8000 Create a constantly updated latest tag containing the latest outputs by tghosth · Pull Request #3203 · OWASP/ASVS · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Create a constantly updated latest tag containing the latest outputs #3203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Create a constantly updated latest tag containing the latest outputs #3203

wants to merge 7 commits into from

Conversation

tghosth
Copy link
Collaborator
@tghosth tghosth commented Jun 20, 2025

This Pull Request relates to issue #1848

@tghosth
Copy link
Collaborator Author
tghosth commented Jun 20, 2025
edited
Loading

Pull Request Summary: Automating Bleeding Edge 5.0 Document Release

Overview

This pull request introduces a new automated workflow for the OWASP ASVS project that continuously publishes the latest 5.0 document outputs to a GitHub release named "latest." This enables users to always access the most up-to-date (bleeding edge) version of the ASVS 5.0 documents directly from the master branch.

Key Changes

  • New Workflow: Added a workflow that uploads the generated 5.0 documents to the 'latest' GitHub release after every update to the 5.0/ directory.
  • Release Naming: The release is titled "OWASP Application Security Verification Standard (Bleeding Edge)" and is always associated with the latest tag.
  • Release Description: The release description clearly states that these files are updated automatically from the bleeding edge (master branch) and are not guaranteed to be stable.
  • No Deletion of Old Assets: The workflow only uploads new/changed files, so if the workflow fails, the previous release assets remain available.
  • Orchestrator Integration: The orchestrator workflow (build-documents.yml) was updated to call the new publish workflow after successful document generation for 5.0.
  • Push-Only Release: The publish-to-latest workflow only runs when a commit is pushed to the master branch. It does not run for pull requests or manual workflow dispatches, ensuring that only merged changes are published as bleeding edge releases.

Release Description (as shown on GitHub)

This release will be automatically updated on an ongoing basis with the output files from the bleeding edge version of the ASVS, i.e. the latest version from the master branch.

Obviously this version is undergoing constant changes and cannot be relied upon for stability, but is provided for convenience.

Purpose

This change makes it easier for users and contributors to access the most current ASVS 5.0 documents without waiting for a formal release, supporting rapid feedback and review cycles.

@tghosth tghosth marked this pull request as ready for review June 20, 2025 09:28
@tghosth tghosth enabled auto-merge (squash) June 20, 2025 09:29
@tghosth tghosth requested review from ike and Copilot June 20, 2025 09:29
Copilot
Copilot AI reviewed Jun 20, 2025
View reviewed changes
Copy link
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a new workflow to publish the ASVS 5.0 outputs under the latest tag on GitHub Releases and wires it into the existing document build pipeline.

  • Introduces .github/workflows/publish-5.0-latest.yml to upload 5.0 artifacts to the “latest” release.
  • Updates .github/workflows/build-documents.yml to call the new publish workflow after successful 5.0 builds.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/publish-5.0-latest.yml New workflow to download 5.0 artifacts and push to latest.
.github/workflows/build-documents.yml Added publish-v5-latest job to invoke the new publish workflow.
Comments suppressed due to low confidence (3)

.github/workflows/publish-5.0-latest.yml:1

  • [nitpick] Consider adding a concurrency setting (group + cancel-in-progress) to avoid overlapping runs pushing to the same latest tag simultaneously.
# This workflow uploads the generated 5.0 documents to the 'latest' GitHub release.

.github/workflows/build-documents.yml:53

  • [nitpick] The job ID publish-v5-latest doesn’t match the child workflow filename (publish-5.0-latest.yml). Renaming it to publish-5-0-latest could improve consistency.
  publish-v5-latest:

.github/workflows/build-documents.yml:53

  • [nitpick] It may help future maintainers to add a brief comment above this job explaining that it publishes the bleeding-edge 5.0 outputs to the latest release.
  publish-v5-latest:

@tghosth tghosth linked an issue Jun 20, 2025 that may be closed by this pull request
Most recent artifacts #1848
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@ike ike Awaiting requested review from ike

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Most recent artifacts
1 participant
@tghosth
0