release version 2.2.0

OWASP · Feb 17, 2024 · d285f07 · d285f07
1 parent 6d11a5c
commit d285f07
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 45 deletions.
diff --git a/README.md b/README.md
@@ -46,19 +46,24 @@ and this repository has been migrated from
 Mike Goodwin's [original](https://github.com/mike-goodwin/owasp-threat-dragon)
 which has the issues and pull requests from October 2015 up to June 2020.
 
-Threat Dragon is [primarily a web application](https://github.com/OWASP/threat-dragon/releases),
-with threat model files stored in GitHub or Bitbucket. Over time other storage methods will become available.
+Threat Dragon is [primarily a web application](https://github.com/OWASP/threat-dragon/releases).
+The web application can store threat model files on the local filesystem or access can be configured for :
 
-There are [desktop versions](https://github.com/OWASP/threat-dragon/releases) of Threat Dragon
-which store the threat model files on the local filesystem rather than in a repository.
+- GitHub
+- Bitbucket
+- GitLab
+- Github Enterprise
+
+The [desktop versions](https://github.com/OWASP/threat-dragon/releases) of Threat Dragon
+stores the threat model files on the local filesystem and do not access external repositories.
 You can [download installers](https://github.com/OWASP/threat-dragon/releases) for Windows, MacOS and Linux.
 
 End user help is available for both the latest [version 2.x](https://owasp.org/www-project-threat-dragon/docs-2/)
 and the previous [version 1.x](https://owasp.org/www-project-threat-dragon/docs-1/).
 
 ### Version 1.x maintenance mode
 
-Threat Dragon was originally written using AngularJS version 1.x, and this version of Angular has reached end of life.
+Threat Dragon was originally written using AngularJS version 1.x, but this version of Angular reached end of life.
 This means that versions 1.x of Threat Dragon are no longer actively maintained
 and versions 2.x have been re-written to use Vue.js.
 
@@ -83,10 +88,10 @@ The web application variant of Threat Dragon requires some environment variables
 follow [the documentation](https://owasp.org/www-project-threat-dragon/docs-2/install-environment/)
 on how to set these variables.
 
-The Threat Dragon web application uses GitHub or Bitbucket to store threat models,
-so you need to go to your GitHub or Bitbucket account and register it as a GitHub application.
-There is a [step by step guide](https://owasp.org/www-project-threat-dragon/docs-2/install-environment/)
-on how to do this. Github Enterprise is also supported.
+If access to external repositories is required, such as GitHub / Bitbucket / GitLab,
+then you need to go to your to the repository account and register it as a GitHub application.
+There are [step by step guides](https://owasp.org/www-project-threat-dragon/docs-2/install-environment/)
+on how to do this.
 
 If running the web application locally then the front-end to server communication will
 probably need to be HTTP rather than HTTPS.

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "threat-dragon",
-  "version": "2.1.3",
+  "version": "2.2.0",
   "private": true,
   "scripts": {
     "audit": "npm-run-all -c audit:server audit:site",

diff --git a/release-process.md b/release-process.md
@@ -4,57 +4,68 @@ The steps used during the release process
 
 1. `git clone git@github.com:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version eg `"version": "2.1.3",`, in `package.json`, `td.site/package.json` and `td.server/package.json`
+3. update version eg `"version": "2.2.0",`, in `package.json`, `td.site/package.json` and `td.server/package.json`
 4. update `buildState` in `td.vue/package.json` away from `-demo`, usually ''
-5. `npm install`
+5. update package lock files: `npm install`
 6. `npm run build`
 7. `npm test`
 8. `npm run test:vue`
 9. `git add --all; git status`
-10. `git commit -m"release version 2.1.3"`
+10. `git commit -m"release version 2.2.0"`
 11. `git push`
-12. tag the release `git tag v2.1.3`
-13. `git push origin v2.1.3`
+12. tag the release `git tag v2.2.0`
+13. `git push origin v2.2.0`
 
 The github release workflow then creates the draft release and the install images
 
 ### Publish docker image
 
 1. once tagged, the github workflow pushes the docker image to docker hub
-2. check using `docker pull threatdragon/owasp-threat-dragon:v2.1.3`
+2. check using `docker pull threatdragon/owasp-threat-dragon:v2.2.0`
 3. on MacOS M1 this command may need to be used:
-    `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.1.3`
+    `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.2.0`
 4. Test using the command to run a detached container:
-    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.1.3`
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.2.0`
 5. Ideally test this release on Windows, linux and MacOS using `http://localhost:8080/#/`
 
 If the image tests correctly, promote the docker image
-from dockerhub `threatdragon/` to dockerhub `OWASP/threat-dragon/v2.1.3`.
+from dockerhub `threatdragon/` to dockerhub `OWASP/threat-dragon/v2.2.0`.
 
 There is _no going back_ on this last step, so it is deliberately left as a manual task:
 
 ```text
-docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.1.3
-docker tag threatdragon/owasp-threat-dragon:v2.1.3 owasp/threat-dragon:v2.1.3
-docker push owasp/threat-dragon:v2.1.3
-docker pull owasp/threat-dragon:v2.1.3
+docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.2.0
+docker tag threatdragon/owasp-threat-dragon:v2.2.0 owasp/threat-dragon:v2.2.0
+docker push owasp/threat-dragon:v2.2.0
+docker pull owasp/threat-dragon:v2.2.0
 ```
 
 ensure the tag now exists within the OWASP Docker hub: `https://hub.docker.com/r/owasp/threat-dragon/tags`
 
 ### Check desktop downloads
 
-1. Download desktop installers for Linux, MacOS and Windows
-2. Download the `latest*.yml` auto-update checksum files
-3. Create SHA512 `checksum*.yml` files:
-  3.1 `grep sha512 latest-linux.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  hexdump -ve '1/1 "%.2x"' >> checksum-linux.yml`
-  3.2 `grep sha512 latest-mac.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  hexdump -ve '1/1 "%.2x"' >> checksum-mac.yml`
-  3.3 `grep sha512 latest.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  hexdump -ve '1/1 "%.2x"' >> checksum.yml`
-4. Confirm SHA512 with:
-  4.1 `echo "$(cat checksum-linux.yml) Threat-Dragon-ng-2.1.3.AppImage" | sha512sum --check`
-  4.2 `echo "$(cat checksum-mac.yml) Threat-Dragon-ng-2.1.3.dmg" | sha512sum --check`
-  4.3 `echo "$(cat checksum.yml) Threat-Dragon-ng-Setup-2.1.3.exe" | sha512sum --check`
-5. upload `checksum*.yml` files
+- Download desktop installers for Linux, MacOS and Windows
+- Download the `latest*.yml` auto-update checksum files
+- Create SHA512 `checksum*.yml` files:
+
+ ```text
+grep sha512 latest-linux.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  \
+    hexdump -ve '1/1 "%.2x"' >> checksum-linux.yml
+grep sha512 latest-mac.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  \
+    hexdump -ve '1/1 "%.2x"' >> checksum-mac.yml
+grep sha512 latest.yml | head -n 2 | tail -n 1 | cut -d ":" -f 2 | base64 -d |  \
+    hexdump -ve '1/1 "%.2x"' >> checksum.yml
+```
+
+- Confirm SHA512 with:
+
+```text
+echo "$(cat checksum-linux.yml) Threat-Dragon-ng-2.2.0.AppImage" | sha512sum --check
+echo "$(cat checksum-mac.yml) Threat-Dragon-ng-2.2.0.dmg" | sha512sum --check
+echo "$(cat checksum.yml) Threat-Dragon-ng-Setup-2.2.0.exe" | sha512sum --check
+```
+
+- upload `checksum*.yml` files
 
 ### Check demo site
 
@@ -71,7 +82,7 @@ Edit the 'What's Changed' to filter out any chores.
 
 Then update the release notes for the draft in the [Threat Dragon release area][area]
 using the release notes using markdown provided by `.release-note-template.md` as a template,
-making sure to revise `2.x.x` to the correct version number such as `2.1.3`
+making sure to revise `2.x.x` to the correct version number such as `2.2.0`
 
 Promote the release from draft to public once everything is in place
 

diff --git a/td.server/package-lock.json b/td.server/package-lock.json
diff --git a/td.server/package.json b/td.server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "threat-dragon-server",
-  "version": "2.1.3",
+  "version": "2.2.0",
   "private": true,
   "scripts": {
     "audit": "npm audit",

diff --git a/td.vue/package-lock.json b/td.vue/package-lock.json
diff --git a/td.vue/package.json b/td.vue/package.json
@@ -1,7 +1,7 @@
 {
   "name": "threat-dragon",
   "productName": "Threat Dragon",
-  "version": "2.1.3",
+  "version": "2.2.0",
   "private": true,
   "scripts": {
     "audit": "npm audit",
@@ -38,7 +38,7 @@
   },
   "license": "Apache-2.0",
   "homepage": "https://owasp.org/www-project-threat-dragon/",
-  "buildState": "-latest",
+  "buildState": "",
   "repository": {
     "type": "git",
     "url": "git://github.com/OWASP/threat-dragon.git"

diff --git a/td.vue/src/desktop/desktop.js b/td.vue/src/desktop/desktop.js
@@ -127,7 +127,7 @@ app.on('ready', async () => {
     createWindow();
 
     // check for updates from github releases site
-    autoUpdater.autoInstallOnAppQuit = true
+    autoUpdater.autoInstallOnAppQuit = true;
     // require user to agree to download
     autoUpdater.autoDownload = false;
     autoUpdater.checkForUpdatesAndNotify();