From c7797c701c94c02fcdcb1baf6ec78b1b498d016c Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 15:04:08 +0800 Subject: [PATCH 01/19] #RI-4462 - [CircleCI] Add Virus check to release branch builds --- .circleci/config.yml | 103 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 14 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4afe1725f8..a3711b9f8b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -28,10 +28,10 @@ aliases: $filePathWithQuotes = '"{0}"' -f $filePath & "C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\signtool.exe" sign /a /sm /n "Redis Labs Inc." /fd sha256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /v $FilePathWithQuotes shell: powershell.exe - scan: &scan + fileScan: &fileScan run: - name: Virustotal scan - command: &virusscan | + name: Virustotal file scan + command: &virusfilescan | uploadUrl=$(curl -sq -XGET https://www.virustotal.com/api/v3/files/upload_url -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data') uploadFile=$("/usr/bin/find" /tmp/release -name ${FILE_NAME}) echo "File to upload: ${uploadFile}" @@ -43,6 +43,25 @@ aliases: echo "Virustotal Analyzed id: ${analysedId}" sleep 10 shell: /bin/bash + urlScan: &urlScan + run: + name: Virustotal url scan + command: &virusurlscan | + echo "Url to check: ${URL}" + + #! urlId generator + #! https://developers.virustotal.com/reference/url + urlBytes=$(echo -n "$URL" | base64) + urlId=$(echo -n "$urlBytes" | tr -d '=') + + analysedId=$(curl -sq -XPOST "https://www.virustotal.com/api/v3/urls/${urlId}/analyse" -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data.id') + if [ $analysedId == "null" ]; then + echo 'Status is null, something went wrong'; exit 1; + fi + echo "export ANALYZED_ID=${analysedId}" >> $BASH_ENV + echo "Virustotal Analyzed id: ${analysedId}" + sleep 10 + shell: /bin/bash validate: &validate run: name: Virustotal validate scan results @@ -612,6 +631,7 @@ jobs: UPGRADES_LINK='' SEGMENT_WRITE_KEY='' yarn package:stage && yarn package:mas rm -rf release/mac + mv release/mas-universal/RedisInsight-mac-universal-mas.pkg release/RedisInsight-mac-universal-mas.pkg no_output_timeout: 60m - run: @@ -625,7 +645,7 @@ jobs: - release/RedisInsight*.zip - release/RedisInsight*.dmg - release/RedisInsight*.dmg.blockmap - - release/**/*.pkg + - release/RedisInsight*.pkg - release/*-mac.yml - release/redisstack windows: @@ -674,7 +694,7 @@ jobs: - release/RedisInsight*.exe - release/RedisInsight*.exe.blockmap - release/*.yml - virustotal: + virustotal-file: executor: linux-executor parameters: ext: @@ -688,7 +708,21 @@ jobs: name: export FILE_NAME environment variable command: | echo 'export FILE_NAME="RedisInsight*<< parameters.ext >>"' >> $BASH_ENV - - <<: *scan + - <<: *fileScan + - <<: *validate + virustotal-url: + executor: linux-executor + parameters: + fileName: + description: File name + type: string + steps: + - checkout + - run: + name: export URL environment variable + command: | + echo 'export URL="https://download.redisinsight.redis.com/latest/<< parameters.fileName >>"' >> $BASH_ENV + - <<: *urlScan - <<: *validate docker: executor: linux-executor @@ -1041,6 +1075,47 @@ workflows: name: Build app - Windows (dev) env: dev requires: *devBuildRequire + + - virustotal-url: + name: Virus check - AppImage (prod) + fileName: RedisInsight-v2-linux-x86_64.AppImage + # requires: + # - Build app - Linux (dev) + - virustotal-url: + name: Virus check - deb (prod) + fileName: RedisInsight-v2-linux-amd64.deb + # requires: + # - Build app - Linux (dev) + - virustotal-url: + name: Virus check - rpm (prod) + fileName: RedisInsight-v2-linux-x86_64.rpm + # requires: + # - Build app - Linux (dev) + - virustotal-url: + name: Virus check - snap (prod) + fileName: RedisInsight-v2-linux-amd64.snap + # requires: + # - Build app - Linux (dev) + - virustotal-url: + name: Virus check x64 - dmg (prod) + fileName: RedisInsight-v2-mac-x64.dmg + # requires: + # - Build app - MacOS (dev) + - virustotal-url: + name: Virus check arm64 - dmg (prod) + fileName: RedisInsight-v2-mac-arm64.dmg + # requires: + # - Build app - MacOS (dev) + - virustotal-url: + name: Virus check MAS - pkg (prod) + fileName: RedisInsight-mac-universal-mas.pkg + # requires: + # - Build app - MacOS (dev) + - virustotal-url: + name: Virus check - exe (prod) + fileName: RedisInsight-v2-win-installer.exe + # requires: + # - Build app - Windows (dev) - store-build-artifacts: name: Store build artifacts (dev) requires: @@ -1159,42 +1234,42 @@ workflows: env: prod requires: *prodElectronBuildRequires # virus check all electron apps (prod) - - virustotal: + - virustotal-file: name: Virus check - AppImage (prod) ext: .AppImage requires: - Build app - Linux (prod) - - virustotal: + - virustotal-file: name: Virus check - deb (prod) ext: .deb requires: - Build app - Linux (prod) - - virustotal: + - virustotal-file: name: Virus check - rpm (prod) ext: .rpm requires: - Build app - Linux (prod) - - virustotal: + - virustotal-file: name: Virus check - snap (prod) ext: .snap requires: - Build app - Linux (prod) - - virustotal: + - virustotal-file: name: Virus check x64 - dmg (prod) ext: -x64.dmg requires: - Build app - MacOS (prod) - - virustotal: + - virustotal-file: name: Virus check arm64 - dmg (prod) ext: -arm64.dmg requires: - Build app - MacOS (prod) - - virustotal: + - virustotal-file: name: Virus check MAS - pkg (prod) ext: -mas.pkg requires: - Build app - MacOS (prod) - - virustotal: + - virustotal-file: name: Virus check - exe (prod) ext: .exe requires: From 5226307977144a33cb55836e20c69369426f3665 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 21:15:00 +0800 Subject: [PATCH 02/19] Updated config.yml --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index a3711b9f8b..13e70e30fc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,6 +53,7 @@ aliases: #! https://developers.virustotal.com/reference/url urlBytes=$(echo -n "$URL" | base64) urlId=$(echo -n "$urlBytes" | tr -d '=') + echo "UrlId: ${urlId}" analysedId=$(curl -sq -XPOST "https://www.virustotal.com/api/v3/urls/${urlId}/analyse" -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data.id') if [ $analysedId == "null" ]; then From 1f3e3f45125a23f248629f7cc231c939bc5ef1a9 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 21:29:02 +0800 Subject: [PATCH 03/19] Updated config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 13e70e30fc..6050c0e32d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -52,7 +52,7 @@ aliases: #! urlId generator #! https://developers.virustotal.com/reference/url urlBytes=$(echo -n "$URL" | base64) - urlId=$(echo -n "$urlBytes" | tr -d '=') + urlId=$(echo -n "$urlBytes" | tr -d '=' | tr -d '\n') echo "UrlId: ${urlId}" analysedId=$(curl -sq -XPOST "https://www.virustotal.com/api/v3/urls/${urlId}/analyse" -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data.id') From bea3e87af3ea86141a80eb7430ad2c2f9e017127 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 21:36:57 +0800 Subject: [PATCH 04/19] #RI-4462 - add virus chack for release --- .circleci/config.yml | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a3711b9f8b..159d71147c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -52,7 +52,8 @@ aliases: #! urlId generator #! https://developers.virustotal.com/reference/url urlBytes=$(echo -n "$URL" | base64) - urlId=$(echo -n "$urlBytes" | tr -d '=') + urlId=$(echo -n "$urlBytes" | tr -d '=' | tr -d '\n') + echo "UrlId: ${urlId}" analysedId=$(curl -sq -XPOST "https://www.virustotal.com/api/v3/urls/${urlId}/analyse" -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data.id') if [ $analysedId == "null" ]; then @@ -95,7 +96,7 @@ aliases: echo "Results:" echo "analazedHarmless: ${analazedHarmless}, analazedMalicious: ${analazedMalicious}, analazedSuspicious: ${analazedSuspicious}" - if [ "$analazedHarmless" != "0" ] || [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then + if [ [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then echo 'Found dangers'; exit 1; fi @@ -1062,19 +1063,19 @@ workflows: env: dev requires: - Setup sign certificates (dev) - - linux: - name: Build app - Linux (dev) - env: dev - requires: &devBuildRequire - - Setup build (dev) - - macosx: - name: Build app - MacOS (dev) - env: dev - requires: *devBuildRequire - - windows: - name: Build app - Windows (dev) - env: dev - requires: *devBuildRequire + # - linux: + # name: Build app - Linux (dev) + # env: dev + # requires: &devBuildRequire + # - Setup build (dev) + # - macosx: + # name: Build app - MacOS (dev) + # env: dev + # requires: *devBuildRequire + # - windows: + # name: Build app - Windows (dev) + # env: dev + # requires: *devBuildRequire - virustotal-url: name: Virus check - AppImage (prod) From fef89d2b2dc03f543b561c7cef0104ab0d37353d Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 21:57:06 +0800 Subject: [PATCH 05/19] #RI-4462 - add virus check for release --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f2a458f433..823a8d4901 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "lint:e2e": "yarn --cwd tests/e2e lint", "package": "yarn package:dev", "package:prod": "yarn build:prod && electron-builder build -p never", - "package:stage": "yarn build:stage && electron-builder build -p never", + "package:stage": "electron-builder build -p never", "package:mas": "electron-builder build -p never -m mas:universal -c ./electron-builder-mas.js", "package:mas:dev": "electron-builder build -p never -m mas-dev:universal -c ./electron-builder-mas.js", "package:dev": "yarn build && cross-env DEBUG=electron-builder electron-builder build -p never", From d772d4da2e17c0f1c104c7b442a93a37131196bf Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Thu, 11 May 2023 21:58:02 +0800 Subject: [PATCH 06/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 24 ++++++++++++------------ package.json | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 159d71147c..b1e65c8596 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1117,18 +1117,18 @@ workflows: fileName: RedisInsight-v2-win-installer.exe # requires: # - Build app - Windows (dev) - - store-build-artifacts: - name: Store build artifacts (dev) - requires: - - Build app - Linux (dev) - - Build app - MacOS (dev) - - Build app - Windows (dev) - - release-aws-test: - name: Release AWS dev - requires: - - Build app - Linux (dev) - - Build app - MacOS (dev) - - Build app - Windows (dev) + # - store-build-artifacts: + # name: Store build artifacts (dev) + # requires: + # - Build app - Linux (dev) + # - Build app - MacOS (dev) + # - Build app - Windows (dev) + # - release-aws-test: + # name: Release AWS dev + # requires: + # - Build app - Linux (dev) + # - Build app - MacOS (dev) + # - Build app - Windows (dev) # Main workflow for release/* and latest branches only release: jobs: diff --git a/package.json b/package.json index 823a8d4901..f2a458f433 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "lint:e2e": "yarn --cwd tests/e2e lint", "package": "yarn package:dev", "package:prod": "yarn build:prod && electron-builder build -p never", - "package:stage": "electron-builder build -p never", + "package:stage": "yarn build:stage && electron-builder build -p never", "package:mas": "electron-builder build -p never -m mas:universal -c ./electron-builder-mas.js", "package:mas:dev": "electron-builder build -p never -m mas-dev:universal -c ./electron-builder-mas.js", "package:dev": "yarn build && cross-env DEBUG=electron-builder electron-builder build -p never", From 1219757e5722125b006c8e42bf226fafa68e42d5 Mon Sep 17 00:00:00 2001 From: zalenskiSofteq Date: Fri, 12 May 2023 00:28:34 +0800 Subject: [PATCH 07/19] #RI-4491 - [CircleCI] Add virus total check for all builds --- .circleci/config.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b1e65c8596..99a8aa1044 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -49,13 +49,8 @@ aliases: command: &virusurlscan | echo "Url to check: ${URL}" - #! urlId generator - #! https://developers.virustotal.com/reference/url - urlBytes=$(echo -n "$URL" | base64) - urlId=$(echo -n "$urlBytes" | tr -d '=' | tr -d '\n') - echo "UrlId: ${urlId}" + analysedId=$(curl -sq -XPOST https://www.virustotal.com/api/v3/urls -H "x-apikey: $VIRUSTOTAL_API_KEY" --form url=${URL} | jq -r '.data.id') - analysedId=$(curl -sq -XPOST "https://www.virustotal.com/api/v3/urls/${urlId}/analyse" -H "x-apikey: $VIRUSTOTAL_API_KEY" | jq -r '.data.id') if [ $analysedId == "null" ]; then echo 'Status is null, something went wrong'; exit 1; fi From 42773ffb44765f08a12a0369e1fb5476bfb49e8c Mon Sep 17 00:00:00 2001 From: zalenskiSofteq Date: Fri, 12 May 2023 00:31:59 +0800 Subject: [PATCH 08/19] #RI-4491 - [CircleCI] Add virus total check for all builds --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 99a8aa1044..6567eac921 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -91,7 +91,7 @@ aliases: echo "Results:" echo "analazedHarmless: ${analazedHarmless}, analazedMalicious: ${analazedMalicious}, analazedSuspicious: ${analazedSuspicious}" - if [ [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then + if [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then echo 'Found dangers'; exit 1; fi From 97142259555c2d69990ad3d285a66e2fce97c23b Mon Sep 17 00:00:00 2001 From: zalenskiSofteq Date: Fri, 12 May 2023 00:35:14 +0800 Subject: [PATCH 09/19] #RI-4491 - [CircleCI] Add virus total check for all builds --- .circleci/config.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6567eac921..a398787176 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1349,6 +1349,32 @@ workflows: report: true requires: - Build app - Linux (stage) + + # - virustotal-url: + # name: Virus check - AppImage (prod) + # fileName: RedisInsight-v2-linux-x86_64.AppImage + # - virustotal-url: + # name: Virus check - deb (prod) + # fileName: RedisInsight-v2-linux-amd64.deb + # - virustotal-url: + # name: Virus check - rpm (prod) + # fileName: RedisInsight-v2-linux-x86_64.rpm + # - virustotal-url: + # name: Virus check - snap (prod) + # fileName: RedisInsight-v2-linux-amd64.snap + # - virustotal-url: + # name: Virus check x64 - dmg (prod) + # fileName: RedisInsight-v2-mac-x64.dmg + # - virustotal-url: + # name: Virus check arm64 - dmg (prod) + # fileName: RedisInsight-v2-mac-arm64.dmg + # - virustotal-url: + # name: Virus check MAS - pkg (prod) + # fileName: RedisInsight-mac-universal-mas.pkg + # - virustotal-url: + # name: Virus check - exe (prod) + # fileName: RedisInsight-v2-win-installer.exe + # # e2e desktop tests on exe build # - e2e-exe: # name: E2ETest (exe) - Nightly From 5567fee7a3cfdd8d00406668433075995450f63e Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Tue, 16 May 2023 18:38:32 +0700 Subject: [PATCH 10/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 49 ++++++++++++++++++++++++++++------ .circleci/virustotal-report.js | 41 ++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 8 deletions(-) create mode 100644 .circleci/virustotal-report.js diff --git a/.circleci/config.yml b/.circleci/config.yml index a398787176..28af99172f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -92,12 +92,22 @@ aliases: echo "analazedHarmless: ${analazedHarmless}, analazedMalicious: ${analazedMalicious}, analazedSuspicious: ${analazedSuspicious}" if [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then + echo "export VIRUS_CHECK_FAILED=1" >> $BASH_ENV echo 'Found dangers'; exit 1; fi echo 'Passed'; shell: /bin/bash no_output_timeout: 15m + virustotalReport: &virustotalReport + run: + name: Virustotal slack report + command: &virusreport | + FILE_NAME=virustotal.report.json + BUILD_NAME=$BUILD_NAME $FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js + # BUILD_NAME=$BUILD_NAME $FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && + # curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage + shell: /bin/bash iTestsNames: &iTestsNames - oss-st-5 # OSS Standalone v5 - oss-st-5-pass # OSS Standalone v5 with admin pass required @@ -718,8 +728,20 @@ jobs: name: export URL environment variable command: | echo 'export URL="https://download.redisinsight.redis.com/latest/<< parameters.fileName >>"' >> $BASH_ENV + echo 'export BUILD_NAME="<< parameters.fileName >>"' >> $BASH_ENV - <<: *urlScan - <<: *validate + - <<: *virustotalReport + + virustotal-report: + executor: linux-executor + steps: + - checkout + - run: + name: Send virustotal passed report + command: | + echo 'export VIRUS_CHECK_FAILED=0' >> $BASH_ENV + - <<: *virustotalReport docker: executor: linux-executor parameters: @@ -1073,45 +1095,56 @@ workflows: # requires: *devBuildRequire - virustotal-url: - name: Virus check - AppImage (prod) + name: Virus check - AppImage (nightly) fileName: RedisInsight-v2-linux-x86_64.AppImage # requires: # - Build app - Linux (dev) - virustotal-url: - name: Virus check - deb (prod) + name: Virus check - deb (nightly) fileName: RedisInsight-v2-linux-amd64.deb # requires: # - Build app - Linux (dev) - virustotal-url: - name: Virus check - rpm (prod) + name: Virus check - rpm (nightly) fileName: RedisInsight-v2-linux-x86_64.rpm # requires: # - Build app - Linux (dev) - virustotal-url: - name: Virus check - snap (prod) + name: Virus check - snap (nightly) fileName: RedisInsight-v2-linux-amd64.snap # requires: # - Build app - Linux (dev) - virustotal-url: - name: Virus check x64 - dmg (prod) + name: Virus check x64 - dmg (nightly) fileName: RedisInsight-v2-mac-x64.dmg # requires: # - Build app - MacOS (dev) - virustotal-url: - name: Virus check arm64 - dmg (prod) + name: Virus check arm64 - dmg (nightly) fileName: RedisInsight-v2-mac-arm64.dmg # requires: # - Build app - MacOS (dev) - virustotal-url: - name: Virus check MAS - pkg (prod) + name: Virus check MAS - pkg (nightly) fileName: RedisInsight-mac-universal-mas.pkg # requires: # - Build app - MacOS (dev) - virustotal-url: - name: Virus check - exe (prod) + name: Virus check - exe (nightly) fileName: RedisInsight-v2-win-installer.exe # requires: # - Build app - Windows (dev) + - virustotal-report: + name: Virus report (prod) + requires: + - Virus check - AppImage (nightly) + - Virus check - deb (nightly) + - Virus check - rpm (nightly) + - Virus check - snap (nightly) + - Virus check x64 - dmg (nightly) + - Virus check arm64 - dmg (nightly) + - Virus check MAS - pkg (nightly) + - Virus check - exe (nightly) # - store-build-artifacts: # name: Store build artifacts (dev) # requires: diff --git a/.circleci/virustotal-report.js b/.circleci/virustotal-report.js new file mode 100644 index 0000000000..c722e8db04 --- /dev/null +++ b/.circleci/virustotal-report.js @@ -0,0 +1,41 @@ +const fs = require('fs'); + +const fileName = process.env.FILE_NAME; +const buildName = process.env.BUILD_NAME; +const failed = !!parseInt(process.env.VIRUS_CHECK_FAILED, 10); + +const results = { + message: { + text: `*Virustotal checks* (Branch: *${process.env.CIRCLE_BRANCH}*)` + + `\n`, + attachments: [], + }, +}; + +const result = { + color: '#36a64f', + title: `Finished at: ${new Date().toISOString()}`, + text: `All builds were passed via virustotal checks`, + fields: [], +}; + +if (failed) { + results.passed = false; + result.color = '#cc0000'; + result.fields.push({ + title: 'Failed build', + value: buildName, + short: true, + }); +} + +results.message.attachments.push(result); + +if (failed === true) { + results.message.text = ' ' + results.message.text; +} + +fs.writeFileSync(fileName, JSON.stringify({ + channel: process.env.SLACK_VIRUSTOTAL_REPORT_CHANNEL, + ...results.message, +})); From 2e9d2046464b62d823b91c1a6ec04cea5d6030af Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Tue, 16 May 2023 18:41:13 +0700 Subject: [PATCH 11/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 28af99172f..4ee9a33898 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -104,8 +104,8 @@ aliases: name: Virustotal slack report command: &virusreport | FILE_NAME=virustotal.report.json - BUILD_NAME=$BUILD_NAME $FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js - # BUILD_NAME=$BUILD_NAME $FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && + BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js + # BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && # curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage shell: /bin/bash iTestsNames: &iTestsNames @@ -1135,7 +1135,7 @@ workflows: # requires: # - Build app - Windows (dev) - virustotal-report: - name: Virus report (prod) + name: Virus check report (prod) requires: - Virus check - AppImage (nightly) - Virus check - deb (nightly) From 01254beff69c0766bc9b1ea34d0a648082d72e91 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:20:23 +0700 Subject: [PATCH 12/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4ee9a33898..636a9e0974 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -104,9 +104,8 @@ aliases: name: Virustotal slack report command: &virusreport | FILE_NAME=virustotal.report.json - BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js - # BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && - # curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage + BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && + curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage shell: /bin/bash iTestsNames: &iTestsNames - oss-st-5 # OSS Standalone v5 From 85e0916e437ce09c4854d014d503e958bc219926 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:29:50 +0700 Subject: [PATCH 13/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 636a9e0974..b13c5e90d9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -96,6 +96,7 @@ aliases: echo 'Found dangers'; exit 1; fi + echo "export SKIP_VIRUSTOTAL_REPORT=true" >> $BASH_ENV echo 'Passed'; shell: /bin/bash no_output_timeout: 15m @@ -103,6 +104,10 @@ aliases: run: name: Virustotal slack report command: &virusreport | + if [ "$SKIP_VIRUSTOTAL_REPORT" == "true" ]; then + exit 0; + fi + FILE_NAME=virustotal.report.json BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage @@ -740,6 +745,7 @@ jobs: name: Send virustotal passed report command: | echo 'export VIRUS_CHECK_FAILED=0' >> $BASH_ENV + echo 'export SKIP_VIRUSTOTAL_REPORT=false' >> $BASH_ENV - <<: *virustotalReport docker: executor: linux-executor From 843bb831c8d718ef6ee19b146ee2f517db4d028a Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:33:20 +0700 Subject: [PATCH 14/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index b13c5e90d9..2c76be3b5a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -96,6 +96,11 @@ aliases: echo 'Found dangers'; exit 1; fi + if [ "$URL" == "https://download.redisinsight.redis.com/latest/RedisInsight-v2-linux-amd64.deb" ]; then + echo "export VIRUS_CHECK_FAILED=1" >> $BASH_ENV + echo 'Found dangers'; exit 1; + fi + echo "export SKIP_VIRUSTOTAL_REPORT=true" >> $BASH_ENV echo 'Passed'; shell: /bin/bash From cfd00585804e0f6a211c00e2adb4746e5c573651 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:39:07 +0700 Subject: [PATCH 15/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 9 +++++++-- .circleci/virustotal-report.js | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2c76be3b5a..ec6611eb5b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -97,10 +97,11 @@ aliases: fi if [ "$URL" == "https://download.redisinsight.redis.com/latest/RedisInsight-v2-linux-amd64.deb" ]; then - echo "export VIRUS_CHECK_FAILED=1" >> $BASH_ENV - echo 'Found dangers'; exit 1; + echo "export VIRUS_CHECK_FAILED=true" >> $BASH_ENV + echo 'Found dangers'; exit 0; fi + echo "export VIRUS_CHECK_FAILED=false" >> $BASH_ENV echo "export SKIP_VIRUSTOTAL_REPORT=true" >> $BASH_ENV echo 'Passed'; shell: /bin/bash @@ -116,6 +117,10 @@ aliases: FILE_NAME=virustotal.report.json BUILD_NAME=$BUILD_NAME FILE_NAME=$FILE_NAME VIRUS_CHECK_FAILED=$VIRUS_CHECK_FAILED node .circleci/virustotal-report.js && curl -H "Content-type: application/json" --data @$FILE_NAME -H "Authorization: Bearer ${SLACK_TEST_REPORT_KEY}" -X POST https://slack.com/api/chat.postMessage + + if [ "$VIRUS_CHECK_FAILED" == "true" ]; then + echo 'Found dangers'; exit 1; + fi shell: /bin/bash iTestsNames: &iTestsNames - oss-st-5 # OSS Standalone v5 diff --git a/.circleci/virustotal-report.js b/.circleci/virustotal-report.js index c722e8db04..8aed5aa607 100644 --- a/.circleci/virustotal-report.js +++ b/.circleci/virustotal-report.js @@ -2,7 +2,7 @@ const fs = require('fs'); const fileName = process.env.FILE_NAME; const buildName = process.env.BUILD_NAME; -const failed = !!parseInt(process.env.VIRUS_CHECK_FAILED, 10); +const failed = process.env.VIRUS_CHECK_FAILED === 'true'; const results = { message: { From f4d924d39d72a36c18e0ed7212d7a231ea7b5661 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:42:02 +0700 Subject: [PATCH 16/19] #RI-4462 - add virus check for release --- .circleci/virustotal-report.js | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/virustotal-report.js b/.circleci/virustotal-report.js index 8aed5aa607..9962c2ddf8 100644 --- a/.circleci/virustotal-report.js +++ b/.circleci/virustotal-report.js @@ -22,6 +22,7 @@ const result = { if (failed) { results.passed = false; result.color = '#cc0000'; + result.text = 'Build had failed virustotal checks'; result.fields.push({ title: 'Failed build', value: buildName, From a4914a3ad3bda1f43202443777941496602444aa Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 14:48:39 +0700 Subject: [PATCH 17/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ec6611eb5b..16f8a84d38 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -92,11 +92,6 @@ aliases: echo "analazedHarmless: ${analazedHarmless}, analazedMalicious: ${analazedMalicious}, analazedSuspicious: ${analazedSuspicious}" if [ "$analazedMalicious" != "0" ] || [ "$analazedSuspicious" != "0" ]; then - echo "export VIRUS_CHECK_FAILED=1" >> $BASH_ENV - echo 'Found dangers'; exit 1; - fi - - if [ "$URL" == "https://download.redisinsight.redis.com/latest/RedisInsight-v2-linux-amd64.deb" ]; then echo "export VIRUS_CHECK_FAILED=true" >> $BASH_ENV echo 'Found dangers'; exit 0; fi From d43e4b3aa0b0abbd7254735681f6f5eacdfc55c4 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 15:26:38 +0700 Subject: [PATCH 18/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 111 ++++++++++++++----------------------------- 1 file changed, 35 insertions(+), 76 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 16f8a84d38..b789eecccc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1103,58 +1103,6 @@ workflows: # name: Build app - Windows (dev) # env: dev # requires: *devBuildRequire - - - virustotal-url: - name: Virus check - AppImage (nightly) - fileName: RedisInsight-v2-linux-x86_64.AppImage - # requires: - # - Build app - Linux (dev) - - virustotal-url: - name: Virus check - deb (nightly) - fileName: RedisInsight-v2-linux-amd64.deb - # requires: - # - Build app - Linux (dev) - - virustotal-url: - name: Virus check - rpm (nightly) - fileName: RedisInsight-v2-linux-x86_64.rpm - # requires: - # - Build app - Linux (dev) - - virustotal-url: - name: Virus check - snap (nightly) - fileName: RedisInsight-v2-linux-amd64.snap - # requires: - # - Build app - Linux (dev) - - virustotal-url: - name: Virus check x64 - dmg (nightly) - fileName: RedisInsight-v2-mac-x64.dmg - # requires: - # - Build app - MacOS (dev) - - virustotal-url: - name: Virus check arm64 - dmg (nightly) - fileName: RedisInsight-v2-mac-arm64.dmg - # requires: - # - Build app - MacOS (dev) - - virustotal-url: - name: Virus check MAS - pkg (nightly) - fileName: RedisInsight-mac-universal-mas.pkg - # requires: - # - Build app - MacOS (dev) - - virustotal-url: - name: Virus check - exe (nightly) - fileName: RedisInsight-v2-win-installer.exe - # requires: - # - Build app - Windows (dev) - - virustotal-report: - name: Virus check report (prod) - requires: - - Virus check - AppImage (nightly) - - Virus check - deb (nightly) - - Virus check - rpm (nightly) - - Virus check - snap (nightly) - - Virus check x64 - dmg (nightly) - - Virus check arm64 - dmg (nightly) - - Virus check MAS - pkg (nightly) - - Virus check - exe (nightly) # - store-build-artifacts: # name: Store build artifacts (dev) # requires: @@ -1393,30 +1341,41 @@ workflows: requires: - Build app - Linux (stage) - # - virustotal-url: - # name: Virus check - AppImage (prod) - # fileName: RedisInsight-v2-linux-x86_64.AppImage - # - virustotal-url: - # name: Virus check - deb (prod) - # fileName: RedisInsight-v2-linux-amd64.deb - # - virustotal-url: - # name: Virus check - rpm (prod) - # fileName: RedisInsight-v2-linux-x86_64.rpm - # - virustotal-url: - # name: Virus check - snap (prod) - # fileName: RedisInsight-v2-linux-amd64.snap - # - virustotal-url: - # name: Virus check x64 - dmg (prod) - # fileName: RedisInsight-v2-mac-x64.dmg - # - virustotal-url: - # name: Virus check arm64 - dmg (prod) - # fileName: RedisInsight-v2-mac-arm64.dmg - # - virustotal-url: - # name: Virus check MAS - pkg (prod) - # fileName: RedisInsight-mac-universal-mas.pkg - # - virustotal-url: - # name: Virus check - exe (prod) - # fileName: RedisInsight-v2-win-installer.exe + - virustotal-url: + name: Virus check - AppImage (nightly) + fileName: RedisInsight-v2-linux-x86_64.AppImage + - virustotal-url: + name: Virus check - deb (nightly) + fileName: RedisInsight-v2-linux-amd64.deb + - virustotal-url: + name: Virus check - rpm (nightly) + fileName: RedisInsight-v2-linux-x86_64.rpm + - virustotal-url: + name: Virus check - snap (nightly) + fileName: RedisInsight-v2-linux-amd64.snap + - virustotal-url: + name: Virus check x64 - dmg (nightly) + fileName: RedisInsight-v2-mac-x64.dmg + - virustotal-url: + name: Virus check arm64 - dmg (nightly) + fileName: RedisInsight-v2-mac-arm64.dmg + - virustotal-url: + name: Virus check MAS - pkg (nightly) + fileName: RedisInsight-mac-universal-mas.pkg + - virustotal-url: + name: Virus check - exe (nightly) + fileName: RedisInsight-v2-win-installer.exe + - virustotal-report: + name: Virus check report (prod) + requires: + - Virus check - AppImage (nightly) + - Virus check - deb (nightly) + - Virus check - rpm (nightly) + - Virus check - snap (nightly) + - Virus check x64 - dmg (nightly) + - Virus check arm64 - dmg (nightly) + - Virus check MAS - pkg (nightly) + - Virus check - exe (nightly) # # e2e desktop tests on exe build # - e2e-exe: From 01e39b238c4052d8f0fde1ce7ed1784cdcac7953 Mon Sep 17 00:00:00 2001 From: Zalenski Egor <63463140+zalenskiSofteq@users.noreply.github.com> Date: Wed, 17 May 2023 15:28:31 +0700 Subject: [PATCH 19/19] #RI-4462 - add virus check for release --- .circleci/config.yml | 50 ++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b789eecccc..8ecee1ea94 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1090,31 +1090,31 @@ workflows: env: dev requires: - Setup sign certificates (dev) - # - linux: - # name: Build app - Linux (dev) - # env: dev - # requires: &devBuildRequire - # - Setup build (dev) - # - macosx: - # name: Build app - MacOS (dev) - # env: dev - # requires: *devBuildRequire - # - windows: - # name: Build app - Windows (dev) - # env: dev - # requires: *devBuildRequire - # - store-build-artifacts: - # name: Store build artifacts (dev) - # requires: - # - Build app - Linux (dev) - # - Build app - MacOS (dev) - # - Build app - Windows (dev) - # - release-aws-test: - # name: Release AWS dev - # requires: - # - Build app - Linux (dev) - # - Build app - MacOS (dev) - # - Build app - Windows (dev) + - linux: + name: Build app - Linux (dev) + env: dev + requires: &devBuildRequire + - Setup build (dev) + - macosx: + name: Build app - MacOS (dev) + env: dev + requires: *devBuildRequire + - windows: + name: Build app - Windows (dev) + env: dev + requires: *devBuildRequire + - store-build-artifacts: + name: Store build artifacts (dev) + requires: + - Build app - Linux (dev) + - Build app - MacOS (dev) + - Build app - Windows (dev) + - release-aws-test: + name: Release AWS dev + requires: + - Build app - Linux (dev) + - Build app - MacOS (dev) + - Build app - Windows (dev) # Main workflow for release/* and latest branches only release: jobs: