release version 2.2.0 #141
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release desktop and docker | |
| on: | |
| push: | |
| # only for version 2.x.x releases and release candidates | |
| tags: | |
| - v2.?.?* | |
| workflow_dispatch: | |
| env: | |
| # threatdragon is the working area on docker hub so use this area | |
| # owasp/threat-dragon is the final release area so DO NOT use that | |
| IMAGE_NAME: threatdragon/owasp-threat-dragon | |
| # for security reasons the github actions are pinned to specific release versions | |
| jobs: | |
| site_unit_tests: | |
| name: Site unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| server_unit_tests: | |
| name: Server unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.server | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:unit | |
| desktop_unit_tests: | |
| name: Desktop unit tests | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm clean-install | |
| - name: lint | |
| run: npm run lint | |
| - name: Unit test | |
| run: npm run test:desktop | |
| desktop_e2e_tests: | |
| name: Desktop e2e tests | |
| runs-on: windows-latest | |
| needs: [desktop_unit_tests, site_unit_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| # ubuntu does not find this chrome driver | |
| # so until this is fixed, use only windows-latest | |
| - name: Setup Chrome | |
| uses: browser-actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install packages | |
| run: npm install | |
| - name: Build application | |
| # test only so do not publish | |
| run: npm run build:desktop -- --publish=never | |
| # works for macos-latest running locally but pipeline times out | |
| # so until this is fixed, use only windows-latest | |
| - name: End to end tests | |
| run: npm run test:e2e:desktop | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; | |
| desktop_windows: | |
| name: Windows installer | |
| runs-on: windows-latest | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish Windows installer to github Release Draft | |
| - name: Publish Windows executable | |
| # follow Comodo signing instructions | |
| # comodosslstore.com/resources/comodo-code-signing-certificate-instructions | |
| env: | |
| # Windows signing certificate and password | |
| CSC_KEY_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD}} | |
| CSC_LINK: ${{ secrets.WINDOWS_CERT }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --windows --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; | |
| desktop_macos: | |
| name: MacOS installer | |
| runs-on: macos-latest | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish MacOS installer to github Release Draft | |
| # the draft name uses version and is created if it does not already exist | |
| - name: Prepare for MacOS notarization | |
| # Import Apple API key for app notarization on macOS | |
| # see github.com/samuelmeuli/action-electron-builder#notarization | |
| run: | | |
| mkdir -p ~/private_keys/ | |
| echo '${{ secrets.API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.API_KEY_ID }}.p8 | |
| - name: Publish MacOS disk image | |
| env: | |
| # MacOS signing certificate and password | |
| # see github.com/samuelmeuli/action-electron-builder#code-signing | |
| CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTS_PASSWORD }} | |
| CSC_LINK: ${{ secrets.MAC_CERTS }} | |
| # MacOS notarization API IDs | |
| # see github.com/samuelmeuli/action-electron-builder#notarization | |
| API_KEY_ID: ${{ secrets.API_KEY_ID }} | |
| API_KEY_ISSUER_ID: ${{ secrets.API_KEY_ISSUER_ID }} | |
| # github token is automatically provided to the action | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --mac --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| desktop_linux: | |
| name: Linux installers | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build and publish Linux installers to github Release Draft | |
| # for all linux images EXCEPT for the snap | |
| # Snaps do not publish, even with snapcraft installed, so use Snap Store | |
| - name: Publish Linux app images | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --linux AppImage deb rpm --publish always | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| desktop_linux_snap: | |
| name: Linux snap | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_e2e_tests] | |
| defaults: | |
| run: | |
| working-directory: td.vue | |
| steps: | |
| - name: Check out | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| # Build the snap, but do not use inbuilt publish | |
| # Snaps do not publish, even with snapcraft installed, so use Snap Store | |
| - name: Build Linux snap | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npm run build:desktop -- --linux snap | |
| - name: Upload to Snap Store | |
| shell: bash | |
| env: | |
| SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| run: | | |
| sudo snap install snapcraft --classic | |
| snapcraft upload --release=stable dist-desktop/threat-dragon*.snap | |
| - name: Print logs on error | |
| if: ${{ failure() }} | |
| run: find . -name "*.log" -exec cat '{}' \; -print | |
| dockerhub_release: | |
| name: Publish to dockerhub | |
| runs-on: ubuntu-22.04 | |
| needs: [server_unit_tests, site_unit_tests] | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/[email protected] | |
| with: | |
| install: true | |
| - name: Setup dockerx cache | |
| uses: actions/[email protected] | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Login to Docker Hub | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push to Docker Hub | |
| id: docker_build | |
| uses: docker/[email protected] | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| builder: ${{ steps.buildx.outputs.name }} | |
| push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| tags: ${{ env.IMAGE_NAME }}:${{ github.ref_name }},${{ env.IMAGE_NAME }}:stable | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| webapp_release: | |
| name: Publish web application | |
| runs-on: ubuntu-22.04 | |
| needs: [desktop_macos, desktop_linux, desktop_windows] | |
| steps: | |
| - name: Check out | |
| uses: actions/[email protected] | |
| - name: Use Node.js 18.x | |
| uses: actions/[email protected] | |
| with: | |
| node-version: '18' | |
| - name: Cache NPM dir | |
| uses: actions/[email protected] | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install clean packages | |
| run: npm clean-install | |
| - name: Prepare SBOM generation | |
| run: mkdir ./sboms | |
| - name: Create XML site SBOM | |
| uses: CycloneDX/[email protected] | |
| with: | |
| path: './td.vue/' | |
| output: './sboms/threat-dragon-site-bom.xml' | |
| - name: Create JSON site SBOM | |
| uses: CycloneDX/[email protected] | |
| with: | |
| path: './td.vue/' | |
| output: './sboms/threat-dragon-site-bom.json' | |
| - name: Create XML server SBOM | |
| uses: CycloneDX/[email protected] | |
| with: | |
| path: './td.server/' | |
| output: './sboms/threat-dragon-server-bom.xml' | |
| - name: Create JSON server SBOM | |
| uses: CycloneDX/[email protected] | |
| with: | |
| path: './td.server/' | |
| output: './sboms/threat-dragon-server-bom.json' | |
| - name: Prepare release notes | |
| run: | | |
| releaseVersion=${{ github.ref_name }} | |
| sed -e s/2.x.x/${releaseVersion:1}/g .release-note-template.md > ./release-notes.txt | |
| tar -czvf threat-dragon-sboms.zip sboms | |
| - name: Create release notes | |
| uses: softprops/[email protected] | |
| with: | |
| draft: true | |
| name: "${releaseVersion:1}" | |
| append_body: true | |
| body_path: ./release-notes.txt | |
| generate_release_notes: true | |
| files: | | |
| threat-dragon-sboms.zip |