ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Most recent artifacts

Open tghosth opened this issue 1 year ago • 9 comments

I like the fact that the new automation only builds the updated documents if something in that location has changed.

However, it then makes it trickier to find the latest artifacts. E.g. how do I find the most recent 4.0 artifacts?

Any thoughts?

One option is to change the build task to run once a day on all 3 builds but that seems a little blunt, is there an easier way to achieve this @ike ?

tghosth avatar Jan 25 '24 16:01 tghosth

Yeah, I've considered this a bit, and I'm torn: on the one hand, artifacts are an ephemeral, point-in-time build that doesn't produce any commits, on the other hand, they're hard to find and relate to the state of the repo.

Another option is to commit the built files to the pull request. The builds would appear in the pull request along with any source changes, as an automated commit. The action would still only build if the relevant source had changed. I'd be curious of your thoughts on this approach.

There are probably other considerations here, like cutting versioned dev releases after merges to master, etc. There's lots of flexibility, we just need to find an approach that works well with the team's workflow.

ike avatar Jan 27 '24 05:01 ike

let's leave it for now. I think we need to think about this more.

tghosth avatar Jan 29 '24 09:01 tghosth

Agreed, sounds good to me.

ike avatar Jan 29 '24 16:01 ike

I suggest two types of releases to fix this issue, and to help automate releases in general:

  • a latest release that would overwrite itself on each push to master. This release would include the artifacts for all versions of the standard, and would be the place to look for the "most recent" artifacts for any given version of the standard.
  • an automatic versioned release that is cut whenever a new tag is created. This release would include the artifacts for whichever major version the release refers to, i.e. creating a tag called 5.1.2 would build the artifacts for the 5.0 directory based on the tagged commit and add those artifacts to the release.

This would solve the problem of not knowing where the "most recent" artifacts were, as well as providing a simple way to release a new version. This approach would avoid a) messy automated commits to master, and b) creating a dev release for every commit to master.

To facilitate this, we could use a github action such as Automatic Releases.

ike avatar Jul 05 '24 18:07 ike

Could you try and prepare something like this @ike?

Thanks!

tghosth avatar Jul 10 '24 17:07 tghosth

Absolutely. I'll get to work on this.

ike avatar Jul 10 '24 18:07 ike

Hi @ike, any update on this?

tghosth avatar Aug 26 '24 17:08 tghosth

I finally found some more time to do this work -- I am hoping to have a proof-of-concept soon.

ike avatar Mar 14 '25 16:03 ike

Hey @ike! Good to see you back!

Let me know how it goes :)

tghosth avatar Mar 16 '25 16:03 tghosth