new announcements and workflow inputs documented

bountyhub-org · Feb 9, 2025 · 000208d · 000208d
1 parent 8b497a7
commit 000208d
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 1 deletion.
diff --git a/content/1.workflows/1.syntax.md b/content/1.workflows/1.syntax.md
@@ -266,13 +266,44 @@ scans:
         shell: bash
 ```
 
+### `scans.[ID].on.dispatch.inputs`
+
+Inputs act as project vars while keeping the lifetime of a single invocation. Specifying inputs would mean that your scan should
+act differently depending on the input provided. For the ones who are also software engineers, inputs are like arguments to a function.
+
+There are two primary reasons to use dispatch:
+
+1. From time to time, you want to run scan on a specific program by triggering it manually. Inputs are completely defined by the program
+(for example, program domain(s), ips, etc.)
+2. You want to dispatch something from your scan. Let's say you uncovered a new domain. You want to spawn a new pipeline to check stuff 
+*only* on that particular domain.
+
+### `scans.[ID].on.dispatch.inputs.[KEY]`
+
+Key is a unique identifier for an input. It conforms to constraints related to project variables, but can be accessed from workflow expression
+like `${{ inputs.[KEY] }}`.
+
+### `scans.[ID].on.dispatch.inputs.[KEY].type`
+
+Type of this YAML key is `string`. The value is either `string` or `bool`. By default, it is of type `string`.
+
+### `scans.[ID].on.dispatch.inputs.[KEY].required`
+
+Type of this YAML key is `boolean`. By default, it is `false`. If you specify `required: true`, it would mean that you **MUST** provide the value
+when spawning the job.
+
+### `scans.[ID].on.dispatch.inputs.[KEY].default`
+
+Type of this YAML key is `string`. However, if you specify `type` to be `bool`, valid values are `"true"` or `"false"`. Otherwise, since the only supported
+type is `string`, any string will do. By default, for `bool`, it is `"false"`, and for `string`, it is `""`.
+
 ### `scans.[ID].uploads[]`
 
 Uploads field specifies what files or directories are uploaded to the server when the scan is _successful_. If the scan fails, no files will be uploaded to the server.
 
 Uploads are required if you have any dependencies between scans. Outputs can be downloaded for each successful job. Please do not
 mix up job results with step outputs. Step outputs are logs written to `stdout` and `stderr`, streamed to the server. The main purpose
-of them is to see what was being executed by the job. You cannot depend on the step log, and step logs will expire, while job results will be kept as long as the job record exists.
+of them is to see what was being executed by the job. You cannot depend on the step log, and step logs will expire after 2 weeks, while job results will be kept as long as the job record exists.
 
 If scan contains `uploads`, internal step will be used to zip the content you specified, and calculate the hash of it. That hash will
 be the `nonce` value of job. If output changes, hash should be different, and therefore, output contains the diff.

diff --git a/content/999.announcements/1.all.md b/content/999.announcements/1.all.md
@@ -4,6 +4,29 @@ title: "Announcements"
 
 # Announcements
 
+## Runner version 0.3.0 is released
+
+Along with the [Major back-end release](#major-back-end-release), new runner release is created.
+
+Packages are updated, inputs are well understood, and logs are correctly propagated! 
+
+[Try it out](https://github.com/bountyhub-org/runner/releases/tag/0.3.0)!
+
+## Major back-end release 🔥
+
+After few weeks of hacking of trying out different approaches to scan attack surface, I noticed
+that if scans last too long, logs won't be propagated properly. This is also true if the network
+connectivity is interrupted, causing issues to continue streaming logs to the back-end.
+
+Therefore, entire new way of log streaming has been created. Log lines are now periodically
+propagated from the runner as JSON array, and slowly appended to the logs. This way, it is much
+easier to add retries, cover failure cases, or simply, continue to build up log until back-end
+flushes it to the storage.
+
+Another **HUGE** feature is having dispatch inputs finally available. Now, you should be able to
+define on-demand scans that accept inputs. This feature is intended to be used both from the UI,
+and from the `bh` tool once it is released.
+
 ## Runner version 0.2.2 is released
 
 New runner has been [released](https://github.com/bountyhub-org/runner/releases/tag/0.2.2) 🎉!