release version 2.0.9 #136
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release desktop and docker | |
| on: | |
| push: | |
| # only for version 2.x.x releases and release candidates | |
| tags: | |
| - v2.?.?* | |
| workflow_dispatch: | |
| env: | |
| # threatdragon is the working area on docker hub so use this area | |
| # owasp/threat-dragon is the final release area so DO NOT use that | |
| IMAGE_NAME: threatdragon/owasp-threat-dragon | |
| # for security reasons the github actions are pinned to specific release versions | |
| jobs: | |
| site_unit_tests: | |
| name: Site unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| server_unit_tests: | |
| name: Server unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.server | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| desktop_unit_tests: | |
| name: Desktop unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:desktop | |
| desktop_e2e_tests: | |
| name: Desktop e2e tests | |
| runs-on: windows-latest | |
| needs: [desktop_unit_tests, site_unit_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.0 | |
| # ubuntu does not find this chrome driver | |
| # so until this is fixed, use only windows-latest | |
| - name: Setup Chrome | |
| uses: browser-actions/setup-chrome@v1.2.1 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm install | |
| - name: Build application | |
| # test only so do not publish | |
| run: npm run build:desktop -- --publish=never | |
| # works for macos-latest running locally but pipeline times out | |
| # so until this is fixed, use only windows-latest | |
| - name: End to end tests | |
| run: npm run test:e2e:desktop | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; | |
| desktop_windows: | |
| name: Windows installer | |
| runs-on: windows-latest | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish Windows installer to github Release Draft | |
| - name: Publish Windows executable | |
| # follow Comodo signing instructions | |
| # comodosslstore.com/resources/comodo-code-signing-certificate-instructions | |
| env: | |
| # Windows signing certificate and password | |
| CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD}} | |
| CSC_LINK: ${{ secrets.WINDOWS_CERT }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --windows --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; | |
| desktop_macos: | |
| name: MacOS installer | |
| runs-on: macos-latest | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish MacOS installer to github Release Draft | |
| # the draft name uses version and is created if it does not already exist | |
| - name: Prepare for MacOS notarization | |
| # Import Apple API key for app notarization on macOS | |
| # see github.com/samuelmeuli/action-electron-builder#notarization | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| echo '${{ secrets.API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.API_KEY_ID }}.p8 | |
| - name: Publish MacOS disk image | |
| env: | |
| # MacOS signing certificate and password | |
| # see github.com/samuelmeuli/action-electron-builder#code-signing | |
| CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTS_PASSWORD }} | |
| CSC_LINK: ${{ secrets.MAC_CERTS }} | |
| # MacOS notarization API IDs | |
| # see github.com/samuelmeuli/action-electron-builder#notarization | |
| API_KEY_ID: ${{ secrets.API_KEY_ID }} | |
| API_KEY_ISSUER_ID: ${{ secrets.API_KEY_ISSUER_ID }} | |
| # github token is automatically provided to the action | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --mac --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| desktop_linux: | |
| name: Linux installers | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish Linux installers to github Release Draft | |
| # for all linux images EXCEPT for the snap | |
| # Snaps do not publish, even with snapcraft installed, so use Snap Store | |
| - name: Publish Linux app images | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --linux AppImage deb rpm --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| desktop_linux_snap: | |
| name: Linux snap | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build the snap, but do not use inbuilt publish | |
| # Snaps do not publish, even with snapcraft installed, so use Snap Store | |
| - name: Build Linux snap | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --linux snap | |
| - name: Upload to Snap Store | |
| shell: bash | |
| env: | |
| SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| run: | | |
| sudo snap install snapcraft --classic | |
| snapcraft upload --release=stable dist-desktop/threat-dragon*.snap | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| dockerhub_release: | |
| name: Publish to dockerhub | |
| runs-on: ubuntu-22.04 | |
| needs: [server_unit_tests, site_unit_tests] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3.0.0 | |
| with: | |
| install: true | |
| - name: Setup dockerx cache | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3.0.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push to Docker Hub | |
| id: docker_build | |
| uses: docker/build-push-action@v5.0.0 | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| tags: ${{ env.IMAGE_NAME }}:${{ github.ref_name }},${{ env.IMAGE_NAME }}:stable | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| webapp_release: | |
| name: Publish web application | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_macos, desktop_linux, desktop_windows] | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4.1.0 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3.8.0 | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/cache@v3.3.0 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| - name: Prepare SBOM generation | |
| run: mkdir ./sboms | |
| - name: Create XML site SBOM | |
| uses: CycloneDX/gh-node-module-generatebom@v1.0.3 | |
| with: | |
| path: './td.vue/' | |
| output: './sboms/threat-dragon-site-bom.xml' | |
| - name: Create JSON site SBOM | |
| uses: CycloneDX/gh-node-module-generatebom@v1.0.3 | |
| with: | |
| path: './td.vue/' | |
| output: './sboms/threat-dragon-site-bom.json' | |
| - name: Create XML server SBOM | |
| uses: CycloneDX/gh-node-module-generatebom@v1.0.3 | |
| with: | |
| path: './td.server/' | |
| output: './sboms/threat-dragon-server-bom.xml' | |
| - name: Create JSON server SBOM | |
| uses: CycloneDX/gh-node-module-generatebom@v1.0.3 | |
| with: | |
| path: './td.server/' | |
| output: './sboms/threat-dragon-server-bom.json' | |
| - name: Prepare release notes | |
| run: | | |
| releaseVersion=${{ github.ref_name }} | |
| sed -e s/2.x.x/${releaseVersion:1}/g .release-note-template.md > ./release-notes.txt | |
| tar -czvf threat-dragon-sboms.zip sboms | |
| - name: Create release notes | |
| uses: softprops/action-gh-release@v0.1.15 | |
| with: | |
| draft: true | |
| name: "${releaseVersion:1}" | |
| append_body: true | |
| body_path: ./release-notes.txt | |
| generate_release_notes: true | |
| files: | | |
| threat-dragon-sboms.zip |