Skip to content

Scan trunk archives with ClamAV #105

Scan trunk archives with ClamAV

Scan trunk archives with ClamAV #105

Workflow file for this run

# Copyright 2024, Intel Corporation
# SPDX-License-Identifier: BSD-3-Clause
name: Scan trunk archives with ClamAV
permissions: read-all
on:
workflow_dispatch:
schedule:
# Run every day at 22:00 UTC
- cron: '0 22 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
zip_url: https://ci.appveyor.com/api/projects/ispc/ispc/artifacts/build%2Fispc-trunk-windows.zip?job=Environment%3A%20APPVEYOR_BUILD_WORKER_IMAGE%3DVisual%20Studio%202019%2C%20LLVM_VERSION%3Dlatest
tar_url: https://ci.appveyor.com/api/projects/ispc/ispc/artifacts/build%2Fispc-trunk-linux.tar.gz?job=Environment%3A%20APPVEYOR_BUILD_WORKER_IMAGE%3DUbuntu2204%2C%20LLVM_VERSION%3Dlatest
jobs:
scan:
runs-on: ubuntu-latest
# Disabling this workflow for non ispc/ispc repo to reduce the traffic to artifacts downloads.
if: github.repository == 'ispc/ispc'
steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install ClamAV
run: |
sudo apt-get update
sudo apt-get install -y clamav
- name: Update ClamAV database
run: |
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
- name: Download archives
run: |
wget -O archive.zip ${{ env.zip_url }}
unzip -q archive.zip
wget -O archive.tar.gz ${{ env.tar_url }}
gunzip archive.tar.gz
- name: Scan archvies and source code with ClamAV
run: |
clamscan --recursive --scan-archive --archive-verbose --verbose ./ 2>&1 | tee ispc-trunk-clamscan.log
- name: Upload ClamAV logs
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: always()
with:
name: clamav-logs
path: |
ispc-trunk-clamscan.log