[ci skip] seperate av whitelisting into own workflow to be able to upload assets on failure

2026-05-17 18:21:26 +00:00 · 2024-02-27 18:55:14 +01:00
parent a38377baaa
commit bca20a7a66
2 changed files with 60 additions and 39 deletions
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -0,0 +1,40 @@
+name: AntiVirus Whitelisting
+
+on:
+  workflow_call:
+    inputs:
+      url:
+        description: "Url to the file to upload"
+        required: true
+        type: string
+  workflow_dispatch:
+    inputs:
+      url:
+        description: "Url to the file to upload"
+        required: true
+        type: string
+
+jobs:
+  allowlist:
+    name: Anti Virus Allowlisting
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download file
+        run: |
+          curl --remote-name ${{ inputs.url }} -L
+      - name: Upload to Kaspersky
+        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
+        with:
+          protocol: ftps
+          server: allowlist.kaspersky-labs.com
+          port: 990
+          username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
+          password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
+      - name: Upload to Avast
+        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
+        with:
+          protocol: ftp
+          server: whitelisting.avast.com
+          port: 21
+          username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
+          password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -39,6 +39,8 @@ jobs:
    env:
      LOOPBACK_ALIAS: 'cryptomator-vault'
      WIN_CONSOLE_FLAG: ''
+    outputs:
+      download-url: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }} #ónly set on a release
    steps:
      - uses: actions/checkout@v4
      - name: Setup Java
@@ -255,19 +257,29 @@ jobs:
            Cryptomator-*.asc
          if-no-files-found: error
      - name: Publish .msi on GitHub Releases
+        id: publish
        if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
        uses: softprops/action-gh-release@v1
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+          # do not change ordering of filelist, required for correct job output
          files: |
            *.msi
            *.asc

+  allowlist-msi:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [build-msi]
+    with:
+      url: ${{ needs.build-msi.outputs.download-url }}
+
  build-exe:
    name: Build .exe installer
    runs-on: windows-latest
    needs: [get-version, build-msi]
+    outputs:
+      download-url: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }} #ónly set on a release
    steps:
      - uses: actions/checkout@v4
      - name: Download .msi
@@ -366,54 +378,23 @@ jobs:
            Cryptomator-*.asc
          if-no-files-found: error
      - name: Publish .msi on GitHub Releases
+        id: publish
        if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
        uses: softprops/action-gh-release@v1
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+          # do not change ordering of filelist, required for correct job output
          files: |
            Cryptomator-*.exe
            Cryptomator-*.asc

-  allowlist:
-    name: Anti Virus Allowlisting
-    if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-    runs-on: ubuntu-latest
-    needs: [build-msi, build-exe]
-    steps:
-      - name: Download .msi
-        uses: actions/download-artifact@v4
-        with:
-          name: msi
-          path: msi
-      - name: Download .exe
-        uses: actions/download-artifact@v4
-        with:
-          name: exe
-          path: exe
-      - name: Collect files
-        run: |
-          mkdir files
-          cp msi/*.msi files
-          cp exe/*.exe files
-      - name: Upload to Kaspersky
-        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
-        with:
-          protocol: ftps
-          server: allowlist.kaspersky-labs.com
-          port: 990
-          username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
-          password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
-          local-dir: files/
-      - name: Upload to Avast
-        uses: SamKirkland/FTP-Deploy-Action@v4.3.4
-        with:
-          protocol: ftp
-          server: whitelisting.avast.com
-          port: 21
-          username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
-          password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
-          local-dir: files/
+  allowlist-exe:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [build-exe]
+    with:
+      url: ${{ needs.build-exe.outputs.download-url }}
+
  notify-winget:
    name: Notify for winget-release
    if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published' && needs.get-version.outputs.versionType == 'stable'