cryptomator/.github/workflows/av-whitelist.yml

name: AntiVirus Whitelisting

on:
  workflow_call:
    inputs:
      url:
        description: "Url to the file to upload"
        required: true
        type: string
  workflow_dispatch:
    inputs:
      url:
        description: "Url to the file to upload"
        required: true
        type: string
      avast:
        description: "Upload to Avast"
        required: false
        type: boolean
        default: false
      kaspersky:
        description: "Upload to Kaspersky"
        required: false
        type: boolean
        default: false

jobs:
  download-file:
    name: Downloads the file into the VM
    runs-on: ubuntu-latest
    outputs:
      fileName: ${{ steps.extractName.outputs.fileName}}
    env:
      INPUT_URL: ${{ inputs.url }}
    steps:
      - name: Extract file name
        id: extractName
        run: |
          url="${INPUT_URL}"
          echo "fileName=${url##*/}" >> $GITHUB_OUTPUT
      - name: Download file
        run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}}
      - name: Upload artifact
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: ${{ steps.extractName.outputs.fileName }}
          path: ${{ steps.extractName.outputs.fileName }}
          if-no-files-found: error
  allowlist-kaspersky:
    name: Anti Virus Allowlisting Kaspersky
    runs-on: ubuntu-latest
    needs: download-file
    if: github.event_name == 'workflow_call' || inputs.kaspersky
    steps:
      - name: Download artifact
        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: ${{ needs.download-file.outputs.fileName }}
          path: upload
      - name: Upload to Kaspersky
        uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a # v4.6.3
        with:
          protocol: ftps
          server: allowlist.kaspersky-labs.com
          port: 990
          username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
          password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
          local-dir: ./upload/
  allowlist-avast:
    name: Anti Virus Allowlisting Avast
    runs-on: ubuntu-latest
    needs: download-file
    if: github.event_name == 'workflow_call'  || inputs.avast
    steps:
      - name: Download artifact
        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: ${{ needs.download-file.outputs.fileName }}
          path: upload
      - name: Upload to Avast
        uses: wlixcc/SFTP-Deploy-Action@a5ccb9c6211a94cc59404f0fdb2a9936a6dfee64 # v1.2.6
        with:
          server: whitelisting.avast.com
          port: 22
          username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
          password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
          ssh_private_key: ''
          sftp_only: true
          local_path: './upload/*'
          remote_path: '/data'