AndyMik90 · AndyMik90 · Jan 13, 2026 · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -522,144 +522,6 @@ jobs:
           sha256sum ./* > checksums.sha256
           cat checksums.sha256
 
-      - name: Scan with VirusTotal
-        id: virustotal
-        continue-on-error: true
-        if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.dry_run != true) }}
-        env:
-          VT_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
-        run: |
-          if [ -z "$VT_API_KEY" ]; then
-            echo "::warning::VIRUSTOTAL_API_KEY not configured, skipping scan"
-            echo "vt_results=" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          echo "## VirusTotal Scan Results" > vt_results.md
-          echo "" >> vt_results.md
-
-          for file in release-assets/*.{exe,dmg,AppImage,deb,flatpak}; do
-            [ -f "$file" ] || continue
-            filename=$(basename "$file")
-            filesize=$(stat -c%s "$file" 2>/dev/null || stat -f%z "$file")
-            echo "Scanning $filename (${filesize} bytes)..."
-
-            # For files > 32MB, get a special upload URL first
-            if [ "$filesize" -gt 33554432 ]; then
-              echo "  Large file detected, requesting upload URL..."
-              upload_url_response=$(curl -s --request GET \
-                --url "https://www.virustotal.com/api/v3/files/upload_url" \
-                --header "x-apikey: $VT_API_KEY")
-
-              upload_url=$(echo "$upload_url_response" | jq -r '.data // empty')
-              if [ -z "$upload_url" ]; then
-                echo "::warning::Failed to get upload URL for large file $filename"
-                echo "Response: $upload_url_response"
-                echo "- $filename - ⚠️ Upload failed (large file)" >> vt_results.md
-                continue
-              fi
-              api_url="$upload_url"
-            else
-              api_url="https://www.virustotal.com/api/v3/files"
-            fi
-
-            # Upload file to VirusTotal
-            response=$(curl -s --request POST \
-              --url "$api_url" \
-              --header "x-apikey: $VT_API_KEY" \
-              --form "file=@$file")
-
-            # Check if response is valid JSON before parsing
-            if ! echo "$response" | jq -e . >/dev/null 2>&1; then
-              echo "::warning::VirusTotal returned invalid JSON for $filename"
-              echo "Response (first 500 chars): ${response:0:500}"
-              echo "- $filename - ⚠️ Scan failed (invalid response)" >> vt_results.md
-              continue
-            fi
-
-            # Check for API error response
-            error_code=$(echo "$response" | jq -r '.error.code // empty')
-            if [ -n "$error_code" ]; then
-              error_msg=$(echo "$response" | jq -r '.error.message // "Unknown error"')
-              echo "::warning::VirusTotal API error for $filename: $error_code - $error_msg"
-              echo "- $filename - ⚠️ Scan failed ($error_code)" >> vt_results.md
-              continue
-            fi
-
-            # Extract analysis ID
-            analysis_id=$(echo "$response" | jq -r '.data.id // empty')
-
-            if [ -z "$analysis_id" ]; then
-              echo "::warning::Failed to upload $filename to VirusTotal"
-              echo "Response: $response"
-              echo "- $filename - ⚠️ Upload failed" >> vt_results.md
-              continue
-            fi
-
-            echo "Uploaded $filename, analysis ID: $analysis_id"
-
-            # Wait for analysis to complete (max 5 minutes per file)
-            analysis=""
-            for i in {1..30}; do
-              sleep 10
-              analysis=$(curl -s --request GET \
-                --url "https://www.virustotal.com/api/v3/analyses/$analysis_id" \
-                --header "x-apikey: $VT_API_KEY")
-
-              # Validate JSON response
-              if ! echo "$analysis" | jq -e . >/dev/null 2>&1; then
-                echo "  Warning: Invalid JSON response on attempt $i, retrying..."
-                continue
-              fi
-
-              status=$(echo "$analysis" | jq -r '.data.attributes.status // "unknown"')
-              echo "  Status: $status (attempt $i/30)"
-
-              if [ "$status" = "completed" ]; then
-                break
-              fi
-            done
-
-            # Final validation that we have valid analysis data
-            if ! echo "$analysis" | jq -e '.data.attributes.stats' >/dev/null 2>&1; then
-              echo "::warning::Could not get complete analysis for $filename, using local hash"
-              file_hash=$(sha256sum "$file" | cut -d' ' -f1)
-              echo "- [$filename](https://www.virustotal.com/gui/file/$file_hash) - ⚠️ Analysis incomplete" >> vt_results.md
-              continue
-            fi
-
-            # Get file hash for permanent URL
-            file_hash=$(echo "$analysis" | jq -r '.meta.file_info.sha256 // empty')
-
-            if [ -z "$file_hash" ]; then
-              # Fallback: calculate hash locally
-              file_hash=$(sha256sum "$file" | cut -d' ' -f1)
-            fi
-
-            # Get detection stats
-            malicious=$(echo "$analysis" | jq -r '.data.attributes.stats.malicious // 0')
-            suspicious=$(echo "$analysis" | jq -r '.data.attributes.stats.suspicious // 0')
-            undetected=$(echo "$analysis" | jq -r '.data.attributes.stats.undetected // 0')
-
-            vt_url="https://www.virustotal.com/gui/file/$file_hash"
-
-            if [ "$malicious" -gt 0 ] || [ "$suspicious" -gt 0 ]; then
-              echo "::warning::$filename has $malicious malicious and $suspicious suspicious detections (likely false positives)"
-              echo "- [$filename]($vt_url) - ⚠️ **$malicious malicious, $suspicious suspicious** detections (review recommended)" >> vt_results.md
-            else
-              echo "$filename is clean ($undetected engines, 0 detections)"
-              echo "- [$filename]($vt_url) - ✅ Clean ($undetected engines, 0 detections)" >> vt_results.md
-            fi
-          done
-
-          echo "" >> vt_results.md
-
-          # Save results for release notes
-          cat vt_results.md
-          echo "vt_results<<EOF" >> $GITHUB_OUTPUT
-          cat vt_results.md >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
       - name: Dry run summary
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run == true }}
         run: |
@@ -741,9 +603,9 @@ jobs:
 
             ---
 
-            ${{ steps.virustotal.outputs.vt_results }}
-
             **Full Changelog**: https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md
+
+            _VirusTotal scan results will be added automatically after release._
           files: release-assets/*
           draft: false
           prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }}

diff --git a/.github/workflows/test-azure-auth.yml b/.github/workflows/test-azure-auth.yml
@@ -0,0 +1,21 @@
+name: Test Azure Auth
+
+on:
+  workflow_dispatch:
+
+jobs:
+  test-auth:
+    runs-on: windows-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Azure Login (OIDC)
+        uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Success
+        run: echo "Azure authentication successful!"