Merge branch 'dev' into feat/improve-helm-chart

Author: fernandezcuesta

.github/workflows/build-docker-images-for-testing.yml

@@ -24,6 +24,8 @@ jobs:
         os: [alpine, debian]
         platform: ["${{ inputs.platform }}"]
         exclude:
+            - docker-image: nginx
+              os: debian
             - docker-image: integration-tests
               os: alpine
             - docker-image: integration-tests

.github/workflows/integration-tests.yml

@@ -61,7 +61,7 @@ jobs:
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/nginx-alpine-linux-amd64_img
              docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
              docker load -i built-docker-image/integration-tests-debian-linux-amd64_img
              docker images
@@ -73,14 +73,14 @@ jobs:
         run: docker compose up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi redis
         env:
           DJANGO_VERSION: ${{ matrix.os }}
-          NGINX_VERSION: ${{ matrix.os }}
+          NGINX_VERSION: alpine
 
       - name: Initialize
         timeout-minutes: 10
         run: docker compose up --no-deps --exit-code-from initializer initializer
         env:
           DJANGO_VERSION: ${{ matrix.os }}
-          NGINX_VERSION: ${{ matrix.os }}
+          NGINX_VERSION: alpine
 
       - name: Integration tests
         timeout-minutes: 10

.github/workflows/k8s-tests.yml

@@ -27,7 +27,7 @@ jobs:
           # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
           - databases: pgsql
             brokers: redis
-            k8s: 'v1.30.3'
+            k8s: 'v1.33.4'
             os: debian
     steps:
       - name: Checkout
@@ -57,8 +57,10 @@ jobs:
         timeout-minutes: 15
         run: |-
              eval $(minikube docker-env)
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-linux-amd64_img
+             docker load -i built-docker-image/nginx-alpine-linux-amd64_img
              docker load -i built-docker-image/django-${{ matrix.os }}-linux-amd64_img
+             docker tag defectdojo/defectdojo-nginx:alpine defectdojo/defectdojo-nginx:latest
+             docker tag defectdojo/defectdojo-django:${{ matrix.os }} defectdojo/defectdojo-django:latest
              docker images
 
       - name: Configure HELM repos
@@ -87,8 +89,7 @@ jobs:
                --set initializer.keepSeconds="-1" \
                ${{ env[matrix.databases] }} \
                ${{ env[matrix.brokers] }} \
-               --set createSecret=true \
-               --set tag=${{ matrix.os }}
+               --set createSecret=true
 
       - name: Check deployment status
         if: always()

.github/workflows/release-x-manual-docker-containers.yml

@@ -36,6 +36,9 @@ jobs:
       matrix:
           docker-image: [django, nginx]
           os: [alpine, debian]
+          exclude:
+              - docker-image: nginx
+                os: debian
     steps:
       # Replace slashes so we can use this in filenames
       - name: Set-platform

.github/workflows/release-x-manual-helm-chart.yml

@@ -62,7 +62,7 @@ jobs:
           git config --global user.email "${{ env.GIT_EMAIL }}"
 
       - name: Set up Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
 
       - name: Configure HELM repos
         run: |-

.github/workflows/release-x-manual-merge-container-digests.yml

@@ -31,7 +31,9 @@ jobs:
         matrix:
             docker-image: [django, nginx]
             os: [alpine, debian]
-
+            exclude:
+                - docker-image: nginx
+                  os: debian
     steps:
       # deduce docker org name from git repo to make the build also work in forks
     - id: Set-docker-org
@@ -69,14 +71,14 @@ jobs:
 
       # debian images are the default / official ones, so these get the os-less tag
     - name: Tag Debian with os-less tags
-      if: ${{ matrix.os  == 'debian' }}
+      if: ${{ (matrix.docker-image == 'django' && matrix.os == 'debian') || (matrix.docker-image == 'nginx' && matrix.os == 'alpine') }}
       working-directory: ${{ runner.temp }}/digests
       run: |
         set -x
         docker buildx imagetools create -t "${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }}" ${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }}-${{ matrix.os }}
 
       # just for logging
     - name: Inspect default images
-      if: ${{ matrix.os  == 'debian' }}
+      if: ${{ (matrix.docker-image == 'django' && matrix.os == 'debian') || (matrix.docker-image == 'nginx' && matrix.os == 'alpine') }}
       run: |
           docker buildx imagetools inspect ${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }}

.github/workflows/release-x-manual-tag-as-latest.yml

@@ -45,8 +45,7 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
-      # debian images are the default / official ones, and these were already tagged, so these get the latest tag
-    - name: Tag Debian with latest tags
+    - name: Tag with latest tags
       run: |
         set -x
         docker buildx imagetools create -t "${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:latest" ${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}:${{ inputs.release_number }}

.github/workflows/rest-framework-tests.yml

@@ -40,7 +40,6 @@ jobs:
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i built-docker-image/nginx-${{ matrix.os }}-${{ env.PLATFORM }}_img
              docker load -i built-docker-image/django-${{ matrix.os }}-${{ env.PLATFORM }}_img
              docker images
 

.github/workflows/test-helm-chart.yml

@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
 
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:

Dockerfile.django-alpine

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.11-alpine3.21@sha256:9af3561825050da182afc74b106388af570b99c500a69c8216263aa245a2001b AS base
+FROM python:3.11.13-alpine3.22@sha256:8d8c6d3808243160605925c2a7ab2dc5c72d0e75651699b0639143613e0855b8 AS base
 FROM base AS build
 WORKDIR /app
 RUN \