DefectDojo
diff --git a/‎.github/labeler.yml
Lines changed: 5 additions & 0 deletions b/‎.github/labeler.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/release-drafter.yml
Lines changed: 2 additions & 0 deletions b/‎.github/release-drafter.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/build-docker-images-for-testing.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-docker-images-for-testing.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/gh-pages.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/gh-pages.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/k8s-tests.yml
Lines changed: 28 additions & 2 deletions b/‎.github/workflows/k8s-tests.yml
Lines changed: 28 additions & 2 deletions
diff --git a/‎.github/workflows/release-x-manual-docker-containers.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/release-x-manual-docker-containers.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/release-x-manual-helm-chart.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-x-manual-helm-chart.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-helm-chart.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-helm-chart.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/update-sample-data.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/update-sample-data.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎Dockerfile.django-alpine
Lines changed: 3 additions & 3 deletions b/‎Dockerfile.django-alpine
Lines changed: 3 additions & 3 deletions
@@ -60,3 +60,8 @@ localization:
     - any-glob-to-any-file:
       - dojo/locale/*
       - dojo/locale/**/*
+
+lint:
+  - changed-files:
+    - any-glob-to-any-file:
+      - ruff.toml
@@ -41,6 +41,8 @@ categories:
     label: 'ui'
   - title: '🗣 Updates in localization'
     label: 'localization'
+  - title: '🔧 Improved code quality with linters'
+    label: 'lint'
   - title: '🧰 Maintenance'
     collapse-after: 3
     labels:
 
@@ -28,14 +28,14 @@ jobs:
         run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
         with:
           buildkitd-flags: --debug
           driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
 
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0
         timeout-minutes: 10
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
 
@@ -24,7 +24,7 @@ jobs:
           node-version: '22.5.1'
 
       - name: Cache dependencies
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
 
@@ -85,6 +85,7 @@ jobs:
                ./helm/defectdojo \
                --set django.ingress.enabled=true \
                --set imagePullPolicy=Never \
+               --set initializer.keepSeconds="-1" \
                ${{ env[matrix.databases] }} \
                ${{ env[matrix.brokers] }} \
                --set createSecret=true \
@@ -124,10 +125,15 @@ jobs:
              RETRY=0
              while :
                do
+               DJANGO_IP=$(kubectl get svc defectdojo-django -o jsonpath='{.spec.clusterIP}')
                OUT=$(kubectl run  curl --quiet=true --image=curlimages/curl:7.73.0 \
                   --overrides='{ "apiVersion": "v1" }' \
-                  --restart=Never -i --rm -- -s -m 20 -I --header "Host: $DD_HOSTNAME" http://`kubectl get service defectdojo-django -o json \
-                 |  jq -r '.spec.clusterIP'`/login?next=/)
+                  --restart=Never -i --rm -- \
+                    --silent \
+                    --max-time 20 \
+                    --head \
+                    --header "Host: $DD_HOSTNAME" \
+                    http://$DJANGO_IP/login?next=/)
                echo $OUT
                CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2`
                echo $CR
@@ -148,6 +154,26 @@ jobs:
                 break
                fi
              done
+             ADMIN_PASS=$(kubectl get secret/defectdojo -o jsonpath='{.data.DD_ADMIN_PASSWORD}' | base64 -d)
+             echo "Simple API check"
+             DJANGO_IP=$(kubectl get svc defectdojo-django -o jsonpath='{.spec.clusterIP}')
+             CR=$(kubectl run  curl --quiet=true --image=curlimages/curl:7.73.0 \
+               --overrides='{ "apiVersion": "v1" }' \
+               --restart=Never -i --rm -- \
+                 --silent \
+                 --max-time 20 \
+                 --header "Host: $DD_HOSTNAME" \
+                 --data-raw "username=admin&password=$ADMIN_PASS" \
+                 --output /dev/null \
+                 --write-out "%{http_code}\n" \
+                 http://$DJANGO_IP/api/v2/api-token-auth/)
+             echo $CR
+             if [[ $CR -ne 200 ]]; then
+              echo "ERROR: login is not possible; got HTTP code $CR"
+              exit 1
+             else
+              echo "Result received"
+             fi
              echo "Final Check of components"
              errors=`kubectl get pods | grep Error | awk '{print  $1}'`
              if [[ ! -z  $errors ]]; then
 
@@ -47,11 +47,11 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
+        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
 
       - name: Build and push images with debian
         if: ${{ matrix.os  == 'debian' }}
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
           REPO_ORG: ${{ env.repoorg }}
@@ -64,7 +64,7 @@ jobs:
 
       - name: Build and push images with alpine
         if: ${{ matrix.os  == 'alpine' }}
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+        uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
           REPO_ORG: ${{ env.repoorg }}
 
@@ -47,7 +47,7 @@ jobs:
           git config --global user.email "${{ env.GIT_EMAIL }}"
       
       - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
 
       - name: Configure HELM repos
         run: |-
 
@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
 
       - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
 
@@ -16,7 +16,7 @@ jobs:
     steps:
       # Checkout the repository
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.ref_name || 'dev'}}
 
@@ -43,7 +43,7 @@ jobs:
           git push --set-upstream origin $(git rev-parse --abbrev-ref HEAD)
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: "Update sample data"
 
@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.9-alpine3.20@sha256:df44c0c0761ddbd6388f4549cab42d24d64d257c2a960ad5b276bb7dab9639c7 AS base
+FROM python:3.11.9-alpine3.20@sha256:f9ce6fe33d9a5499e35c976df16d24ae80f6ef0a28be5433140236c2ca482686 AS base
 FROM base AS build
 WORKDIR /app
 RUN \
@@ -31,7 +31,7 @@ COPY requirements.txt ./
 # https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096
 RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
 
-FROM base AS django-alpine
+FROM base AS django
 WORKDIR /app
 ARG uid=1001
 ARG gid=1337
@@ -135,5 +135,5 @@ ENV \
   DD_UWSGI_NUM_OF_THREADS="2"
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]
 
-FROM django-alpine AS django-unittests
+FROM django AS django-unittests
 COPY unittests/ ./unittests/