From dee4662987f1e97058777d95bcad3841b24cf852 Mon Sep 17 00:00:00 2001
From: merry-degaga <dmary797@gmail.com>
Date: Sun, 7 Aug 2022 12:37:20 -0400
Subject: [PATCH 1/3] configuration updates for issue 353

---
 .github/workflows/docker.yml | 19 ++++++++++++++++++-
 build.gradle                 |  2 +-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index b8b0fd1e..0a867f75 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,9 +20,26 @@ jobs:
         uses: actions/checkout@v2
         with:
           java-version: 1.8
+          fetch-depth: 0
+      -
+        name: Setup Gitveresion action
+        uses: gittools/actions/gitversion/setup@v0.9.7
+        with:
+          versionSpec: '5.x'
+      -
+        name: Execute GitVersion action
+        id: gitversion
+        uses: gittools/actions/gitversion/execute@v0.9.7
+      -
+        name: Publish release on GitHub
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: '${{ steps.gitversion.outputs.semver }}'
       -
         name: Grant execute permission for gradlew
         run: chmod +x gradlew
       -
         name: Build with Gradle and Push
-        run: ./gradlew jib
+        run: |
+          ./gradlew jib \
+          -Djib.to.tags='latest',$GITVERSION_SEMVER
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index b1e1a009..0b935053 100644
--- a/build.gradle
+++ b/build.gradle
@@ -66,7 +66,7 @@ jib {
     	  image = 'openjdk:8-jre-alpine'
   	}
   	to {
-    	  image = 'sasanlabs/owasp-vulnerableapp:unreleased'
+    	  image = 'sasanlabs/owasp-vulnerableapp'
   	}
 }
 

From fb5f8a1e3b2d445b622e3335cd42e98709acdb4b Mon Sep 17 00:00:00 2001
From: merry-degaga <dmary797@gmail.com>
Date: Sun, 7 Aug 2022 12:38:53 -0400
Subject: [PATCH 2/3] fixed mispelling

---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 0a867f75..c5e1c440 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
           java-version: 1.8
           fetch-depth: 0
       -
-        name: Setup Gitveresion action
+        name: Setup GitVersion action
         uses: gittools/actions/gitversion/setup@v0.9.7
         with:
           versionSpec: '5.x'

From 1ed1ed594f637312c7b1244816c5cd1cfd733d1c Mon Sep 17 00:00:00 2001
From: merry-degaga <dmary797@gmail.com>
Date: Sat, 13 Aug 2022 20:53:08 -0400
Subject: [PATCH 3/3] added instructions, examples, and info in readme.md,
 edited docker.yml to include VulnerableApp- in release name

---
 .github/workflows/docker.yml |  1 +
 README.md                    | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c5e1c440..28325f48 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -34,6 +34,7 @@ jobs:
         name: Publish release on GitHub
         uses: softprops/action-gh-release@v1
         with:
+          name: 'VulnerableApp-${{ steps.gitversion.outputs.semver }}'
           tag_name: '${{ steps.gitversion.outputs.semver }}'
       -
         name: Grant execute permission for gradlew
diff --git a/README.md b/README.md
index 7c647166..39451a99 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,33 @@ There are multiple ways in which you can contribute to the project:
 1. If you are a developer and trying to start on to the project, then the suggestion is to go through the list of [issues](https://github.com/SasanLabs/VulnerableApp/issues) which contains `good first issue` which can be a good starter.
 2. If you are a developer or a security professional looking to add new Vulnerability type then you can Generate the Sample Vulnerability by running `./gradlew GenerateSampleVulnerability`. It will generate the Sample Vulnerability template which has placeholders and comments. Modified files can be seen in the logs of the command or in the github history. You can navigate to those files, fill in the placeholders and then build the project to see the effect of the changes.
 3. In case you are looking to contribute to the project by publicising it or working on the growth of the project, please feel free to add your thoughts to discussions section or issues and we can discuss over them.
+### Semantic Versioning ###
+Leveraging GitHub workflow and actions, semantic versioning is automated.
+When committing your feature, you have the option to increment the version's major, minor, or patch value
+by including <code>+semver:[major|minor|patch]</code> in your commit message. Major, minor, patch values are the
+strings 'major', 'minor', and 'patch'.
+
+Examples:
+```properties
+git commit -m "some text +semver:major"
+git commit -m "+semver:minor some text"
+git commit -m "+semver:patch some text"
+```
+By default, if the version is not provided in the commit message, then patch is incremented.
+
+The updated version is used to create a tag for the latest published release on GitHub and DockerHub.
+
+<em>Which version should be incremented?</em>
+
+<table>
+<thead><td>Version</td><td>Description</td></thead>
+<tr><td>Major</td><td>Changes that break backwards compatibility</td></tr>
+<tr><td>Minor</td><td>New features that are backwards compatible</td></tr>
+<tr><td>Patch</td><td>Bug fixes that are backwards compatible</td></tr>
+</table>
+More information can be found at <a href="https://semver.org/" alt="semantic versioning specification">Semantic 
+Versioning 
+Specifiction</a>.
 
 ## Building the project
 There are 2 ways in which this project can be built and used: