set latest build version

OWASP · Dec 7, 2024 · 846583b · 846583b
1 parent eab6bac
commit 846583b
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 55 deletions.
diff --git a/release-process.md b/release-process.md
@@ -10,19 +10,19 @@ For example if RC1, but change for RC2 and so on :
 
 1. `git clone [email protected]:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version, for example `"version": "2.3.0-RC1",`, in `td.vue/package.json`
+3. update version, for example `"version": "2.3.1-RC1",`, in `td.vue/package.json`
 4. ensure `buildState` in `td.vue/package.json` is "" (empty)
-5. update version, for example `"version": "2.3.0-RC1",`, in `package.json` and `td.server/package.json`
+5. update version, for example `"version": "2.3.1-RC1",`, in `package.json` and `td.server/package.json`
 6. update package lock files: `npm install`
 7. `npm run build`
 8. `npm test`
 9. `npm run test:vue`
 10. ensure that the package-lock files are up to date using `npm install`
 11. `git add --all; git status`
-12. `git commit -m"release candidate 2.3.0-RC1"`
+12. `git commit -m"release candidate 2.3.1-RC1"`
 13. `git push`
-14. tag the release `git tag v2.3.0-RC1`
-15. `git push origin v2.3.0-RC1`
+14. tag the release `git tag v2.3.1-RC1`
+15. `git push origin v2.3.1-RC1`
 
 repeat as necessary for further release candidates.
 
@@ -37,18 +37,18 @@ After the releases candidate has been agreed by the Threat Dragon community, a r
 
 1. `git clone [email protected]:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version eg `"version": "2.3.0",`, in `package.json`, `td.vue/package.json` and `td.server/package.json`
+3. update version eg `"version": "2.3.1",`, in `package.json`, `td.vue/package.json` and `td.server/package.json`
 4. update `buildState` in `td.vue/package.json` away from `-latest` to "" (empty)
 5. update package lock files: `npm install`
 6. `npm run build`
 7. `npm test`
 8. `npm run test:vue`
 9. ensure that the package-lock files are up to date using `npm install`
 10. `git add --all; git status`
-11. `git commit -m"release version 2.3.0"`
+11. `git commit -m"release version 2.3.1"`
 12. `git push`
-13. tag the release `git tag v2.3.0`
-14. `git push origin v2.3.0`
+13. tag the release `git tag v2.3.1`
+14. `git push origin v2.3.1`
 
 The github release workflow then creates the draft release and the install images
 
@@ -57,29 +57,29 @@ The github release workflow then creates the draft release and the install image
 Ensure the tag now exists on the [Threat Dragon Docker hub]tddock].
 
 1. once tagged, the github workflow pushes the docker image to docker hub
-2. pull image for an X86 platform using `docker pull threatdragon/owasp-threat-dragon:v2.3.0`
-3. pull image for an ARM platform using `docker pull threatdragon/owasp-threat-dragon:v2.3.0-arm64`
+2. pull image for an X86 platform using `docker pull threatdragon/owasp-threat-dragon:v2.3.1`
+3. pull image for an ARM platform using `docker pull threatdragon/owasp-threat-dragon:v2.3.1-arm64`
 4. Test using the command to run a detached container:
-    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.3.0`
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.3.1`
 5. Test the ARM container as well:
-    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.3.0-arm64`
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.3.1-arm64`
 6. Ideally test these releases on Windows, linux and MacOS using `http://localhost:8080/#/`
 
 If the image tests correctly, promote the docker image from dockerhub `threatdragon/`
-to dockerhub `OWASP/threat-dragon/v2.3.0` and `OWASP/threat-dragon/v2.3.0-arm64`.
+to dockerhub `OWASP/threat-dragon/v2.3.1` and `OWASP/threat-dragon/v2.3.1-arm64`.
 
 There is _no going back_ on these steps, so they are deliberately left as manual tasks:
 
 ```text
-docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.3.0
-docker tag threatdragon/owasp-threat-dragon:v2.3.0 owasp/threat-dragon:v2.3.0
-docker push owasp/threat-dragon:v2.3.0
-docker pull owasp/threat-dragon:v2.3.0
-docker tag owasp/threat-dragon:v2.3.0 owasp/threat-dragon:stable
+docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.3.1
+docker tag threatdragon/owasp-threat-dragon:v2.3.1 owasp/threat-dragon:v2.3.1
+docker push owasp/threat-dragon:v2.3.1
+docker pull owasp/threat-dragon:v2.3.1
+docker tag owasp/threat-dragon:v2.3.1 owasp/threat-dragon:stable
 docker push owasp/threat-dragon:stable
-docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.3.0-arm64
-docker tag threatdragon/owasp-threat-dragon:v2.3.0-arm64 owasp/threat-dragon:v2.3.0-arm64
-docker push owasp/threat-dragon:v2.3.0-arm64
+docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.3.1-arm64
+docker tag threatdragon/owasp-threat-dragon:v2.3.1-arm64 owasp/threat-dragon:v2.3.1-arm64
+docker push owasp/threat-dragon:v2.3.1-arm64
 ```
 
 ensure the tag now exists within the [OWASP Docker hub][owaspdock].
@@ -100,7 +100,7 @@ Create SHA512 `checksum-linux.yml` file:
  ```text
 grep sha512 latest-linux.yml | tail -n 1 | cut -d ":" -f 2 | base64 -d |  \
     hexdump -ve '1/1 "%.2x"' > checksum-linux.yml
-echo -n " Threat-Dragon-ng-2.3.0.AppImage" >> checksum-linux.yml
+echo -n " Threat-Dragon-ng-2.3.1.AppImage" >> checksum-linux.yml
 ```
 
 Check correct using: `cat checksum-linux.yml | sha512sum --check`
@@ -127,46 +127,46 @@ The secrets for both signing and notarization can be checked by running it manua
 - provide the [code signing certs for MacOS][certs]
 - Download both x86 and arm64 files for the MacOS installer (`*.dmg` and `*.zip`)
 - ensure that the apple developer [environment is set up][notarize]
-- notarize and staple the `.dmg` file, for example with arm64 version 2.3.0:
+- notarize and staple the `.dmg` file, for example with arm64 version 2.3.1:
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.3.0-arm64.dmg`
-  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.3.0-arm64.dmg`
-- similarly for the x86 image `Threat-Dragon-ng-2.3.0.dmg`
-- notarize the application in the`.zip` file, for example with arm64 version 2.3.0:
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.3.1-arm64.dmg`
+  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.3.1-arm64.dmg`
+- similarly for the x86 image `Threat-Dragon-ng-2.3.1.dmg`
+- notarize the application in the`.zip` file, for example with arm64 version 2.3.1:
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.3.0-arm64-mac.zip`
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.3.1-arm64-mac.zip`
   - unzip the file to obtainn the application directory `Threat-Dragon-ng.app`
   - check notarization worked with: `spctl -a -v Threat-Dragon-ng.app`
   - staple the applications with: `xcrun stapler staple --verbose Threat-Dragon-ng.app`
   - zip the application directory to get `Threat-Dragon-ng.zip`
-  - rename `Threat-Dragon-ng.zip` to `Threat-Dragon-ng-2.3.0-arm64-mac.zip`
-- similarly for the x86 application `Threat-Dragon-ng-2.3.0-mac.zip`
+  - rename `Threat-Dragon-ng.zip` to `Threat-Dragon-ng-2.3.1-arm64-mac.zip`
+- similarly for the x86 application `Threat-Dragon-ng-2.3.1-mac.zip`
 
 Fix up the checksums in `latest-mac.yml` values using script:
 
 ```text
-echo -n "  - url: Threat-Dragon-ng-2.3.0-mac.zip\n    sha512: "
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.0-mac.zip | openssl base64 -A
+echo -n "  - url: Threat-Dragon-ng-2.3.1-mac.zip\n    sha512: "
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.1-mac.zip | openssl base64 -A
 echo -n "\n    size: "
-ls -l Threat-Dragon-ng-2.3.0-mac.zip | cut -d " " -f 7
-echo -n "\n  - url: Threat-Dragon-ng-2.3.0-arm64-mac.zip\n    sha512: "
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.0-arm64-mac.zip | openssl base64 -A
+ls -l Threat-Dragon-ng-2.3.1-mac.zip | cut -d " " -f 7
+echo -n "\n  - url: Threat-Dragon-ng-2.3.1-arm64-mac.zip\n    sha512: "
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.1-arm64-mac.zip | openssl base64 -A
 echo -n "\n    size: "
-ls -l Threat-Dragon-ng-2.3.0-arm64-mac.zip | cut -d " " -f 7
-echo -n "\n  - url: Threat-Dragon-ng-2.3.0.dmg\n    sha512: "
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.0.dmg | openssl base64 -A
+ls -l Threat-Dragon-ng-2.3.1-arm64-mac.zip | cut -d " " -f 7
+echo -n "\n  - url: Threat-Dragon-ng-2.3.1.dmg\n    sha512: "
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.1.dmg | openssl base64 -A
 echo -n "\n    size: "
-ls -l Threat-Dragon-ng-2.3.0.dmg | cut -d " " -f 7
-echo -n "\n  - url: Threat-Dragon-ng-2.3.0-arm64.dmg\n    sha512: "
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.0-arm64.dmg | openssl base64 -A
+ls -l Threat-Dragon-ng-2.3.1.dmg | cut -d " " -f 7
+echo -n "\n  - url: Threat-Dragon-ng-2.3.1-arm64.dmg\n    sha512: "
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.3.1-arm64.dmg | openssl base64 -A
 echo -n "\n    size: "
-ls -l Threat-Dragon-ng-2.3.0-arm64.dmg | cut -d " " -f 7
+ls -l Threat-Dragon-ng-2.3.1-arm64.dmg | cut -d " " -f 7
 ```
 
 Create the checksum files:
 
-- `sha512sum Threat-Dragon-ng-2.3.0.dmg > checksum-mac.yml`
-- `sha512sum Threat-Dragon-ng-2.3.0-arm64.dmg > checksum-mac-arm64.yml`
+- `sha512sum Threat-Dragon-ng-2.3.1.dmg > checksum-mac.yml`
+- `sha512sum Threat-Dragon-ng-2.3.1-arm64.dmg > checksum-mac-arm64.yml`
 
 upload files into the new release
 
@@ -183,11 +183,21 @@ base64 -i WINDOWS_OSS_CERT.p12 -o WINDOWS_OSS_CERT.p12.b64
 The use of the pipeline for code signing is not practical for this open source project
 because of the need for a private key in the keychain, so use the certificate issuer's utilities.
 
-Once signed create the checksum file: `sha512sum Threat-Dragon-ng-Setup-2.3.0.exe > checksum.yml`
+The latest certificate is provided using Certum's Open Source certificate:
 
-Fix up the file `latest.yml` with value given by:
+1. install [proCertum SmartSign + SimplySign Desktop for personal computers](https://support.certum.eu/en/software/procertum-smartsign/)
+2. use as a general reference Certum’s [Code Signing in the Cloud](https://files.certum.eu/documents/manual_en/CS-Code_Signing_in_the_Cloud_Signtool_jarsigner_signing.pdf)
+3. download the unsigned windows installer file
+4. ensure Powershell has the `signtool` utility installed from Windows SDK
+5. right click the icon in the desktop tray to select ‘Connect to SimplySign’
+6. gain a thumbprint from desktop tray icon, Manage certificates → Certificate list → Details → Thumbprint
+7. `signtool sign /sha1 "<thumbprint>" /tr http://time.certum.pl /td sha256 /fd sha256 /v "Threat-Dragon-ng-Setup-2.3.1.exe" `
 
-- `openssl dgst -binary -sha512 Threat-Dragon-ng-Setup-2.3.0.unsigned.exe | openssl base64 -A`
+Once signed create the checksum file: `sha512sum Threat-Dragon-ng-Setup-2.3.1.exe > checksum.yml`
+
+Fix up the file `latest.yml` with the correct size and the SHA256 value given by:
+
+- `openssl dgst -binary -sha512 Threat-Dragon-ng-Setup-2.3.1.exe | openssl base64 -A`
 
 ### Confirm desktop checksums
 
@@ -210,7 +220,7 @@ Edit the 'What's Changed' to filter out any chores.
 
 Then update the release notes for the draft in the [Threat Dragon release area][area]
 using the release notes using markdown provided by `.release-note-template.md` as a template,
-making sure to revise `2.x.x` to the correct version number such as `2.3.0`
+making sure to revise `2.x.x` to the correct version number such as `2.3.1`
 
 Once everything is in place promote the release from 'draft' to 'public' and 'latest'
 
@@ -226,11 +236,10 @@ and any other relevant channels such as [Blue Sky](https://bsky.app/profile/thre
 Reset the build state to 'latest'; this is displayed on the demo site:
 
 1. update `buildState` in `td.vue/package.json` away from "" to `-latest`
-2. update package lock files: `npm install`
-3. ensure that the package-lock files are up to date using `npm install`
-4. `git add --all; git status`
-5. `git commit -m"set latest build version"`
-6. `git push`
+2. ensure that the package-lock files are up to date using `npm install`
+3. `git add --all; git status`
+4. `git commit -m"set latest build version"`
+5. `git push`
 
 [altool]: https://successfulsoftware.net/2023/04/28/moving-from-altool-to-notarytool-for-mac-notarization/
 [area]: https://github.com/OWASP/threat-dragon/releases

diff --git a/td.vue/package.json b/td.vue/package.json
@@ -44,7 +44,7 @@
   },
   "license": "Apache-2.0",
   "homepage": "https://owasp.org/www-project-threat-dragon/",
-  "buildState": "",
+  "buildState": "-latest",
   "repository": {
     "type": "git",
     "url": "git://github.com/OWASP/threat-dragon.git"