### Configure VirusTotal Scan Action Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Configure the action with your VirusTotal API key and specify files to scan using glob patterns. Respect the free-tier rate limit by setting `request_rate` to 4 requests per minute. ```yaml - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} files: | ./dist/myapp-linux-amd64 ./dist/myapp-windows-amd64.exe request_rate: 4 # respect free-tier rate limit (4 req/min) # Output: analysis=./dist/myapp-linux-amd64=https://www.virustotal.com/gui/file-analysis//detection,... ``` -------------------------------- ### Scan Local Build Artifacts with Glob Patterns Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Scan multiple local build artifacts using glob patterns. The action will resolve and upload all matching files, providing individual analysis links for each. ```yaml name: ci on: push: branches: [master] jobs: build-and-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build artifacts run: | mkdir -p dist cp myapp dist/myapp-linux.tar.gz cp myapp.exe dist/myapp-win.exe - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} files: | ./dist/*.tar.gz ./dist/*.exe # Logs: "./dist/myapp-linux.tar.gz successfully uploaded. Check detection analysis at https://..." # Logs: "./dist/myapp-win.exe successfully uploaded. Check detection analysis at https://..." ``` -------------------------------- ### Scan Release Assets and Update Body Source: https://github.com/crazy-max/ghaction-virustotal/blob/master/README.md Scan release assets and automatically append analysis links to the release body by setting `update_release_body: true`. This workflow requires write permissions for contents. Ensure your VirusTotal API key is set as a secret. ```yaml name: released permissions: contents: read on: release: types: - published jobs: virustotal: runs-on: ubuntu-latest permissions: # required to write GitHub Release body contents: write steps: - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} update_release_body: true files: | .exe$ ``` -------------------------------- ### asset() and mimeOrDefault() Utilities Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt The `asset()` function reads a file and returns its metadata (name, mime type, size, content). `mimeOrDefault()` detects the MIME type of a file, falling back to a default. ```APIDOC ## `asset(path)` — Read File Metadata ### Description The `asset()` utility function reads a file from disk and returns an `Asset` object containing `name` (basename), `mime` (from MIME type detection, falls back to `application/octet-stream`), `size` (bytes), and `file` (Buffer). Used internally before every upload. ### Method ```typescript asset(path: string) ``` ### Parameters #### Path Parameters - **path** (string) - Required - The path to the file to read. ### Response #### Success Response (Asset) - **name** (string) - The base name of the file. - **mime** (string) - The detected MIME type of the file. - **size** (number) - The size of the file in bytes. - **file** (Buffer) - The file content as a Buffer. ### Request Example ```typescript import {asset} from './src/virustotal.js'; const a = asset('./dist/myapp-linux.tar.gz'); console.log(a.name); console.log(a.mime); console.log(a.size); console.log(a.file); ``` ## `mimeOrDefault(filename)` — MIME Type Detection ### Description Detects the MIME type of a file based on its name. If the MIME type cannot be determined, it defaults to `application/octet-stream`. ### Method ```typescript mimeOrDefault(filename: string) ``` ### Parameters #### Path Parameters - **filename** (string) - Required - The name of the file. ### Response #### Success Response (string) - The detected MIME type of the file. ### Request Example ```typescript import {mimeOrDefault} from './src/virustotal.js'; mimeOrDefault('foo.tar.gz'); // "application/gzip" mimeOrDefault('foo.unknown'); // "application/octet-stream" ``` ``` -------------------------------- ### Download Release Asset with Retry Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Downloads a single release asset to a specified path. It automatically retries up to 10 times with a 2-second delay using `@octokit/plugin-retry`. An optional callback function can be provided to receive debug messages during retry attempts. ```typescript import * as path from 'path'; import * as github from '@actions/github'; import {getRelease, getReleaseAssets, downloadReleaseAsset} from './src/ghrelease.js'; import {asset} from './src/virustotal.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); const assets = await getReleaseAssets(octokit, release, ['\.exe$']); const dlPath = await downloadReleaseAsset( octokit, assets[0], path.join('/tmp', assets[0].name), (msg) => console.debug(msg) // retry callback ); // dlPath = "/tmp/myapp-win32.exe" const {name, size, mime} = asset(dlPath); console.log(name, size, mime); // "myapp-win32.exe" 4391936 "application/octet-stream" ``` -------------------------------- ### Scan GitHub Release Assets Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Scan assets of a published GitHub release by setting the action to trigger on `release: published` events. The `files` input acts as a list of regex patterns to match against asset filenames. The action downloads matching assets, uploads them to VirusTotal, and outputs analysis URLs. ```yaml name: released permissions: contents: read on: release: types: - published jobs: virustotal: runs-on: ubuntu-latest steps: - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} files: | \.exe$ \.tar\.gz$ # Matches all .exe and .tar.gz assets on the published release # Downloads each, uploads to VT, outputs analysis URLs ``` -------------------------------- ### Filter Release Assets by Regex Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Paginates through all assets of a GitHub release and filters them based on an array of regex patterns applied to asset filenames. Returns an array of ReleaseAsset objects, each containing an ID, name, and size. ```typescript import * as github from '@actions/github'; import {getRelease, getReleaseAssets} from './src/ghrelease.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); const assets = await getReleaseAssets(octokit, release, [ '\.exe$', // matches .exe files '\.tar\.gz$' // matches .tar.gz files ]); // e.g. [{id: 1, name: 'myapp-win32.exe', size: 4391936}, {id: 2, name: 'myapp-linux.tar.gz', size: 5242880}] ``` -------------------------------- ### Scan Release Assets on Publish Source: https://github.com/crazy-max/ghaction-virustotal/blob/master/README.md Scan assets of a published release. This workflow triggers on the 'published' release event and requires read permissions for contents. Ensure your VirusTotal API key is set as a secret. ```yaml name: released permissions: contents: read on: release: types: - published jobs: virustotal: runs-on: ubuntu-latest steps: - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} files: | .exe$ ``` -------------------------------- ### downloadReleaseAsset Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Downloads a single release asset to a specified path with automatic retries. It uses `octokit.rest.repos.getReleaseAsset` with `accept: application/octet-stream` and retries up to 10 times with a 2-second delay. ```APIDOC ## `downloadReleaseAsset(octokit, asset, downloadPath, retrycb?)` — Download Asset with Retry Downloads a single release asset to `downloadPath` as a binary file using `octokit.rest.repos.getReleaseAsset` with `accept: application/octet-stream`. Automatically retries up to 10 times (2-second delay) via `@octokit/plugin-retry`. An optional `retrycb` callback receives debug messages on each retry attempt. ### Parameters - **octokit** (*object*) - The authenticated GitHub Octokit client. - **asset** (*object*) - The release asset object to download. - **downloadPath** (*string*) - The local path where the asset will be downloaded. - **retrycb** (*function*, optional) - A callback function that receives debug messages on each retry attempt. ### Returns - (*string*) The final download path of the asset. ``` -------------------------------- ### getInputList() Utility Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Parses a GitHub Actions input string, supporting newline and comma delimiters, to return a clean array of strings. ```APIDOC ## `getInputList(name)` — Parse Newline/Comma-Delimited Inputs ### Description Parses a GitHub Actions input string that may use newlines, `\r\n`, or commas as delimiters. Returns a trimmed, filtered `string[]`. Used to parse the `files` input into individual patterns. ### Method ```typescript await context.getInputList(name: string) ``` ### Parameters #### Path Parameters - **name** (string) - Required - The name of the GitHub Actions input. ### Response #### Success Response (string[]) - An array of strings, where each string is a parsed input value. ### Request Example ```typescript import * as context from './src/context.js'; // Simulating the GitHub Actions environment variable format: process.env['INPUT_FILES'] = 'dist/myapp.exe\ndist/myapp.tar.gz,dist/myapp.deb'; const files = await context.getInputList('files'); // ['dist/myapp.exe', 'dist/myapp.tar.gz', 'dist/myapp.deb'] ``` ``` -------------------------------- ### Fetch GitHub Release by Tag Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Retrieves full release metadata for a specific tag using `octokit.rest.repos.getReleaseByTag`. Returns a Release object containing details like ID, tag name, name, body, and URLs. Throws an error if the tag is not found. ```typescript import * as github from '@actions/github'; import {getRelease} from './src/ghrelease.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); console.log(release.id); // e.g. 123456789 console.log(release.tag_name); // "v2.0.0" console.log(release.name); // "My App v2.0.0" console.log(release.body); // Release notes markdown string // Throws: "Cannot get release v2.0.0: HttpError: Not Found" if tag doesn't exist ``` -------------------------------- ### Rate Limiting with limiter Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Configures rate limiting for API requests when `request_rate` is set. This prevents exceeding the VirusTotal free-tier API limit of 4 requests per minute by using a token bucket limiter. ```APIDOC ## Rate Limiting with `limiter` When `request_rate > 0`, the action creates a `RateLimiter` from the `limiter` package (token bucket, per-minute interval) and calls `limiter.removeTokens(1)` before each VirusTotal API request. This prevents 429 errors from the free-tier API, which is capped at 4 requests/minute. ### Configuration Example ```yaml # Free-tier usage: cap at 4 requests/minute - name: VirusTotal Scan (free tier) uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} request_rate: 4 files: | ./dist/app-linux.tar.gz ./dist/app-windows.exe ./dist/app-darwin.tar.gz ./dist/app-arm64.tar.gz # With 4 files and request_rate=4, uploads are automatically throttled # to stay within the free-tier API limit of 4 requests/minute. ``` ### Parameters - **request_rate** (*integer*) - The maximum number of requests per minute allowed. If set to 0 or less, rate limiting is disabled. ``` -------------------------------- ### Read File Metadata with asset() Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Reads a file from disk and returns an Asset object containing its name, MIME type, size, and file content as a Buffer. This is used internally before uploads. Also includes standalone MIME detection. ```typescript import {asset, mimeOrDefault} from './src/virustotal.js'; const a = asset('./dist/myapp-linux.tar.gz'); console.log(a.name); // "myapp-linux.tar.gz" console.log(a.mime); // "application/gzip" console.log(a.size); // e.g. 5242880 (bytes) console.log(a.file); // // Standalone MIME detection: mimeOrDefault('foo.tar.gz'); // "application/gzip" mimeOrDefault('foo.unknown'); // "application/octet-stream" ``` -------------------------------- ### getRelease() Function Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Fetches detailed metadata for a specific GitHub release using its tag name via the Octokit client. ```APIDOC ## `getRelease(octokit, tag)` — Fetch GitHub Release by Tag ### Description Retrieves full release metadata for a given tag using `octokit.rest.repos.getReleaseByTag`. Returns a `Release` object with `id`, `tag_name`, `name`, `body`, `upload_url`, `html_url`, `draft`, and `prerelease` fields. ### Method ```typescript await getRelease(octokit: github.Octokit, tag: string) ``` ### Parameters #### Path Parameters - **octokit** (github.Octokit) - Required - An authenticated Octokit client instance. - **tag** (string) - Required - The tag name of the release to retrieve. ### Response #### Success Response (Release) - **id** (number) - The unique identifier of the release. - **tag_name** (string) - The tag name associated with the release. - **name** (string) - The name of the release. - **body** (string) - The release notes in markdown format. - **upload_url** (string) - The URL for uploading assets to the release. - **html_url** (string) - The URL to the release on GitHub. - **draft** (boolean) - Indicates if the release is a draft. - **prerelease** (boolean) - Indicates if the release is a prerelease. ### Request Example ```typescript import * as github from '@actions/github'; import {getRelease} from './src/ghrelease.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); console.log(release.id); console.log(release.tag_name); console.log(release.name); console.log(release.body); ``` ### Error Handling Throws an error if the release is not found, e.g., `"Cannot get release v2.0.0: HttpError: Not Found"`. ``` -------------------------------- ### Scan Files via VirusTotal Monitor Source: https://github.com/crazy-max/ghaction-virustotal/blob/master/README.md Scan assets using VirusTotal Monitor by setting `vt_monitor` to true and specifying a `monitor_path`. Requires your VirusTotal API key as a secret. ```yaml name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} vt_monitor: true monitor_path: /ghaction-virustotal files: | ./foo-win32.exe ./foo-win64.exe ``` -------------------------------- ### Update Release Body with Analysis Links Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Automatically append VirusTotal analysis links to the GitHub Release body when `update_release_body: true` is set and triggered by a release event. For releases with 5 or fewer assets, links are added inline; otherwise, they are placed within a collapsible `
` block. Requires `contents: write` permission. ```yaml name: released permissions: contents: read on: release: types: - published jobs: virustotal: runs-on: ubuntu-latest permissions: contents: write # required to patch the release body steps: - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} github_token: ${{ secrets.GITHUB_TOKEN }} update_release_body: true files: | \.exe$ # Appends to release body (≤5 assets, inline format): # 🛡 VirusTotal GitHub Action analysis: # * `myapp-win32.exe` https://www.virustotal.com/gui/file-analysis/.../detection # * `myapp-win64.exe` https://www.virustotal.com/gui/file-analysis/.../detection ``` -------------------------------- ### Scan Local Files with VirusTotal Source: https://github.com/crazy-max/ghaction-virustotal/blob/master/README.md Use this snippet to scan local files. Ensure your VirusTotal API key is set as a secret. ```yaml name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} files: | ./foo-win32.exe ./foo-win64.exe ``` -------------------------------- ### resolvePaths() Utility Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Expands an array of glob patterns into a flat, deduplicated list of file paths, excluding directories. ```APIDOC ## `resolvePaths(patterns)` — Glob Expansion ### Description Expands an array of glob patterns into a deduplicated flat list of matching file paths (directories are excluded). Wraps `glob.sync` from the `glob` package and filters with `fs.lstatSync(path).isFile()`. ### Method ```typescript resolvePaths(patterns: string[]) ``` ### Parameters #### Path Parameters - **patterns** (string[]) - Required - An array of glob patterns to expand. ### Response #### Success Response (string[]) - A deduplicated flat list of file paths matching the glob patterns. ### Request Example ```typescript import {resolvePaths} from './src/context.js'; const files = resolvePaths([ 'dist/**/*.exe', 'dist/**/*.tar.gz', 'dist/specific-file.deb' ]); // e.g. ['dist/myapp-win32.exe', 'dist/myapp-win64.exe', 'dist/myapp-linux.tar.gz', 'dist/specific-file.deb'] ``` ``` -------------------------------- ### Upload File to VirusTotal Monitor Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Uploads a file to the VirusTotal Monitor endpoint. The item path is constructed using the provided path and filename. Returns an UploadData object with a monitor-specific URL. Throws an error with the constructed monitor path if the upload fails. ```typescript import {VirusTotal} from './src/virustotal.js'; const vt = new VirusTotal(process.env.VT_MONITOR_API_KEY); try { const result = await vt.monitorItems('./dist/myapp.exe', '/releases/v2.0'); // item path sent to API: /releases/v2.0/myapp.exe console.log(result.id); // e.g. "ZmlsZTo0Mj..." console.log(result.url); // "https://www.virustotal.com/monitor/analyses/item:ZmlsZTo0Mj..." } catch (err) { // "Cannot send myapp.exe to VirusTotal Monitor at /releases/v2.0/myapp.exe: AxiosError: ..." console.error(err.message); } ``` -------------------------------- ### Scan Files with VirusTotal Monitor Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Use the VirusTotal Monitor endpoint for continuous monitoring of files, intended for software publishers. The `monitor_path` input specifies the folder within the user's monitor root. Files are uploaded to `/monitor/items` and result in a monitor analysis URL. ```yaml - name: VirusTotal Monitor Upload uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} vt_monitor: true monitor_path: /releases/myapp/v2.0 files: | ./dist/myapp-win32.exe ./dist/myapp-win64.exe request_rate: 4 # monitor_path resolves to: # /releases/myapp/v2.0/myapp-win32.exe # /releases/myapp/v2.0/myapp-win64.exe # Output URL pattern: https://www.virustotal.com/monitor/analyses/item: ``` -------------------------------- ### Rate Limiting for VirusTotal API (Free Tier) Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Configures the action to respect VirusTotal's free-tier API limit of 4 requests per minute. When `request_rate` is set to 4, the action automatically throttles uploads to stay within this limit, preventing 429 errors. ```yaml # Free-tier usage: cap at 4 requests/minute - name: VirusTotal Scan (free tier) uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} request_rate: 4 files: | ./dist/app-linux.tar.gz ./dist/app-windows.exe ./dist/app-darwin.tar.gz ./dist/app-arm64.tar.gz # With 4 files and request_rate=4, uploads are automatically throttled # to stay within the free-tier API limit of 4 requests/minute. ``` -------------------------------- ### Expand Glob Patterns with resolvePaths() Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Expands an array of glob patterns into a deduplicated list of matching file paths, excluding directories. It uses `glob.sync` and filters results to include only files. ```typescript import {resolvePaths} from './src/context.js'; const files = resolvePaths([ 'dist/**/*.exe', 'dist/**/*.tar.gz', 'dist/specific-file.deb' ]); // e.g. ['dist/myapp-win32.exe', 'dist/myapp-win64.exe', 'dist/myapp-linux.tar.gz', 'dist/specific-file.deb'] ``` -------------------------------- ### VirusTotal Class files(filename) Method Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt The `VirusTotal` class wraps the VirusTotal API v3. The `files(filename)` method reads a file, constructs a multipart request, and POSTs to `/files` for files under 32 MB or fetches a pre-signed upload URL for larger files. It returns an `UploadData` object containing the analysis ID and a URL to the detection page. ```typescript import {VirusTotal} from './src/virustotal.js'; const vt = new VirusTotal(process.env.VT_API_KEY); try { const result = await vt.files('./dist/myapp.exe'); console.log(result.id); // e.g. "NzE2YmYzNzk4..." console.log(result.url); // "https://www.virustotal.com/gui/file-analysis/NzE2YmYzNzk4.../detection" } catch (err) { console.error(err.message); // "Cannot send myapp.exe to VirusTotal: AxiosError: ..." } ``` -------------------------------- ### VirusTotal Class - monitorItems Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Uploads a file to the VirusTotal Monitor endpoint. It constructs the item path and returns an UploadData object with a monitor-specific URL. Errors include the constructed monitor path for debugging. ```APIDOC ## `VirusTotal` Class — `monitorItems(filename, path?)` ### Description Uploads a file to the VirusTotal Monitor endpoint at `/monitor/items`. The item path is built with `posix.join(path ?? '/', basename(filename))`. Returns an `UploadData` with a monitor-specific URL (`https://www.virustotal.com/monitor/analyses/item:`). Throws with the constructed monitor path included in the error message for debugging. ### Method ```typescript await vt.monitorItems(filename: string, path?: string) ``` ### Parameters #### Path Parameters - **filename** (string) - Required - The path to the file to upload. - **path** (string) - Optional - The base path to use for the item on VirusTotal. ### Request Example ```typescript import {VirusTotal} from './src/virustotal.js'; const vt = new VirusTotal(process.env.VT_MONITOR_API_KEY); try { const result = await vt.monitorItems('./dist/myapp.exe', '/releases/v2.0'); // item path sent to API: /releases/v2.0/myapp.exe console.log(result.id); console.log(result.url); } catch (err) { console.error(err.message); } ``` ### Response #### Success Response (UploadData) - **id** (string) - The unique identifier for the uploaded item. - **url** (string) - The URL to monitor the analysis of the uploaded item. #### Response Example ```json { "id": "ZmlsZTo0Mj...", "url": "https://www.virustotal.com/monitor/analyses/item:ZmlsZTo0Mj..." } ``` ### Error Handling Throws an error if the upload fails, including the constructed monitor path in the error message. ``` -------------------------------- ### Update Release Body with VirusTotal Links Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Updates the GitHub release notes by appending VirusTotal analysis links. This function calls `octokit.rest.repos.updateRelease` to persist the changes. The `release.body` string is mutated before calling this function. ```typescript import * as github from '@actions/github'; import {getRelease, updateReleaseBody} from './src/ghrelease.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); // Append analysis links to the body before updating release.body += '\n\n🛡 [VirusTotal GitHub Action](https://github.com/crazy-max/ghaction-virustotal) analysis:'; release.body += '\n * [`myapp.exe`](https://www.virustotal.com/gui/file-analysis/abc123/detection)'; const updated = await updateReleaseBody(octokit, release); console.log(updated.html_url); // GitHub release page URL with updated body // Throws: "Cannot update release body: HttpError: ..." on failure ``` -------------------------------- ### getReleaseAssets() Function Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Retrieves and filters assets from a GitHub release based on provided filename patterns. ```APIDOC ## `getReleaseAssets(octokit, release, patterns)` — Filter Release Assets by Regex ### Description Paginates through all assets for a release and filters them using an array of regex patterns matched against asset filenames. Returns `ReleaseAsset[]` with `id`, `name`, and `size`. ### Method ```typescript await getReleaseAssets(octokit: github.Octokit, release: Release, patterns: string[]) ``` ### Parameters #### Path Parameters - **octokit** (github.Octokit) - Required - An authenticated Octokit client instance. - **release** (Release) - Required - The release object obtained from `getRelease`. - **patterns** (string[]) - Required - An array of regex patterns to filter asset filenames. ### Response #### Success Response (ReleaseAsset[]) - An array of `ReleaseAsset` objects, each containing: - **id** (number) - The unique identifier of the asset. - **name** (string) - The name of the asset file. - **size** (number) - The size of the asset in bytes. ### Request Example ```typescript import * as github from '@actions/github'; import {getRelease, getReleaseAssets} from './src/ghrelease.js'; const octokit = github.getOctokit(process.env.GITHUB_TOKEN); const release = await getRelease(octokit, 'v2.0.0'); const assets = await getReleaseAssets(octokit, release, [ '\.exe$', // matches .exe files '\.tar\.gz$' // matches .tar.gz files ]); // e.g. [{id: 1, name: 'myapp-win32.exe', size: 4391936}, {id: 2, name: 'myapp-linux.tar.gz', size: 5242880}] ``` ``` -------------------------------- ### Parse GitHub Actions Inputs with getInputList() Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Parses a GitHub Actions input string, supporting newline, \r\n, or comma delimiters. Returns a trimmed and filtered array of strings. Useful for processing inputs like file lists. ```typescript import * as context from './src/context.js'; // Simulating the GitHub Actions environment variable format: process.env['INPUT_FILES'] = 'dist/myapp.exe\ndist/myapp.tar.gz,dist/myapp.deb'; const files = await context.getInputList('files'); // ['dist/myapp.exe', 'dist/myapp.tar.gz', 'dist/myapp.deb'] ``` -------------------------------- ### Access VirusTotal Analysis Results Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Access the `analysis` output from the VirusTotal scan step to retrieve a comma-separated string of file paths and their corresponding VirusTotal analysis URLs. This can be used in subsequent steps for reporting or conditional logic. ```yaml jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build run: make build # produces dist/myapp.exe - name: VirusTotal Scan id: vt uses: crazy-max/ghaction-virustotal@v5 with: vt_api_key: ${{ secrets.VT_API_KEY }} files: ./dist/myapp.exe - name: Print analysis results run: echo "${{ steps.vt.outputs.analysis }}" # Example output: # ./dist/myapp.exe=https://www.virustotal.com/gui/file-analysis/NzE2YmYzN.../detection ``` -------------------------------- ### updateReleaseBody Source: https://context7.com/crazy-max/ghaction-virustotal/llms.txt Updates the release notes (body) of a GitHub release. This function calls `octokit.rest.repos.updateRelease` to persist changes made to the `release.body` string. ```APIDOC ## `updateReleaseBody(octokit, release)` — Patch Release Notes with VT Links Calls `octokit.rest.repos.updateRelease` to persist the mutated `release.body` string back to GitHub. The caller (main.ts) appends VirusTotal analysis links to `release.body` before calling this function. The updated `Release` object is returned. ### Parameters - **octokit** (*object*) - The authenticated GitHub Octokit client. - **release** (*object*) - The release object whose body needs to be updated. It is expected that the `body` property of this object has already been modified. ### Returns - (*object*) The updated GitHub release object. ### Throws - (*Error*) An error if the release update fails, e.g., "Cannot update release body: HttpError: ..." ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.