Wildcards Don't Actually Work

[simeononsecurity]

I've tried multiple ways, including the exampled methods to no avail. It doesn't work.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            *.html
            *.ps1

Also have tried

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .html$
            .ps1$

As well as

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .*\.html$
            .*\.ps1$

Also tried passing it in using a var or text file.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Find Files
        id: find_files
        run: |
          files_to_scan=$(find . -type f \( -name "*.html" -o -name "*.ps1" \))
          files_to_scan=$(echo "$files_to_scan" | sed 's,^\./,$GITHUB_WORKSPACE/,g')
          echo "FILES_TO_SCAN=$files_to_scan" >> $GITHUB_ENV

      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ${{ env.FILES_TO_SCAN }}

[LukeSavefrogs]

I have the opposite problem @crazy-max 😁

The following will not work as expected (.exe$ is taken from the README) and instead show the No files were found. Please check the 'files' input. warning:

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: ls -l *.exe
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          vt_api_key: ${{ secrets.VIRUSTOTAL_TOKEN }}
          files: |
            .exe$

The following instead will correctly upload the .exe file to VirusTotal as expected:

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - run: ls -l *.exe
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          vt_api_key: ${{ secrets.VIRUSTOTAL_TOKEN }}
          files: |
            *.exe

In conclusion glob patterns seem to work, while regex don't (?), event hough the documentation clearly suggests to use regexes.