Skip to content

Commit

Permalink
release 1.4.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgadsden
jgadsden authored May 5, 2021
1 parent 9cba7fc commit 990f27b
Show file tree
Hide file tree
Showing 8 changed files with 182 additions and 202 deletions.
169 changes: 1 addition & 168 deletions dev-notes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,172 +232,5 @@ git fetch original
Apply the changes with `git merge original/main` or `git rebase --no-ff original/main` .
When happy with _everything_ then `git push --force` to update your repo

## Create New Releases

#### TD Core release

1. create branch `release-ready` in [core repo](https://github.com/OWASP/threat-dragon-core)
1. `git clone git@github.com:OWASP/threat-dragon-core.git -b release-ready`
1. `cd threat-dragon-core`
1. update `package.json` version declaration to, eg `"version": "1.3.1",`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [core repo](https://github.com/OWASP/threat-dragon-core) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon-core.git`
1. `cd threat-dragon-core`
1. `git tag v1.3.1`
1. `git push origin v1.3.1`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. login to npm `npm login` using username, password and email address
1. update package on [npmjs registry](https://www.npmjs.com/) with `npm publish`
1. check that [owasp-threat-dragon-core](https://www.npmjs.com/package/owasp-threat-dragon-core) is at correct version

It is good to keep Mike Goodwin's area up to date with releases from the OWASP area. For example with version 1.3.1:
1. Create branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon-core.git
1. `git clone git@github.com:mike-goodwin/owasp-threat-dragon-core.git -b version-1.3.1`
1. `cd owasp-threat-dragon-core/`
1. `git remote add upstream https://github.com/owasp/threat-dragon-core`
1. `git fetch upstream`
1. `git rebase upstream/main`
1. `git status`
1. `git push`
1. create pull request from branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon-core.git

#### Webapp release

1. create branch `release-ready` in [webapp repo](https://github.com/OWASP/threat-dragon)
1. `git clone git@github.com:OWASP/threat-dragon.git -b release-ready`
1. `cd threat-dragon`
1. ensure `package.json` specifies the latest version of core package, eg `"owasp-threat-dragon-core": "1.3.1",`
1. update `package.json` version declaration to, eg `"version": "1.3.1",`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [webapp repo](https://github.com/OWASP/threat-dragon) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon.git`
1. `cd threat-dragon`
1. `git tag v1.3.1`
1. `git push origin v1.3.1`

Test the release as in 'Install and run web application' above, ideally on all of Windows, linux and MacOS.
In general if it works on one platform then it will work on the others, so one platform may be sufficient

Keep Mike Goodwin's area up to date with this release from the OWASP area. For example with version 1.3.1:
1. Create branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon.git
1. `git clone git@github.com:mike-goodwin/owasp-threat-dragon.git -b version-1.3.1`
1. `cd owasp-threat-dragon/`
1. `git remote add upstream https://github.com/owasp/threat-dragon`
1. `git fetch upstream`
1. `git rebase upstream/main`
1. `git status`
1. `git push`
1. create pull request from branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon.git

#### Tag the desktop release

1. create branch `release-ready` in [desktop repo](https://github.com/OWASP/threat-dragon-desktop)
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git -b release-ready`
1. `cd threat-dragon-desktop`
1. ensure `package.json` specifies the latest version of core package, eg `"owasp-threat-dragon-core": "1.3.1",`
1. update `package.json` version declaration to, eg `"version": "1.3.1",`
1. `npm install`
1. `npm run pretest`
1. `npm run build-content`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [desktop repo](https://github.com/OWASP/threat-dragon-desktop) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `git tag v1.3.1`
1. `git push origin v1.3.1`

#### Windows installer for TD desktop
Create windows .exe and test it on a windows box
1. `git clone https://github.com/OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-win`
1. make sure the installer works, navigate to `.exe` and run
1. obtain SHA256 of .exe file using `shasum -a256`

#### MacOS installer for TD desktop
Create MacOS .deb installer and test it on a mac
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-osx`
1. make sure the installer works, navigate to .dmg and run
1. obtain SHA256 of .dmg file using `shasum -a256`

#### Linux installers for TD desktop
Create linux .rpm, .deb .snap, AppImage and test them on a linux box
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-lin`
1. make sure the installers work, navigate to .deb or .rpm package and test
1. test the Snap .snap and AppImage files
1. obtain SHA256 of .deb, .rpm, .snap and .AppImage files using `shasum -a256`

#### TD desktop release

1. tag the desktop release, see above
1. create the windows installer as above
1. create the linux installers as above
1. create the MacOS installer as above
1. create the release in [OWASP desktop repo](https://github.com/OWASP/threat-dragon-desktop) using tag v1.3.1
1. add the release notes to this release
1. attach installer files to this release
1. list SHA256 for each installer file: .exe, .dmg, .deb, .rpm, .snap and .AppImage

Keep Mike Goodwin's area up to date with this release from the OWASP area. For example with version 1.3.1:
1. Create branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon-desktop.git
1. `git clone git@github.com:mike-goodwin/owasp-threat-dragon-desktop.git -b version-1.3.1`
1. `cd owasp-threat-dragon-desktop/`
1. `git remote add upstream https://github.com/owasp/threat-dragon-desktop`
1. `git fetch upstream`
1. `git rebase upstream/main`
1. `git status`
1. `git push`
1. create pull request from branch `version-1.3.1` on https://github.com/mike-goodwin/owasp-threat-dragon-desktop.git

#### Adding new config / env variables
All env vars should be read from [(td.server/src/env/Env.js).get()](td.server/src/env/Env.js), as not all environment variables will always be able to be put on `process.env`.
`Env` is a class that is meant to be extended by sub-configuration files. See [Github.js](td.server/src/env/Env.js) for an example.

Required properties:
* `name`: when calling super in the constructor
* `get prefix()`: Think of this like namespacing the configuration, `GITHUB_` for example
* `get properties()`: An array describing the expected configuration, for example: `[ { key: 'CLIENT_ID', required: true }]`

You can add to existing configurations, or create a new one.
If creating a new configuration by extending the Env class, you also need to update [env.config.js](td.server/src/config/env.config.js) with the following:
```
import MyConfig from '../env/MyConfig.js`;
...
const myConfig = new MyConfig();
env.get().addProvider(myConfig);
```

_Threat Dragon: making threat models more dragony_

159 changes: 159 additions & 0 deletions dev-releases.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
# Developer notes for [OWASP](https://www.owasp.org) [Threat Dragon](https://owasp.org/www-project-threat-dragon/) release process

## Create New Releases

This is a collection of recipes used during the release process

### TD Core release
1. create branch `release-ready` in [core repo](https://github.com/OWASP/threat-dragon-core)
1. `git clone git@github.com:OWASP/threat-dragon-core.git -b release-ready`
1. `cd threat-dragon-core`
1. update `package.json` version declaration to, eg `"version": "1.4.0",`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [core repo](https://github.com/OWASP/threat-dragon-core) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon-core.git`
1. `cd threat-dragon-core`
1. `git tag v1.4.0`
1. `git push origin v1.4.0`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. login to npm `npm login` using username, password and email address
1. update package on [npmjs registry](https://www.npmjs.com/) with `npm publish`
1. check that [owasp-threat-dragon-core](https://www.npmjs.com/package/owasp-threat-dragon-core) is at correct version

It is good to keep Mike Goodwin's area up to date with releases from the OWASP area. For example with version 1.4.0:
1. Create branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon-core.git
1. git clone git@github.com:mike-goodwin/owasp-threat-dragon-core.git -b version-1.4.0
1. cd owasp-threat-dragon-core/
1. git remote add upstream https://github.com/owasp/threat-dragon-core.git
1. git fetch upstream
1. git rebase upstream/main
1. git status
1. git push
1. create pull request from branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon-core.git

### Web app release
1. create branch `release-ready` in [webapp repo](https://github.com/OWASP/threat-dragon)
1. `git clone git@github.com:OWASP/threat-dragon.git -b release-ready`
1. `cd threat-dragon`
1. ensure `package.json` specifies the latest version of core package, eg `"owasp-threat-dragon-core": "1.4.0",`
1. update version declaration eg `"version": "1.4.0",` in `package.json`, `td.site/package.json` and `td.server/package.json`
1. `npm install`
1. `npm run pretest`
1. `npm run build`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [webapp repo](https://github.com/OWASP/threat-dragon) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon.git`
1. `cd threat-dragon`
1. `git tag v1.4.0`
1. `git push origin v1.4.0`

### Publish docker image
1. `docker build -t owasp-threat-dragon:v1.4.0 .`
1. `docker tag owasp-threat-dragon:v1.4.0 threatdragon/owasp-threat-dragon:v1.4.0`
1. `docker images`
1. `docker login` using docker credentials
1. `docker push threatdragon/owasp-threat-dragon:v1.4.0`
1. check using `docker pull threatdragon/owasp-threat-dragon:v1.4.0`

Test the release as in 'Install and run web application' above, ideally on all of Windows, linux and MacOS.
In general if it works on one platform then it will work on the others, so one platform may be sufficient

Keep Mike Goodwin's area up to date with this release from the OWASP area. For example with version 1.4.0:
1. Create branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon.git
1. git clone git@github.com:mike-goodwin/owasp-threat-dragon.git -b version-1.4.0
1. cd owasp-threat-dragon/
1. git remote add upstream https://github.com/owasp/threat-dragon.git
1. git fetch upstream
1. git rebase upstream/main
1. git status
1. git push
1. create pull request from branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon.git

### Tag the desktop release
1. create branch `release-ready` in [desktop repo](https://github.com/OWASP/threat-dragon-desktop)
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git -b release-ready`
1. `cd threat-dragon-desktop`
1. ensure `package.json` specifies the latest version of core package, eg `"owasp-threat-dragon-core": "1.4.0",`
1. update `package.json` version declaration to, eg `"version": "1.4.0",`
1. `npm install`
1. `npm run pretest`
1. `npm run build-content`
1. `npm test`
1. `git commit -a -m"<some release message>"`
1. `git push`
1. merge branch in [desktop repo](https://github.com/OWASP/threat-dragon-desktop) and then checkout master:
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `git tag v1.4.0`
1. `git push origin v1.4.0`

### Windows installer for TD desktop
Create windows .exe and test it on a windows box
1. `git clone https://github.com/OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-win`
1. make sure the installer works, navigate to `.exe` and run
1. obtain SHA256 of .exe file using `shasum -a256`

### MacOS installer for TD desktop
Create MacOS .deb installer and test it on a mac
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-osx`
1. make sure the installer works, navigate to .dmg and run
1. obtain SHA256 of .dmg file using `shasum -a256`

### Linux installers for TD desktop
Create linux .rpm, .deb .snap, AppImage and test them on a linux box
1. `git clone git@github.com:OWASP/threat-dragon-desktop.git`
1. `cd threat-dragon-desktop`
1. `npm install`
1. make sure `node-modules/owasp-threat-dragon-core/package.json` is at correct version
1. `npm run pretest`
1. `npm test`
1. `npm run build-lin`
1. make sure the installers work, navigate to .deb or .rpm package and test
1. test the Snap .snap and AppImage files
1. obtain SHA256 of .deb, .rpm, .snap and .AppImage files using `shasum -a256`

### TD desktop release
1. tag the desktop release, see above
1. create the windows installer as above
1. create the linux installers as above
1. create the MacOS installer as above
1. create the release in [OWASP desktop repo](https://github.com/OWASP/threat-dragon-desktop) using tag v1.4.0
1. add the release notes to this release
1. attach installer files to this release
1. list SHA256 for each installer file: .exe, .dmg, .deb, .rpm, .snap and .AppImage

Keep Mike Goodwin's area up to date with this release from the OWASP area. For example with version 1.4.0:
1. Create branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon-desktop.git
1. git clone git@github.com:mike-goodwin/owasp-threat-dragon-desktop.git -b version-1.4.0
1. cd owasp-threat-dragon-desktop/
1. git remote add upstream https://github.com/owasp/threat-dragon-desktop.git
1. git fetch upstream
1. git rebase upstream/main
1. git status
1. git push
1. create pull request from branch `version-1.4.0` on https://github.com/mike-goodwin/owasp-threat-dragon-desktop.git

_Threat Dragon: making threat models more dragony_

4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "owasp-threat-dragon",
"version": "1.3.1",
"version": "1.4.0",
"private": false,
"scripts": {
"start": "npm-run-all build start:server",
Expand All @@ -19,7 +19,7 @@
"build:server": "cd td.server && npm run build",
"codecov": "./node_modules/.bin/codecov"
},
"description": "OWASP Threat Dragon - a free, open source threat modelling tool",
"description": "OWASP Threat Dragon - a free, open source threat modeling tool",
"author": {
"name": "mike.goodwin",
"email": "mike.goodwin@owasp.org"
Expand Down
4 changes: 2 additions & 2 deletions td.server/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions td.server/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "owasp-threat-dragon-server",
"version": "1.3.1",
"version": "1.4.0",
"private": false,
"scripts": {
"start": "echo 'Please run the start command from the root of this repository' && exit 1",
Expand All @@ -12,7 +12,7 @@
"lint": "eslint src --fix",
"build": "npm-run-all clean transpile"
},
"description": "OWASP Threat Dragon - a free, open source threat modelling tool",
"description": "OWASP Threat Dragon - a free, open source threat modeling tool",
"author": {
"name": "mike.goodwin",
"email": "mike.goodwin@owasp.org"
Expand Down
Loading

0 comments on commit 990f27b

Please sign in to comment.