-
-
Notifications
You must be signed in to change notification settings - Fork 251
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
disable trivy until it can be reliably downloaded
- Loading branch information
Showing
4 changed files
with
36 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -80,20 +80,6 @@ ensure the tag now exists within the OWASP Docker hub: `https://hub.docker.com/r | |
3. Inspect logs using `heroku logs --app=threatdragon-v2 --tail` | ||
4. Ensure no rollback shown in [dashboard][herokudash] | ||
|
||
### Notarize and staple the MacOS images | ||
|
||
It used to be that [altool][altool] could be used to notarize the MacOS `.dmg` files in the pipeline. | ||
As of early 2024 this is no longer available and [notarytool][notarize] must be used in a secure environment. | ||
Used in the pipeline, this is how to do it manually. | ||
|
||
- Download both x86 and arm64 images for the MacOS installer (`*.dmg`) | ||
- ensure that the apple developer [environment is set up][notarize] | ||
- notarize and staple, for example with version 2.3.0: | ||
- `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \` | ||
`--password <password> --verbose --wait Threat-Dragon-ng-2.3.0-arm64.dmg` | ||
- `xcrun stapler staple --verbose Threat-Dragon-ng-2.3.0-arm64.dmg` | ||
- similarly for the x86 image `Threat-Dragon-ng-2.3.0.dmg` | ||
|
||
### Check desktop downloads | ||
|
||
- Download desktop AppImage for Linux and installers for MacOS `.dmg` and Windows `.exe` | ||
|
@@ -141,12 +127,39 @@ Update the [releases tab][releases] and the [info pane][td-info] on the OWASP Th | |
Finally ensure Threat Dragon announces the new release on the [OWASP Threat Dragon][td-slack] slack channel | ||
and any other relevant channels | ||
|
||
### Manually notarize / staple for MacOS images | ||
|
||
It used to be that [altool][altool] could be used to notarize the MacOS `.dmg` files in the pipeline. | ||
As of early 2024 this is no longer available and [notarytool][notarize] must be used in a secure environment. | ||
Used in [the pipeline][notarytool], it can also be done/checked manually: | ||
|
||
- Download both x86 and arm64 images for the MacOS installer (`*.dmg`) | ||
- ensure that the apple developer [environment is set up][notarize] | ||
- notarize and staple, for example with version 2.3.0: | ||
- `xcrun notarytool submit --apple-id <apple-account-email> --team-id <teamid> \` | ||
`--password <password> --verbose --wait Threat-Dragon-ng-2.3.0-arm64.dmg` | ||
- `xcrun stapler staple --verbose Threat-Dragon-ng-2.3.0-arm64.dmg` | ||
- similarly for the x86 image `Threat-Dragon-ng-2.3.0.dmg` | ||
|
||
### Manually check Snap images | ||
|
||
https://snapcraft.io/install/threat-dragon/arch | ||
https://login.ubuntu.com/ | ||
|
||
Full name: Threat Dragon | ||
username: threat-dragon | ||
`snapcraft login` using email: [email protected] and Ubuntu One password? | ||
|
||
Token used in the Threat Dragon pipeline as 'SNAPCRAFT_TOKEN', use command to refresh creds: | ||
`snapcraft export-login --snaps threat-dragon --channels stable` | ||
|
||
[altool]: https://successfulsoftware.net/2023/04/28/moving-from-altool-to-notarytool-for-mac-notarization/ | ||
[area]: https://github.com/OWASP/threat-dragon/releases | ||
[heroku]: https://id.heroku.com/login | ||
[herokucli]: https://devcenter.heroku.com/articles/heroku-cli#install-the-heroku-cli | ||
[herokudash]: https://dashboard.heroku.com/apps | ||
[notarize]: https://developer.apple.com/documentation/security/resolving-common-notarization-issues | ||
[notarytool]: https://www.electron.build/app-builder-lib.interface.macconfiguration#notarize | ||
[releases]: https://github.com/OWASP/www-project-threat-dragon/blob/main/tab_releases.md | ||
[td-info]: https://github.com/OWASP/www-project-threat-dragon/blob/main/info.md | ||
[td-slack]: https://owasp.slack.com/messages/CURE8PQ68 |