From d541becb1a46aaa59949a40d375e763715e4d9d0 Mon Sep 17 00:00:00 2001
From: Pierre-Antoine Rouby <pierre-antoine.rouby@inrae.fr>
Date: Fri, 2 Feb 2024 11:23:39 +0100
Subject: [PATCH] ci: Add antivirus check with clamav scan.

---
 .gitlab-ci.yml          | 20 ++++++++++++++++++++
 packages/clamav-scan.sh | 16 ++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100755 packages/clamav-scan.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ed6ac6fc..8e6efcd1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -20,6 +20,7 @@ stages:
   - test
   - build
   - package
+  - antivirus
   - release
 
 #############
@@ -403,6 +404,25 @@ windows-package-exe:
     - copy ..\packages\pamhyr.nsi pamhyr.nsi
     - .\make-windows-exe.bat
 
+pkg-check-clamav:
+  stage: antivirus
+  tags:
+    - release
+    - linux
+  needs:
+    - job: linux-package-tar
+      artifacts: true
+    - job: windows-package-zip
+      artifacts: true
+    - job: windows-package-exe
+      artifacts: true
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'ci-test' || $CI_COMMIT_TAG
+  script:
+    - cd packages
+    - ./clamav-scan.sh
+  allow_failure: true
+
 ###########
 # RELEASE #
 ###########
diff --git a/packages/clamav-scan.sh b/packages/clamav-scan.sh
new file mode 100755
index 00000000..ddb134d1
--- /dev/null
+++ b/packages/clamav-scan.sh
@@ -0,0 +1,16 @@
+#! /bin/bash
+set +x
+
+OPTS="-r -a"
+FILES="../windows/pamhyr-windows.exe ../windows/pamhyr-windows.zip ../linux/pamhyr-gnulinux.tar.xz"
+
+clamscan $OPTS $FILES | tee clamav.log
+
+RES=$(cat clamav.log | grep "Infected files: 0")
+if [ -z "$RES" ]; then
+    echo "Infected files"
+    exit -1
+else
+    echo "OK"
+    exit 0
+fi
-- 
GitLab