yara-assemble.yml

# This workflow assembles all Yara rules into a single file

name: Assemble Yara

on:
  push:
    branches:
      - master

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      # Checks-out the repository under $GITHUB_WORKSPACE
      - name: Check-out the repository
        uses: actions/checkout@v2

      # Assemble all *.yar files (except those requiring external variables)
      - name: Assemble all Yara files
        run: "for f in $GITHUB_WORKSPACE/yara/*.yar; do if [[ (\"${f##*/}\" != \"generic_anomalies.yar\") && (\"${f##*/}\" != \"general_cloaking.yar\") && (\"${f##*/}\" != \"gen_webshells_ext_vars.yar\") && (\"${f##*/}\" != \"thor_inverse_matches.yar\") && (\"${f##*/}\" != \"yara_mixed_ext_vars.yar\") && (\"${f##*/}\" != \"configured_vulns_ext_vars.yar\") && (\"${f##*/}\" != \"gen_fake_amsi_dll.yar\") && (\"${f##*/}\" != \"expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar\") && (\"${f##*/}\" != \"yara-rules_vuln_drivers_strict_renamed.yar\") ]]; then cat $f >> signature-base.yar; fi;done"

      # Upload the assembled Yara artifact
      - name: Upload the resulting Yara artifact
        uses: actions/upload-artifact@v2
        with:
          name: signature-base.yar
          path: signature-base.yar