Merge pull request #12188 from DefectDojo/master-into-bugfix/2.45.0-2.46.0-dev

Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev

Author: Maffooch

.github/CODEOWNERS

@@ -7,11 +7,13 @@ Dockerfile.* @mtesauro @Maffooch
 docker-compose.* @mtesauro @Maffooch 
 /docker/ @mtesauro @Maffooch 
 # Documentation changes 
-/docs/ @paulOsinski @valentijnscholten @Maffooch
+/docs/content/ @paulOsinski @valentijnscholten @Maffooch
 # Kubernetes should be reviewed by reviewed first by those that know it
-/helm/ @cneill @kiblik
+/helm/ @cneill @kiblik @Maffooch
 # Anything UI related needs to be checked out by those with the eye for it
 /dojo/static/ @blakeaowens @Maffooch
 /dojo/templates/ @blakeaowens @Maffooch
 # Any model changes should be closely looked at
-/dojo/models.py @Maffooch
+/dojo/models.py @Maffooch
+# All other code changes should be reviewed by someone
+* @Maffooch @mtesauro

.github/pr-reminder.py

@@ -19,6 +19,7 @@
     "dogboat": "sean@defectdojo.com",
     "cneill": "charles@defectdojo.com",
     "hblankenship": "harold@defectdojo.com",
+    "valentijnscholten": "valentijn@defectdojo.com",
 }
 
 

.github/workflows/build-docker-images-for-testing.yml

@@ -4,34 +4,38 @@ on:
   # inspired by https://github.com/orgs/community/discussions/26801 we take the runs-on as parameter so we can run arm64 on native hardwarde
   workflow_dispatch:
     inputs:
-        runner:
+        platform:
           type: string
-          default: "ubuntu-latest"
+          default: "linux/amd64"
   workflow_call:
     inputs:
-        runner:
+        platform:
           type: string
-          default: "ubuntu-latest"
+          default: "linux/amd64"
 
 jobs:
   build:
     name: Build Docker Images
-    runs-on: ${{ inputs.runner }}
+    runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
     strategy:
       matrix:
-        # integration tests are only build (and run) on debian x64
+        # integration tests are only build (and run) on debian linux/amd64
         docker-image: [django, nginx, integration-tests]
         os: [alpine, debian]
-        runner: ["${{ inputs.runner }}"]
+        platform: ["${{ inputs.platform }}"]
         exclude:
             - docker-image: integration-tests
               os: alpine
             - docker-image: integration-tests
-              runner: ubuntu-24.04-arm
+              platform: linux/arm64
 
     steps:
-      - name: Show Platform
-        run: echo Runner value for this run = ${{ inputs.runner }}
+      # Replace slashes so we can use this in filenames
+      - name: Set-platform
+        run: |
+          platform=${{ inputs.platform }}
+          echo "PLATFORM=${platform//\//-}" >> $GITHUB_ENV
+          echo $GITHUB_ENV
 
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -56,13 +60,13 @@ jobs:
           push: false
           tags: defectdojo/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }},${{ env.IMAGE_REPOSITORY }}/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }}
           file: Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
-          outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}_img
+          outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img
 
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 15
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}
-          path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ inputs.runner }}_img
+          name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}
+          path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img
           retention-days: 1

.github/workflows/fetch-oas.yml

@@ -51,7 +51,7 @@ jobs:
         run: docker compose down
 
       - name: Upload oas.${{ matrix.file-type }} as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: oas-${{ matrix.file-type }}
           path: oas.${{ matrix.file-type }}

.github/workflows/gh-pages.yml

@@ -19,12 +19,12 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
         with:
-          node-version: '22.5.1'
+          node-version: '22.14.0'
 
       - name: Cache dependencies
-        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

.github/workflows/integration-tests.yml

@@ -45,7 +45,7 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*
@@ -54,9 +54,9 @@ jobs:
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/django-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/integration-tests-debian-ubuntu-latest_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/integration-tests-debian-linux-amd64_img
              docker images
 
       - name: Set integration-test mode

.github/workflows/k8s-tests.yml

@@ -48,7 +48,7 @@ jobs:
           minikube status
 
       - name: Load images from artifacts
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*
@@ -58,8 +58,8 @@ jobs:
         timeout-minutes: 15
         run: |-
              eval $(minikube docker-env)
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-ubuntu-latest_img
-             docker load -i built-docker-image/django-${{ matrix.os }}-ubuntu-latest_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
              docker images
 
       - name: Configure HELM repos
@@ -75,7 +75,7 @@ jobs:
               echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV
 
       - name: Deploying Django application with ${{ matrix.databases }} ${{ matrix.brokers }}
-        timeout-minutes: 15 
+        timeout-minutes: 15
         run: |-
              helm install \
                --timeout 800s \

.github/workflows/release-1-create-pr.yml

@@ -19,36 +19,38 @@ jobs:
   create_pr:
     runs-on: ubuntu-latest
     steps:
-     
+      - id: Set-GitHub-org
+        run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
+
       - name: Checkout from_branch branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.from_branch }}
-     
+
       - name: Create release branch
         if: ${{ !startsWith(github.event.inputs.from_branch, 'release/') }}
         run: |
           echo "NEW_BRANCH=release/${{ github.event.inputs.release_number }}" >> $GITHUB_ENV
-     
+
       - name: Use existing release branch
         if: startsWith(github.event.inputs.from_branch, 'release/')
         run: |
           echo "NEW_BRANCH=${{ github.event.inputs.from_branch }}" >> $GITHUB_ENV
-     
+
       - name: Configure git
         run: |
           git config --global user.name "${{ env.GIT_USERNAME }}"
           git config --global user.email "${{ env.GIT_EMAIL }}"
-     
+
       - name: Push branch
         if: "!startsWith('${{ github.event.inputs.from_branch }}', 'release/')"
         run: git push origin HEAD:${NEW_BRANCH}
-     
+
       - name: Checkout release branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ env.NEW_BRANCH }}
-     
+
       - name: Update version numbers in key files
         run: |
           sed -ri 's/__version__ = ".*"/__version__ = "${{ github.event.inputs.release_number }}"/' dojo/__init__.py
@@ -82,18 +84,14 @@ jobs:
           commit_author: "${{ env.GIT_USERNAME }} <${{ env.GIT_EMAIL }}>"
           commit_message: "Update versions in application files"
           branch: ${{ env.NEW_BRANCH }}
-      - id: set-repo-org
-        run: echo "repoorg=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV
-     
+
       - name: Create Pull Request
-        env:
-          REPO_ORG: ${{ env.repoorg }}
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             github.rest.pulls.create({
-              owner: '${{ env.REPO_ORG }}',
+              owner: '${{ env.GITHUB_ORG }}',
               repo: 'django-DefectDojo',
               title: 'Release: Merge release into master from: ${{ env.NEW_BRANCH }}',
               body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``,

.github/workflows/release-2-tag-docker-push.yml

@@ -40,15 +40,27 @@ jobs:
       release_number: ${{ github.event.inputs.release_number }}
     secrets: inherit
 
-  release-docker-containers:
+  publish-docker-containers:
+    strategy:
+        matrix:
+          platform: ['linux/amd64', 'linux/arm64']
+        fail-fast: false
     needs: tag
     uses: ./.github/workflows/release-x-manual-docker-containers.yml
     with:
       release_number: ${{ github.event.inputs.release_number }}
+      platform: ${{ matrix.platform }}
+    secrets: inherit
+
+  publish-container-digests:
+    needs: publish-docker-containers
+    uses: ./.github/workflows/release-x-manual-merge-container-digests.yml
+    with:
+        release_number: ${{ github.event.inputs.release_number }}
     secrets: inherit
 
   release-drafter:
-    needs: release-docker-containers
+    needs: publish-container-digests
     uses: ./.github/workflows/release-drafter.yml
     with:
       version: ${{ github.event.inputs.release_number }}