[feature/BLAZ-1548] to dev

.dockerignore

@@ -0,0 +1,14 @@
+venv
+build
+dist
+deployment
+test-reports
+**/tests
+.semgrep
+.idea
+.github
+.eggs
+.pre-commit-config.yaml
+*.egg-info/
+**/*.zip
+**/*.7z

.github/actions/install-startleft/action.yml

@@ -14,31 +14,19 @@ runs:
         with:
           python-version: ${{ inputs.python-version }}
 
-      - name: Update pip version to 23.0.1
-        run: python -m pip install --use-pep517 --upgrade pip==23.0.1
+      - name: Ensure pip is up-to-date
+        run: python -m ensurepip --upgrade
         shell: bash
 
-      - name: Set setuptools to v70 for compatibility with setuptools-scm
-        run: python -m pip install setuptools==70.3.0
+      - name: Upgrade setuptools for compatibility with setuptools-scm
+        run: python -m pip install --upgrade setuptools
         shell: bash
 
       - name: Setup Graphviz
         uses: ts-graphviz/setup-graphviz@55fcdfa9328aed658432c22011bec2873cd8e69f # Securely point to hash commit for v1
 
-      - name: Configure Graphviz in Windows
-        if: runner.os == 'Windows'
-        shell: bash
-        run: |
-          pip install --global-option=build_ext --global-option="-IC:\Program files\Graphviz\include" --global-option="-LC:\Program files\Graphviz\lib" pygraphviz==1.10
-          echo "C:\Program Files\Graphviz\bin" >> $GITHUB_PATH
-
       - name: Install dependencies
-        run: pip install . && pip install -e ".[setup,test]"
+        run:  python -m pip install . && python -m pip install -e ".[setup,test]"
         shell: bash
 
-        # This step MUST be after the general installation of StartLeft
-      - name: Install libmagic in Windows
-        if: runner.os == 'Windows'
-        run: pip install python-magic-bin
-        shell: bash
 

.github/workflows/qa.yml

@@ -20,8 +20,8 @@ jobs:
     name: StartLeft Tests
     strategy:
       matrix:
-        os: [ ubuntu-latest, windows-latest ]
-        python-version: [ "3.9", "3.10", "3.11" ]
+        os: [ ubuntu-latest ]
+        python-version: [ "3.10", "3.11", "3.12"]
     uses: ./.github/workflows/test.yml
     with:
       os: ${{ matrix.os }}

deployment/Dockerfile.application

@@ -1,31 +1,25 @@
-FROM python:3.11-alpine AS startleft-base
+FROM python:3.12-alpine3.21 AS startleft-base
 
-WORKDIR /usr/src/app
-
-RUN apk update && \
-    apk upgrade && \
-    apk add --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/main --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/community \
-                g++~=13.2 gcc~=13.2 gfortran~=13.2 libgcc~=13.2 libstdc++~=13.2 && \
-    apk --no-cache add geos geos-dev git graphviz-dev lapack lapack-dev libmagic musl-dev py3-pybind11-dev re2 re2-dev
+WORKDIR /app
 
 COPY . .
 
-RUN pip install --upgrade pip && pip install .
+RUN apk -U upgrade && \
+    apk add --no-cache cblas geos git lapack libmagic py3-pygraphviz py3-re2 py3-shapely re2 && \
+    cp -R /usr/lib/python3.12/site-packages /usr/local/lib/python3.12/ && \
+    pip install --upgrade pip && pip install .
 
 
-FROM python:3.11-alpine
+FROM python:3.12-alpine3.21
 
-WORKDIR /app
-
-RUN apk update && \
-    apk upgrade && \
-    apk --no-cache add cblas geos graphviz-dev lapack libmagic re2 && \
+RUN apk -U upgrade && \
+    apk add --no-cache libmagic py3-pygraphviz py3-re2 py3-shapely && \
     adduser --disabled-password  --no-create-home startleft && \
-    rm -rf /usr/local/lib/python3.11/site-packages
-
-COPY --from=startleft-base /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+    rm -Rf /usr/local/lib/python3.12/site-packages
 
+COPY --from=startleft-base /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
 COPY --from=startleft-base /usr/local/bin/startleft /usr/local/bin/startleft
+COPY --from=startleft-base /usr/local/bin/uvicorn /usr/local/bin/uvicorn
 
 USER startleft
 

setup.py

@@ -3,6 +3,7 @@
 from startleft.startleft._version.local_scheme import guess_startleft_semver_suffix
 from startleft.startleft._version.version_scheme import guess_startleft_semver
 
+
 setup(
     name='startleft',
     description='Parse Infrastructure as Code files to the Open Threat Model format and upload them to IriusRisk',
@@ -13,7 +14,7 @@
     keywords=['threat modeling', 'cyber security', 'appsec'],
     packages=find_packages(),
     include_package_data=True,
-    python_requires='>= 3.9, <= 3.12',
+    python_requires='>= 3.10, < 3.13',
     install_requires=[
         'pyyaml==6.0.1',
         'jsonschema==4.19.0',
@@ -25,19 +26,19 @@
         "python-multipart==0.0.19",
         'click==8.1.7',
         'uvicorn==0.23.2',
-        'shapely==2.0.1',
         'vsdx==0.5.19',
         'python-magic==0.4.27',
         'setuptools==70.3.0',
         'setuptools-scm==8.1.0',
         'defusedxml==0.7.1',
         'networkx==3.1',
-        'dependency-injector==4.41.0',
-        'google-re2==1.0',
+        'dependency-injector==4.46.0',
         'xmlschema==2.5.0',
         'word2number==1.1',
-        # Do not upgrade pygraphviz unless security issues because it is heavily dependent on the underlying OS
-        'pygraphviz==1.10',
+        # These dependencies are heavily dependent on the underlying OS
+        'pygraphviz==1.13',
+        'shapely==2.0.6',
+        'google-re2',
         # Numpy is a transitive dependency of fastapi, requests and python-multipart
         # They require different v1 versions, while v2 versions lead to import errors
         'numpy<2.0'