DefectDojo
diff --git a/‎.github/workflows/build-docker-images-for-testing.yml
Lines changed: 18 additions & 14 deletions b/‎.github/workflows/build-docker-images-for-testing.yml
Lines changed: 18 additions & 14 deletions
diff --git a/‎.github/workflows/fetch-oas.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/fetch-oas.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/gh-pages.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/gh-pages.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/integration-tests.yml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/integration-tests.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/k8s-tests.yml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/k8s-tests.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/release-1-create-pr.yml
Lines changed: 11 additions & 13 deletions b/‎.github/workflows/release-1-create-pr.yml
Lines changed: 11 additions & 13 deletions
diff --git a/‎.github/workflows/release-2-tag-docker-push.yml
Lines changed: 14 additions & 2 deletions b/‎.github/workflows/release-2-tag-docker-push.yml
Lines changed: 14 additions & 2 deletions
diff --git a/‎.github/workflows/release-3-master-into-dev.yml
Lines changed: 24 additions & 27 deletions b/‎.github/workflows/release-3-master-into-dev.yml
Lines changed: 24 additions & 27 deletions
diff --git a/‎.github/workflows/release-drafter.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-drafter.yml
Lines changed: 1 addition & 1 deletion
@@ -4,34 +4,38 @@ on:
   # inspired by https://github.com/orgs/community/discussions/26801 we take the runs-on as parameter so we can run arm64 on native hardwarde
   workflow_dispatch:
     inputs:
-        runner:
+        platform:
           type: string
-          default: "ubuntu-latest"
+          default: "linux/amd64"
   workflow_call:
     inputs:
-        runner:
+        platform:
           type: string
-          default: "ubuntu-latest"
+          default: "linux/amd64"
 
 jobs:
   build:
     name: Build Docker Images
-    runs-on: ${{ inputs.runner }}
+    runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
     strategy:
       matrix:
-        # integration tests are only build (and run) on debian x64
+        # integration tests are only build (and run) on debian linux/amd64
         docker-image: [django, nginx, integration-tests]
         os: [alpine, debian]
-        runner: ["${{ inputs.runner }}"]
+        platform: ["${{ inputs.platform }}"]
         exclude:
             - docker-image: integration-tests
               os: alpine
             - docker-image: integration-tests
-              runner: ubuntu-24.04-arm
+              platform: linux/arm64
 
     steps:
-      - name: Show Platform
-        run: echo Runner value for this run = ${{ inputs.runner }}
+      # Replace slashes so we can use this in filenames
+      - name: Set-platform
+        run: |
+          platform=${{ inputs.platform }}
+          echo "PLATFORM=${platform//\//-}" >> $GITHUB_ENV
+          echo $GITHUB_ENV
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -56,13 +60,13 @@ jobs:
           push: false
           tags: defectdojo/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }},${{ env.IMAGE_REPOSITORY }}/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }}
           file: Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
-          outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}_img
+          outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img
 
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 15
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}
-          path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}_img
+          name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}
+          path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img
           retention-days: 1
@@ -51,7 +51,7 @@ jobs:
         run: docker compose down
 
       - name: Upload oas.${{ matrix.file-type }} as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: oas-${{ matrix.file-type }}
           path: oas.${{ matrix.file-type }}
 
@@ -19,12 +19,12 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
-          node-version: '22.5.1'
+          node-version: '22.14.0'
 
       - name: Cache dependencies
-        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
 
@@ -45,7 +45,7 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*
@@ -54,9 +54,9 @@ jobs:
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/django-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/integration-tests-debian-ubuntu-latest_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/integration-tests-debian-linux-amd64_img
              docker images
 
       - name: Set integration-test mode
 
@@ -48,7 +48,7 @@ jobs:
           minikube status
 
       - name: Load images from artifacts
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*
@@ -58,8 +58,8 @@ jobs:
         timeout-minutes: 15
         run: |-
              eval $(minikube docker-env)
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/django-${{ matrix.os }}-ubuntu-latest_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
              docker images
 
       - name: Configure HELM repos
@@ -75,7 +75,7 @@ jobs:
               echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV
 
       - name: Deploying Django application with ${{ matrix.databases }} ${{ matrix.brokers }}
-        timeout-minutes: 15 
+        timeout-minutes: 15
         run: |-
              helm install \
                --timeout 800s \
 
@@ -19,36 +19,38 @@ jobs:
   create_pr:
     runs-on: ubuntu-latest
     steps:
-     
+      - id: Set-GitHub-org
+        run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
+
       - name: Checkout from_branch branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.from_branch }}
-     
+
       - name: Create release branch
         if: ${{ !startsWith(github.event.inputs.from_branch, 'release/') }}
         run: |
           echo "NEW_BRANCH=release/${{ github.event.inputs.release_number }}" >> $GITHUB_ENV
-     
+
       - name: Use existing release branch
         if: startsWith(github.event.inputs.from_branch, 'release/')
         run: |
           echo "NEW_BRANCH=${{ github.event.inputs.from_branch }}" >> $GITHUB_ENV
-     
+
       - name: Configure git
         run: |
           git config --global user.name "${{ env.GIT_USERNAME }}"
           git config --global user.email "${{ env.GIT_EMAIL }}"
-     
+
       - name: Push branch
         if: "!startsWith('${{ github.event.inputs.from_branch }}', 'release/')"
         run: git push origin HEAD:${NEW_BRANCH}
-     
+
       - name: Checkout release branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ env.NEW_BRANCH }}
-     
+
       - name: Update version numbers in key files
         run: |
           sed -ri 's/__version__ = ".*"/__version__ = "${{ github.event.inputs.release_number }}"/' dojo/__init__.py
@@ -82,18 +84,14 @@ jobs:
           commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>"
           commit_message: "Update versions in application files"
           branch: ${{ env.NEW_BRANCH }}
-      - id: set-repo-org
-        run: echo "repoorg=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
-     
+
       - name: Create Pull Request
-        env:
-          REPO_ORG: ${{ env.repoorg }}
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.rest.pulls.create({
-              owner: '${{ env.REPO_ORG }}',
+              owner: '${{ env.GITHUB_ORG }}',
               repo: 'django-DefectDojo',
               title: 'Release: Merge release into master from: ${{ env.NEW_BRANCH }}',
               body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``,
 
@@ -40,15 +40,27 @@ jobs:
       release_number: ${{ github.event.inputs.release_number }}
     secrets: inherit
 
-  release-docker-containers:
+  publish-docker-containers:
+    strategy:
+        matrix:
+          platform: ['linux/amd64', 'linux/arm64']
+        fail-fast: false
     needs: tag
     uses: ./.github/workflows/release-x-manual-docker-containers.yml
     with:
       release_number: ${{ github.event.inputs.release_number }}
+      platform: ${{ matrix.platform }}
+    secrets: inherit
+
+  publish-container-digests:
+    needs: publish-docker-containers
+    uses: ./.github/workflows/release-x-manual-merge-container-digests.yml
+    with:
+        release_number: ${{ github.event.inputs.release_number }}
     secrets: inherit
 
   release-drafter:
-    needs: release-docker-containers
+    needs: publish-container-digests
     uses: ./.github/workflows/release-drafter.yml
     with:
       version: ${{ github.event.inputs.release_number }}
 
@@ -19,37 +19,39 @@ jobs:
   create_pr_for_merge_back_into_dev:
     runs-on: ubuntu-latest
     steps:
-      
+      - id: Set-GitHub-org
+        run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
+
       - name: Checkout master
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: master
-      
+
       - name: Create merge back branch
         run: |
           echo "NEW_BRANCH=master-into-dev/${{ github.event.inputs.release_number_new }}-${{ github.event.inputs.release_number_dev }}" >> $GITHUB_ENV
-      
+
       - name: Configure git
         run: |
           git config --global user.name "${{ env.GIT_USERNAME }}"
           git config --global user.email "${{ env.GIT_EMAIL }}"
-      
+
       - name: Push new branch
         run: git push origin HEAD:${NEW_BRANCH}
-      
+
       - name: Checkout new branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ env.NEW_BRANCH }}
-      
+
       - name: Update version numbers in key files
         run: |
           sed -ri 's/__version__ = ".*"/__version__ = "${{ github.event.inputs.release_number_dev }}"/' dojo/__init__.py
           sed -ri 's/"version": ".*"/"version": "${{ github.event.inputs.release_number_dev }}"/' components/package.json
           sed -ri 's/appVersion: ".*"/appVersion: "${{ github.event.inputs.release_number_dev }}"/' helm/defectdojo/Chart.yaml
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
-      
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
@@ -80,64 +82,63 @@ jobs:
           commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>"
           commit_message: "Update versions in application files"
           branch: ${{ env.NEW_BRANCH }}
-      - id: set-repo-org
-        run: echo "repoorg=${GITHUB_REPOSITORY%%/*}"  >> $GITHUB_ENV
-      
+
       - name: Create Pull Request
-        env:
-          REPO_ORG: ${{ env.repoorg }}
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.rest.pulls.create({
-              owner: '${{ env.REPO_ORG }}',
+              owner: '${{ env.GITHUB_ORG }}',
               repo: 'django-DefectDojo',
               title: 'Release: Merge back ${{ github.event.inputs.release_number_new }} into dev from: ${{ env.NEW_BRANCH }}',
               body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``,
               head: '${{ env.NEW_BRANCH }}',
               base: 'dev'
             })
+
   create_pr_for_merge_back_into_bugfix:
     runs-on: ubuntu-latest
     steps:
-      
+      - id: Set-GitHub-org
+        run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
+
       - name: Checkout master
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: master
-      
+
       - name: Create merge back branch
         run: |
           echo "NEW_BRANCH=master-into-bugfix/${{ github.event.inputs.release_number_new }}-${{ github.event.inputs.release_number_dev }}" >> $GITHUB_ENV
-      
+
       - name: Configure git
         run: |
           git config --global user.name "${{ env.GIT_USERNAME }}"
           git config --global user.email "${{ env.GIT_EMAIL }}"
-      
+
       - name: Push new branch
         run: git push origin HEAD:${NEW_BRANCH}
-      
+
       - name: Checkout new branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ env.NEW_BRANCH }}
-      
+
       - name: Update version numbers in key files
         run: |
           sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number_dev }}'/" dojo/__init__.py
           sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number_dev }}\"/" helm/defectdojo/Chart.yaml
           sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number_dev }}\"/" components/package.json
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
-      
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
-      
+
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
         with:
@@ -146,18 +147,14 @@ jobs:
           commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>"
           commit_message: "Update versions in application files"
           branch: ${{ env.NEW_BRANCH }}
-      - id: set-repo-org
-        run: echo "repoorg=${GITHUB_REPOSITORY%%/*}"  >> $GITHUB_ENV
-      
+
       - name: Create Pull Request
-        env:
-          REPO_ORG: ${{ env.repoorg }}
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.rest.pulls.create({
-              owner: '${{ env.REPO_ORG }}',
+              owner: '${{ env.GITHUB_ORG }}',
               repo: 'django-DefectDojo',
               title: 'Release: Merge back ${{ github.event.inputs.release_number_new }} into bugfix from: ${{ env.NEW_BRANCH }}',
               body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``,
 
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Load OAS files from artifacts
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           pattern: oas-*