release candidate 2.5.0-RC1

Author: jgadsden

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "threat-dragon",
-  "version": "2.4.1",
+  "version": "2.5.0",
   "appBundleId": "org.owasp.threatdragon",
   "private": true,
   "scripts": {

package.json

@@ -1,5 +1,8 @@
 The steps used during the release process, including release candidates
 
+Note that the build process will not run if the version is only Major.Minor, for example 2.5,
+and it needs to be in form Major.Minor.Patch, for example 2.5.0
+
 ## Create release candidate
 
 Before a release it is required that a release candidate version is created.
@@ -10,19 +13,20 @@ For example if RC1, but change for RC2 and so on :
 
 1. `git clone [email protected]:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version, for example `"version": "2.4.1-RC1",`, in `td.vue/package.json`
+3. update version, for example `"version": "2.5.0-RC1",`, in `td.vue/package.json`
 4. ensure `buildState` in `td.vue/package.json` is "" (empty)
-5. update version, for example `"version": "2.4.1-RC1",`, in `package.json` and `td.server/package.json`
+5. update version, for example `"version": "2.5.0-RC1",`, in `package.json` and `td.server/package.json`
 6. update package lock files: `npm install`
 7. `npm run build`
 8. `npm test`
 9. `npm run test:vue`
 10. ensure that the package-lock files are up to date using `npm install`
 11. `git add --all; git status`
-12. `git commit -m"release candidate 2.4.1-RC1"`
+12. `git commit -m"release candidate 2.5.0-RC1"; git status`
 13. `git push`
-14. tag the release `git tag v2.4.1-RC1`
-15. `git push origin v2.4.1-RC1`
+14. tag the release `git tag v2.5.0-RC1`
+15. `git push origin v2.5.0-RC1`
+16. `git status`
 
 repeat as necessary for further release candidates.
 
@@ -49,18 +53,18 @@ After the releases candidate has been agreed by the Threat Dragon community, a r
 
 1. `git clone [email protected]:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version eg `"version": "2.4.1",`, in `package.json`, `td.vue/package.json` and `td.server/package.json`
+3. update version eg `"version": "2.5.0",`, in `package.json`, `td.vue/package.json` and `td.server/package.json`
 4. update `buildState` in `td.vue/package.json` away from `-latest` to "" (empty)
 5. update package lock files: `npm install`
 6. `npm run build`
 7. `npm test`
 8. `npm run test:vue`
 9. ensure that the package-lock files are up to date using `npm install`
 10. `git add --all; git status`
-11. `git commit -m"release version 2.4.1"`
+11. `git commit -m"release version 2.5.0"`
 12. `git push`
-13. tag the release `git tag v2.4.1`
-14. `git push origin v2.4.1`
+13. tag the release `git tag v2.5.0`
+14. `git push origin v2.5.0`
 
 The github release workflow then creates the draft release and the install images
 
@@ -70,33 +74,33 @@ Ensure the tag now exists within the [Threat Dragon Docker hub][td-dock].
 Do this after logging into an active Docker account using `docker login` from the CLI and running Docker Desktop.
 
 1. once tagged, the github workflow pushes the docker image to docker hub
-2. pull image for an X86 platform using `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.4.1`
-3. pull image for an ARM platform using `docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.4.1-arm64`
+2. pull image for an X86 platform using `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.5.0`
+3. pull image for an ARM platform using `docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.5.0-arm64`
 4. Test using the command to run a detached container:
-    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.4.1`
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.5.0`
 5. Test the ARM container as well:
-    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.4.1-arm64`
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.5.0-arm64`
 6. Ideally test these releases on Windows, linux and MacOS using `http://localhost:8080/#/`
 
 If the image tests correctly, promote the docker image from dockerhub `threatdragon/`
-to dockerhub `OWASP/threat-dragon/v2.4.1` and `OWASP/threat-dragon/v2.4.1-arm64`.
+to dockerhub `OWASP/threat-dragon/v2.5.0` and `OWASP/threat-dragon/v2.5.0-arm64`.
 
 There is _no going back_ on these steps, so they are deliberately left as manual tasks:
 
 ```text
-docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.4.1
-docker tag threatdragon/owasp-threat-dragon:v2.4.1 owasp/threat-dragon:v2.4.1
-docker push owasp/threat-dragon:v2.4.1
-docker pull owasp/threat-dragon:v2.4.1
+docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.5.0
+docker tag threatdragon/owasp-threat-dragon:v2.5.0 owasp/threat-dragon:v2.5.0
+docker push owasp/threat-dragon:v2.5.0
+docker pull owasp/threat-dragon:v2.5.0
 
-docker tag owasp/threat-dragon:v2.4.1 owasp/threat-dragon:stable
+docker tag owasp/threat-dragon:v2.5.0 owasp/threat-dragon:stable
 docker push owasp/threat-dragon:stable
 docker pull owasp/threat-dragon:stable
 
-docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.4.1-arm64
-docker tag threatdragon/owasp-threat-dragon:v2.4.1-arm64 owasp/threat-dragon:v2.4.1-arm64
-docker push owasp/threat-dragon:v2.4.1-arm64
-docker pull owasp/threat-dragon:v2.4.1-arm64
+docker pull --platform linux/arm64 threatdragon/owasp-threat-dragon:v2.5.0-arm64
+docker tag threatdragon/owasp-threat-dragon:v2.5.0-arm64 owasp/threat-dragon:v2.5.0-arm64
+docker push owasp/threat-dragon:v2.5.0-arm64
+docker pull owasp/threat-dragon:v2.5.0-arm64
 ```
 
 ensure the tag now exists within the [OWASP Docker hub][owasp-dock].
@@ -112,14 +116,14 @@ ensure the tag now exists within the [OWASP Docker hub][owasp-dock].
 
 ### Checksum for Linux desktop AppImage
 
-Download desktop AppImage for Linux `Threat-Dragon-ng-2.4.1.AppImage` and the `latest-linux.yml` auto-update checksum file.
+Download desktop AppImage for Linux `Threat-Dragon-ng-2.5.0.AppImage` and the `latest-linux.yml` auto-update checksum file.
 
 Create SHA512 `checksum-linux.yml` file:
 
  ```bash
 grep sha512 latest-linux.yml | tail -n 1 | cut -d ":" -f 2 | base64 -d |  \
     hexdump -ve '1/1 "%.2x"' > checksum-linux.yml
-echo -n " Threat-Dragon-ng-2.4.1.AppImage" >> checksum-linux.yml
+echo -n " Threat-Dragon-ng-2.5.0.AppImage" >> checksum-linux.yml
 ```
 
 Check correct using: `sha512sum --check checksum-linux.yml`
@@ -150,58 +154,58 @@ The secrets for both signing and notarization can be checked by running it manua
 - provide the [code signing certs for MacOS][certs]
 - Download both x86 and arm64 files for the MacOS installer (`*.dmg` and `*.zip`)
 - ensure that the apple developer [environment is set up][notarize]
-- notarize and staple the `Threat-Dragon-ng-2.x.x-arm64.dmg` file for arm64, using version 2.4.1 as an example:
+- notarize and staple the `Threat-Dragon-ng-2.x.x-arm64.dmg` file for arm64, using version 2.5.0 as an example:
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.4.1-arm64.dmg`
-  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.4.1-arm64.dmg`
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.5.0-arm64.dmg`
+  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.5.0-arm64.dmg`
 - similarly for the x86 image `Threat-Dragon-ng-2.x.x.dmg` :
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.4.1.dmg`
-  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.4.1.dmg`
-- notarize the application in both`.zip` files, for example using version 2.4.1:
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.5.0.dmg`
+  - `xcrun stapler staple --verbose Threat-Dragon-ng-2.5.0.dmg`
+- notarize the application in both`.zip` files, for example using version 2.5.0:
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.4.1-arm64-mac.zip`
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.5.0-arm64-mac.zip`
   - unzip the file to obtain the application directory `Threat-Dragon-ng.app`
   - check notarization worked: `spctl -a -v Threat-Dragon-ng.app`
   - staple the application: `xcrun stapler staple --verbose Threat-Dragon-ng.app`
   - zip the application directory to get: `Threat-Dragon-ng.zip`
-  - rename `Threat-Dragon-ng.zip` to update `Threat-Dragon-ng-2.4.1-arm64-mac.zip`
+  - rename `Threat-Dragon-ng.zip` to update `Threat-Dragon-ng-2.5.0-arm64-mac.zip`
 - similarly for the x86 application `zip` file :
   - `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \`
-    `--password <password> --verbose --wait Threat-Dragon-ng-2.4.1-mac.zip`
+    `--password <password> --verbose --wait Threat-Dragon-ng-2.5.0-mac.zip`
   - unzip the file to obtain the application directory `Threat-Dragon-ng.app`
   - check notarization worked: `spctl -a -v Threat-Dragon-ng.app`
   - staple the application: `xcrun stapler staple --verbose Threat-Dragon-ng.app`
   - zip the application directory to get: `Threat-Dragon-ng.zip`
-  - rename `Threat-Dragon-ng.zip` to update `Threat-Dragon-ng-2.4.1-mac.zip`
+  - rename `Threat-Dragon-ng.zip` to update `Threat-Dragon-ng-2.5.0-mac.zip`
 
 Fix up the checksums in `latest-mac.yml` values using script:
 
 ```bash
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.4.1-mac.zip | openssl base64 -A
-ls -l Threat-Dragon-ng-2.4.1-mac.zip
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.5.0-mac.zip | openssl base64 -A
+ls -l Threat-Dragon-ng-2.5.0-mac.zip
 
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.4.1-arm64-mac.zip | openssl base64 -A
-ls -l Threat-Dragon-ng-2.4.1-arm64-mac.zip
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.5.0-arm64-mac.zip | openssl base64 -A
+ls -l Threat-Dragon-ng-2.5.0-arm64-mac.zip
 
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.4.1.dmg | openssl base64 -A
-ls -l Threat-Dragon-ng-2.4.1.dmg
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.5.0.dmg | openssl base64 -A
+ls -l Threat-Dragon-ng-2.5.0.dmg
 
-openssl dgst -binary -sha512 Threat-Dragon-ng-2.4.1-arm64.dmg | openssl base64 -A
-ls -l Threat-Dragon-ng-2.4.1-arm64.dmg 
+openssl dgst -binary -sha512 Threat-Dragon-ng-2.5.0-arm64.dmg | openssl base64 -A
+ls -l Threat-Dragon-ng-2.5.0-arm64.dmg
 ```
 
 Create the checksum files:
 
-- `sha512sum Threat-Dragon-ng-2.4.1.dmg > checksum-mac.yml`
-- `sha512sum Threat-Dragon-ng-2.4.1-arm64.dmg > checksum-mac-arm64.yml`
+- `sha512sum Threat-Dragon-ng-2.5.0.dmg > checksum-mac.yml`
+- `sha512sum Threat-Dragon-ng-2.5.0-arm64.dmg > checksum-mac-arm64.yml`
 
 Upload files into the new release:
 
-- `Threat-Dragon-ng-2.4.1-mac.zip`
-- `Threat-Dragon-ng-2.4.1-arm64-mac.zip`
-- `Threat-Dragon-ng-2.4.1.dmg`
-- `Threat-Dragon-ng-2.4.1-arm64.dmg`
+- `Threat-Dragon-ng-2.5.0-mac.zip`
+- `Threat-Dragon-ng-2.5.0-arm64-mac.zip`
+- `Threat-Dragon-ng-2.5.0.dmg`
+- `Threat-Dragon-ng-2.5.0-arm64.dmg`
 - `checksum-mac.yml`
 - `checksum-mac-arm64.yml`
 - `latest-mac.yml`
@@ -229,15 +233,15 @@ The latest certificate is provided using Certum's Open Source certificate:
 4. ensure Powershell has the `signtool` utility installed from Windows SDK
 5. right click the icon in the desktop tray to select ‘Connect to SimplySign’
 6. gain a thumbprint from desktop tray icon, Manage certificates → Certificate list → Details → Thumbprint
-7. `signtool sign /sha1 "<thumbprint>" /tr http://time.certum.pl /td sha256 /fd sha256 /v "Threat-Dragon-ng-Setup-2.4.1.exe"`
+7. `signtool sign /sha1 "<thumbprint>" /tr http://time.certum.pl /td sha256 /fd sha256 /v "Threat-Dragon-ng-Setup-2.5.0.exe"`
 
-Once signed create the checksum file: `sha512sum Threat-Dragon-ng-Setup-2.4.1.exe > checksum.yml`
+Once signed create the checksum file: `sha512sum Threat-Dragon-ng-Setup-2.5.0.exe > checksum.yml`
 
 Fix up the file `latest.yml` with the correct size and the SHA256 value given by:
 
-- `openssl dgst -binary -sha512 Threat-Dragon-ng-Setup-2.4.1.exe | openssl base64 -A`
+- `openssl dgst -binary -sha512 Threat-Dragon-ng-Setup-2.5.0.exe | openssl base64 -A`
 
-Upload files `Threat-Dragon-ng-Setup-2.4.1.exe`, `checksum.yml` and `latest.yml` into the new release.
+Upload files `Threat-Dragon-ng-Setup-2.5.0.exe`, `checksum.yml` and `latest.yml` into the new release.
 Note that the original files of the same name need to be removed first.
 
 ### Confirm desktop checksums
@@ -261,7 +265,7 @@ Edit the 'What's Changed' to filter out any chores.
 
 Then update the release notes for the draft in the [Threat Dragon release area][area]
 using the release notes using markdown provided by `.release-note-template.md` as a template,
-making sure to revise `2.x.x` to the correct version number such as `2.4.1`
+making sure to revise `2.x.x` to the correct version number such as `2.5.0`
 
 Once everything is in place promote the release from 'draft' to 'public' and 'latest'
 

release-process.md

@@ -1,6 +1,6 @@
 {
   "name": "threat-dragon-server",
-  "version": "2.4.1",
+  "version": "2.5.0-RC1",
   "private": true,
   "scripts": {
     "audit": "npm audit",