Skip to content

release version 2.1.3 #140

release version 2.1.3

release version 2.1.3 #140

Workflow file for this run

name: Release desktop and docker
on:
push:
# only for version 2.x.x releases and release candidates
tags:
- v2.?.?*
workflow_dispatch:
env:
# threatdragon is the working area on docker hub so use this area
# owasp/threat-dragon is the final release area so DO NOT use that
IMAGE_NAME: threatdragon/owasp-threat-dragon
# for security reasons the github actions are pinned to specific release versions
jobs:
site_unit_tests:
name: Site unit tests
runs-on: ubuntu-22.04
defaults:
run:
working-directory: td.vue
steps:
- name: Checkout
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install
- name: lint
run: npm run lint
- name: Unit test
run: npm run test:unit
server_unit_tests:
name: Server unit tests
runs-on: ubuntu-22.04
defaults:
run:
working-directory: td.server
steps:
- name: Checkout
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install
- name: lint
run: npm run lint
- name: Unit test
run: npm run test:unit
desktop_unit_tests:
name: Desktop unit tests
runs-on: ubuntu-22.04
defaults:
run:
working-directory: td.vue
steps:
- name: Checkout
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install
- name: lint
run: npm run lint
- name: Unit test
run: npm run test:desktop
desktop_e2e_tests:
name: Desktop e2e tests
runs-on: windows-latest
needs: [desktop_unit_tests, site_unit_tests]
defaults:
run:
working-directory: td.vue
steps:
- name: Checkout
uses: actions/[email protected]
# ubuntu does not find this chrome driver
# so until this is fixed, use only windows-latest
- name: Setup Chrome
uses: browser-actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm install
- name: Build application
# test only so do not publish
run: npm run build:desktop -- --publish=never
# works for macos-latest running locally but pipeline times out
# so until this is fixed, use only windows-latest
- name: End to end tests
run: npm run test:e2e:desktop
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \;
desktop_windows:
name: Windows installer
runs-on: windows-latest
needs: [desktop_e2e_tests]
defaults:
run:
working-directory: td.vue
steps:
- name: Check out
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install clean packages
run: npm clean-install
# Build and publish Windows installer to github Release Draft
- name: Publish Windows executable
# follow Comodo signing instructions
# comodosslstore.com/resources/comodo-code-signing-certificate-instructions
env:
# Windows signing certificate and password
CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD}}
CSC_LINK: ${{ secrets.WINDOWS_CERT }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm run build:desktop -- --windows --publish always
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \;
desktop_macos:
name: MacOS installer
runs-on: macos-latest
needs: [desktop_e2e_tests]
defaults:
run:
working-directory: td.vue
steps:
- name: Check out
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install clean packages
run: npm clean-install
# Build and publish MacOS installer to github Release Draft
# the draft name uses version and is created if it does not already exist
- name: Prepare for MacOS notarization
# Import Apple API key for app notarization on macOS
# see github.com/samuelmeuli/action-electron-builder#notarization
run: |
mkdir -p ~/private_keys/
echo '${{ secrets.API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.API_KEY_ID }}.p8
- name: Publish MacOS disk image
env:
# MacOS signing certificate and password
# see github.com/samuelmeuli/action-electron-builder#code-signing
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTS_PASSWORD }}
CSC_LINK: ${{ secrets.MAC_CERTS }}
# MacOS notarization API IDs
# see github.com/samuelmeuli/action-electron-builder#notarization
API_KEY_ID: ${{ secrets.API_KEY_ID }}
API_KEY_ISSUER_ID: ${{ secrets.API_KEY_ISSUER_ID }}
# github token is automatically provided to the action
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm run build:desktop -- --mac --publish always
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print
desktop_linux:
name: Linux installers
runs-on: ubuntu-22.04
needs: [desktop_e2e_tests]
defaults:
run:
working-directory: td.vue
steps:
- name: Check out
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install clean packages
run: npm clean-install
# Build and publish Linux installers to github Release Draft
# for all linux images EXCEPT for the snap
# Snaps do not publish, even with snapcraft installed, so use Snap Store
- name: Publish Linux app images
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm run build:desktop -- --linux AppImage deb rpm --publish always
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print
desktop_linux_snap:
name: Linux snap
runs-on: ubuntu-22.04
needs: [desktop_e2e_tests]
defaults:
run:
working-directory: td.vue
steps:
- name: Check out
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install clean packages
run: npm clean-install
# Build the snap, but do not use inbuilt publish
# Snaps do not publish, even with snapcraft installed, so use Snap Store
- name: Build Linux snap
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm run build:desktop -- --linux snap
- name: Upload to Snap Store
shell: bash
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
run: |
sudo snap install snapcraft --classic
snapcraft upload --release=stable dist-desktop/threat-dragon*.snap
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print
dockerhub_release:
name: Publish to dockerhub
runs-on: ubuntu-22.04
needs: [server_unit_tests, site_unit_tests]
steps:
- name: Checkout
uses: actions/[email protected]
- name: Set up Docker Buildx
id: buildx
uses: docker/[email protected]
with:
install: true
- name: Setup dockerx cache
uses: actions/[email protected]
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push to Docker Hub
id: docker_build
uses: docker/[email protected]
with:
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: ${{ startsWith(github.ref, 'refs/tags/v') }}
tags: ${{ env.IMAGE_NAME }}:${{ github.ref_name }},${{ env.IMAGE_NAME }}:stable
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
webapp_release:
name: Publish web application
runs-on: ubuntu-22.04
needs: [desktop_macos, desktop_linux, desktop_windows]
steps:
- name: Check out
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install clean packages
run: npm clean-install
- name: Prepare SBOM generation
run: mkdir ./sboms
- name: Create XML site SBOM
uses: CycloneDX/[email protected]
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.xml'
- name: Create JSON site SBOM
uses: CycloneDX/[email protected]
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.json'
- name: Create XML server SBOM
uses: CycloneDX/[email protected]
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.xml'
- name: Create JSON server SBOM
uses: CycloneDX/[email protected]
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.json'
- name: Prepare release notes
run: |
releaseVersion=${{ github.ref_name }}
sed -e s/2.x.x/${releaseVersion:1}/g .release-note-template.md > ./release-notes.txt
tar -czvf threat-dragon-sboms.zip sboms
- name: Create release notes
uses: softprops/[email protected]
with:
draft: true
name: "${releaseVersion:1}"
append_body: true
body_path: ./release-notes.txt
generate_release_notes: true
files: |
threat-dragon-sboms.zip