Prepare for publication

center-for-threat-informed-defense · Jul 23, 2024 · 7ba3130 · 7ba3130
1 parent c46a100
commit 7ba3130
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 96 deletions.
diff --git a/.github/workflows/sphinx.yml b/.github/workflows/sphinx.yml
@@ -41,80 +41,27 @@ jobs:
         name: threat-modeling-with-attack-docs-html
         path: docs/_build/dirhtml/
 
-  # Delete this job before public release and clear GitHub secrets:
-  azure_blob:
+  github_pages:
+    # This job only runs when committing or merging to main branch.
+    if: github.ref_name == 'main'
     needs: docs
     runs-on: ubuntu-latest
-    env:
-      AZURE_STORAGE_ACCOUNT: ctidthreatmodeling
-      AZURE_STORAGE_SAS_TOKEN: ${{ secrets.AZURE_SAS_TOKEN }}
-      BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
-      STATICRYPT_PASS: ${{ secrets.STATICRYPT_PASS }}
-      NODE_OPTIONS: --max-old-space-size=8192
-    steps:
-      - uses: actions/setup-node@v3
-        with:
-          node-version: '19'
-      - run: npm install -g staticrypt
-      - name: Download HTML docs
-        uses: actions/download-artifact@v3
-        with:
-          name: threat-modeling-with-attack-docs-html
-          path: docs
-      - run: >
-          staticrypt --remember 30 --salt b530e4408fd941209e53e4786421f837 \
-            --password $STATICRYPT_PASS --short \
-            --template-title "Threat Modeling with ATT&CK (branch: $BRANCH_NAME)" \
-            --template-instructions "The contents of this site are marked TLP:AMBER:CTID-R&D:23-83. Do not share with unauthorized individuals." \
-            --template-color-primary "#6241c5" \
-            --template-color-secondary "#b2b2b2" \
-            --template-button "Log In" \
-            -r docs/
-      - name: Ensure StatiCrypt ran # StatiCrypt will fail without warning; verify it created a directory
-        run: test -d encrypted
-      - name: Copy encrypted HTML files
-        run: rsync -Ir -v --include='*.html' --exclude='*.*' encrypted/docs .
-      - name: Set the branch name
-        run: mv docs "$BRANCH_NAME"
-      - name: Install Azure CLI
-        run: curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
-      - name: Delete old blobs
-        run: az storage blob delete-batch -s '$web' --pattern "$BRANCH_NAME/*"
-      - name: Upload to blob storage
-        run: az storage blob upload-batch -s . --pattern "$BRANCH_NAME/*" -d '$web'
-      - uses: actions/github-script@v6
-        if: github.event_name == 'pull_request'
-        with:
-            script: |
-              github.rest.issues.createComment({
-                issue_number: context.issue.number,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: `This PR has been published to https://${process.env['AZURE_STORAGE_ACCOUNT']}.z13.web.core.windows.net/${process.env['BRANCH_NAME']}/`,
-              })
-
-  # # TODO Uncomment before publishing repository.
-  # github_pages:
-  #   # This job only runs when committing or merging to main branch.
-  #   if: github.ref_name == 'main'
-  #   needs: docs
-  #   runs-on: ubuntu-latest
-  #   environment:
-  #     name: github-pages
-  #     url: $\{\{ steps.deployment.outputs.page_url \}\}
+    environment:
+      name: github-pages
+      url: $\{\{ steps.deployment.outputs.page_url \}\}
 
-  #   steps:
-  #   - name: Setup Pages
-  #     uses: actions/configure-pages@v2
-  #   - name: Download HTML docs
-  #     uses: actions/download-artifact@v3
-  #     with:
-  #       name: threat-modeling-with-attack-docs-html
-  #       path: docs
-  #   - name: Upload artifact
-  #     uses: actions/upload-pages-artifact@v1
-  #     with:
-  #       path: ./docs
-  #   - name: Deploy to GitHub Pages
-  #     id: deployment
-  #     uses: actions/deploy-pages@v1
+    steps:
+    - name: Setup Pages
+      uses: actions/configure-pages@v2
+    - name: Download HTML docs
+      uses: actions/download-artifact@v3
+      with:
+        name: threat-modeling-with-attack-docs-html
+        path: docs
+    - name: Upload artifact
+      uses: actions/upload-pages-artifact@v1
+      with:
+        path: ./docs
+    - name: Deploy to GitHub Pages
+      id: deployment
+      uses: actions/deploy-pages@v1
diff --git a/README.md b/README.md
@@ -53,9 +53,7 @@ before making a pull request.
 
 ## Notice
 
-<!-- TODO Add PRS prior to publication. -->
-
-© 2024 MITRE Engenuity. Approved for public release. Document number(s) REPLACE_WITH_PRS_NUMBER.
+© 2024 MITRE Engenuity. Approved for public release. Document number(s) CT0122.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
 file except in compliance with the License. You may obtain a copy of the License at

diff --git a/docs/additional-resources.rst b/docs/additional-resources.rst
@@ -43,14 +43,6 @@ accuracy.
 Attack Flow
 -----------
 
-.. raw:: html
-
-     <iframe width="560" height="315" src="https://www.youtube.com/embed/h_BC6QMWDbA?si=Abpy35U4SYKMYUeE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
-
-.. TODO were they planning to put a video here? we don't have an attack flow youtube
-
-|
-
 Attack Flow's builder and command line tools can be used to visualize Attack Trees. An
 example Attack Tree can be found on the `Attack Flow Examples Page
 <https://center-for-threat-informed-defense.github.io/attack-flow/example_flows/>`_.

diff --git a/docs/conf.py b/docs/conf.py
@@ -20,7 +20,7 @@
 project = "Threat Modeling with ATT&CK"
 author = "Center for Threat-Informed Defense"
 copyright_years = "2024"
-prs_numbers = "REPLACE_WITH_PRS_NUMBER"
+prs_numbers = "CT0122"
 
 # The full version, including alpha/beta/rc tags
 version = "v1.0.0"

diff --git a/docs/index.rst b/docs/index.rst
@@ -18,7 +18,7 @@ to mitigate threats related to their systems or environments.
 This project is created and maintained by `MITRE Engenuity Center for Threat-Informed
 Defense (Center) <https://ctid.mitre-engenuity.org/>`_ and is funded by our `research
 participants
-<https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/TODO/>`_,
+<https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/threat-modeling-with-attack/#research-participants>`_,
 in furtherance of our mission to advance the state of the art and the state of the
 practice in threat-informed defense globally.
 

diff --git a/docs/question-2.rst b/docs/question-2.rst
@@ -577,11 +577,9 @@ this campaign in yellow.
 The video below walks through an example of adding together all of the layers mentioned
 throughout the evidence section.
 
-.. TODO video 1 goes here
-
 .. raw:: html
 
-    <iframe width="560" height="315" src="https://www.youtube.com/embed/h_BC6QMWDbA?si=Abpy35U4SYKMYUeE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+    <iframe width="700" height="394" src="https://www.youtube-nocookie.com/embed/H417WchXhzg" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
 
 |
 
@@ -649,11 +647,9 @@ will make one combined overlay for each technology platform branch of your tree.
 
 The video below walks through an example of combining the theory and evidence layers.
 
-.. TODO video 2 goes here
-
 .. raw:: html
 
-     <iframe width="560" height="315" src="https://www.youtube.com/embed/h_BC6QMWDbA?si=Abpy35U4SYKMYUeE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+    <iframe width="700" height="394" src="https://www.youtube-nocookie.com/embed/uXepquLyzk0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
 
 |
 

diff --git a/docs/question-3.rst b/docs/question-3.rst
@@ -307,11 +307,9 @@ purple is low risk and dark purple is high risk.
 
 The video below walks through an example of building a scoring, defense, and risk layer.
 
-.. TODO embed video #3
-
 .. raw:: html
 
-    <iframe width="560" height="315" src="https://www.youtube.com/embed/h_BC6QMWDbA?si=Abpy35U4SYKMYUeE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+    <iframe width="700" height="394" src="https://www.youtube-nocookie.com/embed/61APDRwPPkU" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
 
 |