
    steps:

      - name: Cleanup workspace
        run: sudo rm -rf ..?* .[!.]* *

        # get files to scan
      - name: Checkout dispatcher source
        if: success() && !inputs.artifact_name
        uses: actions/checkout@v4
        with:
          path: product

      - name: Download package
        if: success() && inputs.artifact_name
        uses: actions/download-artifact@v4
        with:
          name: ${{ inputs.artifact_name }}
          path: product

      - name: Extract package
        if: success() && inputs.artifact_name
        run: |
          if compgen -G "product/*.zip" > /dev/null; then
            unzip product/*.zip -d product
          fi

      # Write test file if requested
      - name: Write EICAR test file
        if: success() && inputs.write_test_file
        run: >
          echo
          'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
          > product/eicar-com.com

      # CaaS based testing
      - name: Pull CaaS docker image
        if: success() && inputs.caas
        run: |
          docker pull ${{ inputs.caas }}
      - name: Run Test using CaaS image
        if: success() && inputs.caas
        run: >
          docker run -v $(realpath product):/scanme
                     --rm ${{ inputs.caas }}
                     >> report.txt

      # Local image based testing
      - name: Checkout av scanning tool
        if: success() && !inputs.caas
        uses: actions/checkout@v4
        with:
          repository: ${{ vars.AV_TOOL_REPO }}
          token: ${{ secrets.TEST_REPO_TOKEN }}
          path: av-scanning
          ref: master

      - name: Create docker image
        if: success() && !inputs.caas
        run: |
          pushd av-scanning
          sed -i 's|FROM.*ubuntu:latest|FROM public.ecr.aws/lts/ubuntu:24.04|' \
                 Dockerfile
          docker build -t mcafee:latest .
          popd
      - name: Run Test
        if: success() && !inputs.caas
        run: |
          docker run --rm -v $(realpath product):/scanme \
                 mcafee:latest >> report.txt

      # Publish
      - name: Upload test results
        uses: actions/upload-artifact@v4
        if: success() || failure()
        with:
          name: ${{ inputs.artifact_name || 'source' }}-malware-scan
          path: report.txt

      - name: Cleanup workspace
        run: sudo rm -rf ..?* .[!.]* *