Merge pull request DefectDojo#4374 from DefectDojo/release/1.15.0

Release: Merge release into master from: release/1.15.0

Author: Maffooch

.github/workflows/cancel-outdated-workflow-runs.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@0.8.0
+      - uses: styfle/cancel-workflow-action@0.9.0
         with:
           workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml'
           access_token: ${{ github.token }}

.github/workflows/k8s-testing.yml

@@ -120,7 +120,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.3.1
+        uses: manusa/actions-setup-minikube@v2.4.0
         with:
           minikube version: 'v1.14.2'
           kubernetes version: ${{ matrix.k8s }}

.github/workflows/new-release-master-into-dev.yml

@@ -54,7 +54,7 @@ jobs:
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.9.2
+        uses: stefanzweifel/git-auto-commit-action@v4.10.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"
@@ -66,7 +66,7 @@ jobs:
       - name: Create Pull Request
         env:
           REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/new-release-pr.yml

@@ -60,7 +60,7 @@ jobs:
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.9.2
+        uses: stefanzweifel/git-auto-commit-action@v4.10.0
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"
@@ -72,7 +72,7 @@ jobs:
       - name: Create Pull Request
         env:
           REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/new-release-tag-docker.yml

@@ -30,6 +30,22 @@ jobs:
         run: |
           git tag -a ${{ github.event.inputs.release_number }} -m "[bot] release ${{ github.event.inputs.release_number }}"
           git push origin ${{ github.event.inputs.release_number }}
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+      - name: Configure Helm repos
+        run: |
+          helm repo add stable https://charts.helm.sh/stable
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm dependency list ./helm/defectdojo
+          helm dependency update ./helm/defectdojo
+      - name: Package Helm chart
+        id: package-helm-chart
+        run: |
+          mkdir build
+          helm package helm/defectdojo/ --destination ./build
+          echo "::set-output name=chart_version::$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')"
       - name: Create release ${{ github.event.inputs.release_number }}
         id: create_release
         uses: actions/create-release@v1
@@ -42,6 +58,34 @@ jobs:
             Fill in with release drafter information manually for now, then publish.
           draft: true
           prerelease: false
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./build/defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz
+          asset_name: defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz
+          asset_content_type: application/tar+gzip
+      - name: Update Helm repository index
+        id: update-helm-repository-index
+        run: |
+          git config --global user.name "${{ env.GIT_USERNAME }}"
+          git config --global user.email "${{ env.GIT_EMAIL }}"
+          git remote update
+          git fetch --all
+          git checkout helm-charts
+          git pull
+          if [ ! -f ./index.yaml ]; then
+            helm repo index ./build --url "${{ GITHUB_SERVER_URL }}/${{ GITHUB_REPOSITORY }}/releases/download/${{ github.event.inputs.release_number }}/"
+          else
+            helm repo index ./build --url "${{ GITHUB_SERVER_URL }}/${{ GITHUB_REPOSITORY }}/releases/download/${{ github.event.inputs.release_number }}/" --merge ./index.yaml
+          fi
+          cp -f ./build/index.yaml ./index.yaml
+          git add ./index.yaml
+          git commit -m "Update index.yaml"
+          git push -u origin helm-charts
 
 
   job-build-and-push:

.github/workflows/plantuml.yml

@@ -30,7 +30,7 @@ jobs:
         with:
           args: -v -tpng ${{ steps.getfile.outputs.files }}
       - name: Push Local Changes
-        uses: stefanzweifel/git-auto-commit-action@v4.9.2
+        uses: stefanzweifel/git-auto-commit-action@v4.10.0
         with:
           commit_user_name: "PlantUML_bot"
           commit_user_email: "[email protected]"

.gitignore

@@ -76,7 +76,7 @@ dojo/uploads/risk/*
 dojo/uploads/reports/*
 dojo/scans/scan*
 dojo/uploads/threat/*
-dojo/fixtures/initial_surveys.json
+# dojo/fixtures/initial_surveys.json
 .idea
 *.sqlite
 *.db
@@ -130,4 +130,4 @@ docker/extra_settings/*
 helm/defectdojo/charts
 
 # generates files for github pages
-public
+public

Dockerfile.nginx

@@ -65,7 +65,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.19.8-alpine@sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615
+FROM nginx:1.19.10-alpine@sha256:07ab71a2c8e4ecb19a5a5abcfb3a4f175946c001c8af288b1aa766d67b0d05d2
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

KUBERNETES.md

@@ -9,6 +9,26 @@ For development purposes,
 and [Helm](https://helm.sh/) can be installed locally by following
 this [guide](https://helm.sh/docs/using_helm/#installing-helm).
 
+## Helm chart
+Starting with version 1.14.0, a helm chart will be pushed onto the `helm-charts` branch during the release process. Don't look for a chart museum, we're leveraging the "raw" capabilities of GitHub at this time.
+
+To use it, you can add our repo.
+
+```
+$ helm repo add helm-charts 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
+"helm-charts" has been added to your repositories
+
+$ helm repo update
+```
+
+You should now be able to see the chart.
+
+```
+$ helm search repo defectdojo
+NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                      
+helm-charts/defectdojo	    1.5.1        	1.14.0-dev 	A Helm chart for Kubernetes to install DefectDojo
+```
+
 ## Kubernetes Local Quickstart
 
 Requirements:

README.md

@@ -9,7 +9,7 @@
 [DefectDojo](https://www.defectdojo.org/) is a security program and
 vulnerability management tool.
 DefectDojo allows you to manage your application security program, maintain
-product and application information, schedule scans, triage vulnerabilities and
+product and application information, triage vulnerabilities and
 push findings into defect trackers.
 Consolidate your findings into one source of truth with DefectDojo.
 
@@ -41,7 +41,10 @@ For detailed documentation you can visit
 ## Supported Installation Options
 
 * [Docker / Docker Compose](DOCKER.md)
-* [Setup.bash](https://github.com/DefectDojo/django-DefectDojo/blob/master/setup/README.md)(End of Life 31/12/2020)
+* [godojo](https://github.com/DefectDojo/godojo)
+
+** Now EOL'ed **
+* [Setup.bash](https://github.com/DefectDojo/django-DefectDojo/blob/master/setup/README.md)
 
 ## Getting Started
 
@@ -73,8 +76,8 @@ See [Release and branch model](BRANCHING-MODEL.md)
 
 ## Roadmap
 A magical, illusionary, non-existent, YMMV, wannabe, no guarantees list of thing we may or may not be working on:
-- New permission model
-- Push groups of findings to a single JIRA ticket
+- New permission model (underway)
+- Push groups of findings to a single JIRA ticket (experimental now in!)
 - Reimport matching improvements
 
 
@@ -84,6 +87,7 @@ To manage expectations, we call this the wishlist. These are items we want to do
 - New dashboarding / statistics
 - New search engine
 - Adopt a plugin framework to allow plugins for issue trackers, parsers, reports, etc
+- More flexible model
 
 
 ## Support, Bug Reports and Getting Involved