From d541becb1a46aaa59949a40d375e763715e4d9d0 Mon Sep 17 00:00:00 2001 From: Pierre-Antoine Rouby <pierre-antoine.rouby@inrae.fr> Date: Fri, 2 Feb 2024 11:23:39 +0100 Subject: [PATCH] ci: Add antivirus check with clamav scan. --- .gitlab-ci.yml | 20 ++++++++++++++++++++ packages/clamav-scan.sh | 16 ++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100755 packages/clamav-scan.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ed6ac6fc..8e6efcd1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,6 +20,7 @@ stages: - test - build - package + - antivirus - release ############# @@ -403,6 +404,25 @@ windows-package-exe: - copy ..\packages\pamhyr.nsi pamhyr.nsi - .\make-windows-exe.bat +pkg-check-clamav: + stage: antivirus + tags: + - release + - linux + needs: + - job: linux-package-tar + artifacts: true + - job: windows-package-zip + artifacts: true + - job: windows-package-exe + artifacts: true + rules: + - if: $CI_COMMIT_BRANCH == 'ci-test' || $CI_COMMIT_TAG + script: + - cd packages + - ./clamav-scan.sh + allow_failure: true + ########### # RELEASE # ########### diff --git a/packages/clamav-scan.sh b/packages/clamav-scan.sh new file mode 100755 index 00000000..ddb134d1 --- /dev/null +++ b/packages/clamav-scan.sh @@ -0,0 +1,16 @@ +#! /bin/bash +set +x + +OPTS="-r -a" +FILES="../windows/pamhyr-windows.exe ../windows/pamhyr-windows.zip ../linux/pamhyr-gnulinux.tar.xz" + +clamscan $OPTS $FILES | tee clamav.log + +RES=$(cat clamav.log | grep "Infected files: 0") +if [ -z "$RES" ]; then + echo "Infected files" + exit -1 +else + echo "OK" + exit 0 +fi -- GitLab