From 66daff9b3ae807953a9eba25d5ca23cd902b9998 Mon Sep 17 00:00:00 2001 From: "J-K. Solbakken" Date: Tue, 12 Mar 2024 13:43:47 +0100 Subject: [PATCH 1/3] also build for arm64 --- .github/workflows/pull_request.yaml | 4 ++++ .github/workflows/push.yaml | 4 ++++ .github/workflows/release.yaml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 0c040a3c3..21477dd2f 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -186,6 +186,9 @@ jobs: - name: Checkout uses: actions/checkout@v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3.1.0 @@ -217,6 +220,7 @@ jobs: tags: ${{ env.IMAGE_NAME }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/amd64,linux/arm64 e2e_smokes: name: Site e2e smokes diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index e5755af4e..307abb2ea 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -222,6 +222,9 @@ jobs: - name: Checkout uses: actions/checkout@v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3.1.0 @@ -253,6 +256,7 @@ jobs: tags: ${{ env.IMAGE_NAME }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/amd64,linux/arm64 heroku_deploy: name: Upload to Heroku diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 977a5b36f..a8d6662eb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -346,6 +346,9 @@ jobs: - name: Checkout uses: actions/checkout@v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3.1.0 @@ -377,6 +380,7 @@ jobs: tags: ${{ env.IMAGE_NAME }}:${{ github.ref_name }},${{ env.IMAGE_NAME }}:stable cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + platforms: linux/amd64,linux/arm64 webapp_release: name: Publish web application From 215e0c860b333ea14a6caf1cbe09b31f9c94a0a1 Mon Sep 17 00:00:00 2001 From: "J-K. Solbakken" Date: Tue, 12 Mar 2024 14:37:48 +0100 Subject: [PATCH 2/3] removed unnecessary step --- release-process.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/release-process.md b/release-process.md index 533879bc0..f033ace59 100644 --- a/release-process.md +++ b/release-process.md @@ -22,11 +22,9 @@ The github release workflow then creates the draft release and the install image 1. once tagged, the github workflow pushes the docker image to docker hub 2. check using `docker pull threatdragon/owasp-threat-dragon:v2.2.0` -3. on MacOS M1 this command may need to be used: - `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.2.0` -4. Test using the command to run a detached container: +3. Test using the command to run a detached container: `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.2.0` -5. Ideally test this release on Windows, linux and MacOS using `http://localhost:8080/#/` +4. Ideally test this release on Windows, linux and MacOS using `http://localhost:8080/#/` If the image tests correctly, promote the docker image from dockerhub `threatdragon/` to dockerhub `OWASP/threat-dragon/v2.2.0`. From d10c5d3b2bfca1ba22cc3ddeed55f75146bb9335 Mon Sep 17 00:00:00 2001 From: "J-K. Solbakken" Date: Wed, 13 Mar 2024 09:46:57 +0100 Subject: [PATCH 3/3] no creds -> no docker push -> no need for tests involving that img --- .github/workflows/pull_request.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 21477dd2f..eefee51f4 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -182,6 +182,8 @@ jobs: runs-on: ubuntu-22.04 needs: [site_unit_tests, server_unit_tests] if: github.repository == 'OWASP/threat-dragon' + outputs: + image_is_pushed: ${{ steps.set-outputs.outputs.CREDS_PRESENT }} steps: - name: Checkout uses: actions/checkout@v4.1.1 @@ -205,9 +207,12 @@ jobs: - name: Login to Docker Hub uses: docker/login-action@v3.0.0 + if: ${{ env.DOCKERHUB_TOKEN != '' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push id: docker_build @@ -216,16 +221,22 @@ jobs: context: ./ file: ./Dockerfile builder: ${{ steps.buildx.outputs.name }} - push: true + push: ${{ env.DOCKERHUB_TOKEN != '' }} tags: ${{ env.IMAGE_NAME }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache platforms: linux/amd64,linux/arm64 + - name: Set outputs + id: set-outputs + run: |- + echo "CREDS_PRESENT=${{ secrets.DOCKERHUB_TOKEN != ''}}" >> $GITHUB_OUTPUT + e2e_smokes: name: Site e2e smokes runs-on: ubuntu-22.04 needs: [build_docker_image] + if: ${{ needs.build_docker_image.outputs.image_is_pushed == 'true'}} defaults: run: working-directory: td.vue @@ -326,6 +337,7 @@ jobs: name: Site zap scan runs-on: ubuntu-22.04 needs: [build_docker_image] + if: ${{ needs.build_docker_image.outputs.image_is_pushed == 'true'}} steps: - name: Run Threat Dragon run: | @@ -373,6 +385,7 @@ jobs: name: Scan with trivy runs-on: ubuntu-22.04 needs: [build_docker_image] + if: ${{ needs.build_docker_image.outputs.image_is_pushed == 'true'}} permissions: contents: write