DefectDojo
diff --git a/‎.github/pull_request_template.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/pull_request_template.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/close-stale.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/close-stale.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/gh-pages.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/gh-pages.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/k8s-tests.yml‎
Lines changed: 10 additions & 10 deletions b/‎.github/workflows/k8s-tests.yml‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎.github/workflows/pr-labeler.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pr-labeler.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release-1-create-pr.yml‎
Lines changed: 6 additions & 1 deletion b/‎.github/workflows/release-1-create-pr.yml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎.github/workflows/release-3-master-into-dev.yml‎
Lines changed: 12 additions & 2 deletions b/‎.github/workflows/release-3-master-into-dev.yml‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎.github/workflows/release-x-manual-helm-chart.yml‎
Lines changed: 2 additions & 3 deletions b/‎.github/workflows/release-x-manual-helm-chart.yml‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎.github/workflows/test-helm-chart.yml‎
Lines changed: 74 additions & 3 deletions b/‎.github/workflows/test-helm-chart.yml‎
Lines changed: 74 additions & 3 deletions
diff --git a/‎.github/workflows/validate_docs_build.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/validate_docs_build.yml‎
Lines changed: 1 addition & 1 deletion
@@ -26,7 +26,7 @@ This checklist is for your information.
 - [ ] Bugfixes should be submitted against the `bugfix` branch.
 - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
 - [ ] Your code is flake8 compliant.
-- [ ] Your code is python 3.11 compliant.
+- [ ] Your code is python 3.12 compliant.
 - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
 - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.
 - [ ] Add applicable tests to the unit tests.
 
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close stale issues and PRs
-        uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1
 
@@ -19,7 +19,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: '22.19.0'
 
 
@@ -108,17 +108,17 @@ jobs:
                  echo "INFO: status:"
                  kubectl get pods
                  echo "INFO: logs:"
-                 kubectl logs  --selector=$3 --all-containers=true
+                 kubectl logs --selector=$3 --all-containers=true
                  exit 1
                fi
                return ${?}
              }
              echo "Waiting for init job..."
-             to_complete  "condition=Complete" job "defectdojo.org/component=initializer"
+             to_complete "condition=Complete" job "defectdojo.org/component=initializer"
              echo "Waiting for celery pods..."
-             to_complete  "condition=ready" pod "defectdojo.org/component=celery"
+             to_complete "condition=ready" pod "defectdojo.org/component=celery"
              echo "Waiting for django pod..."
-             to_complete  "condition=ready" pod "defectdojo.org/component=django"
+             to_complete "condition=ready" pod "defectdojo.org/component=django"
              echo "Pods up and ready to rumbole"
              kubectl get pods
              RETRY=0
@@ -132,15 +132,15 @@ jobs:
                     --max-time 20 \
                     --head \
                     --header "Host: $DD_HOSTNAME" \
-                    http://$DJANGO_IP/login?next=/)
+                    "http://${DJANGO_IP}/login?next=/")
                echo $OUT
-               CR=`echo $OUT | egrep "^HTTP" | cut -d' ' -f2`
+               CR=$(echo $OUT | egrep "^HTTP" | cut -d' ' -f2)
                echo $CR
                if [[ $CR -ne 200 ]]; then
                   echo $RETRY
                   if [[ $RETRY -gt 2 ]]; then
                     kubectl get pods
-                    echo `kubectl logs --tail=30 -l defectdojo.org/component=django -c uwsgi`
+                    echo $(kubectl logs --tail=30 -l defectdojo.org/component=django -c uwsgi)
                     echo "ERROR: cannot display login screen; got HTTP code $CR"
                     exit 1
                   else
@@ -165,7 +165,7 @@ jobs:
                  --data-raw "username=admin&password=$ADMIN_PASS" \
                  --output /dev/null \
                  --write-out "%{http_code}\n" \
-                 http://$DJANGO_IP/api/v2/api-token-auth/)
+                 "http://${DJANGO_IP}/api/v2/api-token-auth/")
              echo $CR
              if [[ $CR -ne 200 ]]; then
               echo "ERROR: login is not possible; got HTTP code $CR"
@@ -174,8 +174,8 @@ jobs:
               echo "Result received"
              fi
              echo "Final Check of components"
-             errors=`kubectl get pods | grep Error | awk '{print  $1}'`
-             if [[ ! -z  $errors ]]; then
+             errors=$(kubectl get pods | grep Error | awk '{print $1}')
+             if [[ ! -z $errors ]]; then
                echo "Few pods with errors"
                for line in $errors; do
                  echo "Dumping log from $line"
 
@@ -15,7 +15,7 @@ jobs:
     name: "Autolabeler"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           sync-labels: true
@@ -87,6 +87,11 @@ jobs:
           grep -H appVersion helm/defectdojo/Chart.yaml
           grep -H version helm/defectdojo/Chart.yaml
 
+      - name: Run helm-docs
+        uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2
+        with:
+          chart-search-root: "helm/defectdojo"
+
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
         with:
@@ -97,7 +102,7 @@ jobs:
           branch: ${{ env.NEW_BRANCH }}
 
       - name: Create Pull Request
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
 
@@ -74,6 +74,11 @@ jobs:
           git add docs/content/en/open_source/upgrading/$minorv.md
         if: endsWith(inputs.release_number_new, '.0') && endsWith(inputs.release_number_dev, '.0-dev')
 
+      - name: Run helm-docs
+        uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2
+        with:
+          chart-search-root: "helm/defectdojo"
+
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
         with:
@@ -84,7 +89,7 @@ jobs:
           branch: ${{ env.NEW_BRANCH }}
 
       - name: Create Pull Request
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -139,6 +144,11 @@ jobs:
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
 
+      - name: Run helm-docs
+        uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2
+        with:
+          chart-search-root: "helm/defectdojo"
+
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
         with:
@@ -149,7 +159,7 @@ jobs:
           branch: ${{ env.NEW_BRANCH }}
 
       - name: Create Pull Request
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
 
@@ -66,12 +66,11 @@ jobs:
 
       - name: Configure HELM repos
         run: |-
-             helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 
       - name: Add yq
-        uses: mikefarah/yq@f03c9dc599c37bfcaf533427211d05e51e6fee64 # v4.47.1
+        uses: mikefarah/yq@6251e95af8df3505def48c71f3119836701495d6 # v4.47.2
 
       - name: Pin version docker version
         id: pin_image
@@ -88,7 +87,7 @@ jobs:
           echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV
 
       - name: Create release ${{ inputs.release_number }}
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
+        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
         with:
           name: '${{ inputs.release_number }} 🌈'
           tag_name: ${{ inputs.release_number }}
 
@@ -10,7 +10,7 @@ on:
 
 jobs:
   lint:
-    name: Lint chart
+    name: Lint chart (version)
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -22,13 +22,12 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
 
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: 3.13
 
       - name: Configure Helm repos
         run: |-
-             helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 
@@ -73,3 +72,75 @@ jobs:
       # - name: Run chart-testing (install)
       #   run: ct install --config ct.yaml --target-branch ${{ env.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900'
       #  if: env.changed == 'true'
+
+  docs_generation:
+    name: Update documentation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      
+      # Documentation provided in the README file needs to contain the latest information from `values.yaml` and all other related assets.
+      # If this step fails, install https://github.com/norwoodj/helm-docs and run locally `helm-docs --chart-search-root helm/defectdojo` before committing your changes.
+      # The helm-docs documentation will be generated for you.
+      - name: Run helm-docs
+        uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2
+        with:
+          fail-on-diff: true
+          chart-search-root: "helm/defectdojo"
+
+  generate_schema:
+    name: Update schema
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      # The HELM structure supports the existence of a `values.schema.json` file. This file is used to validate all values provided by the user before Helm starts rendering templates.
+      # The chart needs to have a `values.schema.json` file that is compatible with the default `values.yaml` file.
+      # If this step fails, install https://github.com/losisin/helm-values-schema-json and run locally `helm schema --use-helm-docs` in `helm/defectdojo` before committing your changes.
+      # The helm schema will be generated for you.
+      - name: Generate values schema json
+        uses: losisin/helm-values-schema-json-action@d5847286fa04322702c4f8d45031974798c83ac7 # v2.3.0
+        with:
+          fail-on-diff: true
+          working-directory: "helm/defectdojo"
+          useHelmDocs: true
+          values: values.yaml
+
+  lint_format:
+    name: Lint chart (format)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
+
+      - name: Configure Helm repos
+        run: |-
+             helm dependency list ./helm/defectdojo
+             helm dependency update ./helm/defectdojo
+
+      - name: Lint
+        run: |-
+          helm lint ./helm/defectdojo --strict
+
+  artifacthub_linter:
+    name: Artifacthub Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Run ah lint
+        working-directory: ./helm/defectdojo
+        run: |-
+          docker run --rm \
+            -v ${{ github.workspace }}/helm/defectdojo:/workspace \
+            -w /workspace \
+            artifacthub/ah:v1.21.0@sha256:511818fa90ce87d7132c6214e51ea6dd62eea030f5d2271ce073f948b3060972 \
+              ah lint
@@ -16,7 +16,7 @@ jobs:
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: '22.19.0'