Skip to content

Commit f3d3485

Browse files
authored
Merge pull request DefectDojo#8947 from DefectDojo/release/2.28.0
Release: Merge release into master from: release/2.28.0
2 parents 27e1ae6 + 1139cd2 commit f3d3485

File tree

86 files changed

+18208
-163
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

86 files changed

+18208
-163
lines changed

.github/scripts/git_protect.py

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
import argparse
2+
import logging
3+
import re
4+
import subprocess
5+
from pathlib import Path
6+
7+
log = logging.getLogger(__name__)
8+
9+
10+
def gitignore_to_regex(pattern) -> str:
11+
# Replace .gitignore-style patterns with regex equivalents
12+
pattern = pattern.replace("*", ".*") # * -> .*
13+
pattern = pattern.replace("?", ".") # ? -> .
14+
pattern = pattern.replace("[!", "[^") # [!abc] -> [^abc]
15+
16+
# If the pattern ends with '/', it matches directories
17+
if pattern.endswith("/"):
18+
pattern = f"{pattern}.*"
19+
20+
return rf"^{pattern}"
21+
22+
23+
def get_protected_files(file_name: str) -> list[str]:
24+
# Check to see if the .gitprotect file exists
25+
config_path = Path(file_name)
26+
if not config_path.exists():
27+
log.error(f"ERROR: Could not find .gitprotect at {config_path.absolute()}")
28+
exit(1)
29+
30+
# Open the file and read in file paths
31+
with open(file_name, "r") as file:
32+
return [gitignore_to_regex(line.strip()) for line in file]
33+
34+
35+
def get_changed_files(base_ref: str, head_ref: str) -> list[str]:
36+
result = subprocess.run(
37+
[
38+
"git",
39+
"diff",
40+
"--name-only",
41+
base_ref,
42+
head_ref,
43+
],
44+
capture_output=True,
45+
text=True,
46+
)
47+
return result.stdout.splitlines()
48+
49+
50+
def check_changes_against_protect_list(
51+
changed_files: list[str], protected_files: list[str], comment_only: bool
52+
):
53+
violations = set()
54+
55+
# If any modified file is one in the protect list, add the files to the violations list
56+
for protected_file in protected_files:
57+
pattern = re.compile(protected_file)
58+
files_with_pattern = [f for f in changed_files if pattern.search(f)]
59+
violations.update(files_with_pattern)
60+
61+
violations_list = "\n".join(violations)
62+
if violations:
63+
log.error(
64+
f"The following files are protected and cannot be modified:\n{violations_list}"
65+
)
66+
if comment_only:
67+
exit_code = 0
68+
else:
69+
exit_code = 1
70+
exit(exit_code)
71+
else:
72+
log.debug("No changes to protected files were detected.")
73+
74+
75+
def main(args):
76+
changed_files = get_changed_files(
77+
args.base_ref,
78+
args.head_ref,
79+
)
80+
protected_files = get_protected_files(".gitprotect")
81+
check_changes_against_protect_list(
82+
protected_files=protected_files,
83+
changed_files=changed_files,
84+
comment_only=args.comment_only
85+
)
86+
87+
88+
if __name__ == "__main__":
89+
parser = argparse.ArgumentParser(
90+
description="A utility function to check if protected files have been modified."
91+
)
92+
parser.add_argument(
93+
"base_ref", help="The git SHA for the most recent merged commit."
94+
)
95+
parser.add_argument("head_ref", help="The git SHA for the incoming commit")
96+
parser.add_argument(
97+
"--comment-only",
98+
action="store_true",
99+
help="Sets git-protect to not exit with an error code",
100+
)
101+
102+
args = parser.parse_args()
103+
main(args)

.github/workflows/cancel-outdated-workflow-runs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
runs-on: ubuntu-latest
1414
timeout-minutes: 3
1515
steps:
16-
- uses: styfle/cancel-workflow-action@0.11.0
16+
- uses: styfle/cancel-workflow-action@0.12.0
1717
with:
1818
workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml'
1919
access_token: ${{ github.token }}
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
name: Check For Modifications to Protected Files
2+
3+
on:
4+
pull_request_target:
5+
6+
jobs:
7+
check-if-protected-files-are-modified:
8+
permissions: write-all
9+
runs-on: ubuntu-latest
10+
11+
steps:
12+
- name: Checkout code
13+
uses: actions/checkout@v2
14+
with:
15+
fetch-depth: 0
16+
ref: ${{ github.event.pull_request.head.sha }}
17+
18+
- name: Set up Python
19+
uses: actions/setup-python@v2
20+
with:
21+
python-version: '3.x'
22+
23+
- name: Check for file changes using git-protect
24+
run: |
25+
python .github/scripts/git_protect.py ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --comment-only &> output.txt
26+
27+
- name: Post a comment back to the PR if protected files have changed
28+
if: ${{ always() }}
29+
uses: actions/github-script@v6
30+
with:
31+
script: |
32+
const fs = require('fs');
33+
34+
fs.readFile('output.txt', 'utf8', (err, data) => {
35+
if (err) {
36+
console.error('Error reading the file:', err);
37+
return;
38+
}
39+
github.rest.issues.createComment({
40+
issue_number: context.issue.number,
41+
owner: context.repo.owner,
42+
repo: context.repo.repo,
43+
body: data
44+
})
45+
});

.github/workflows/gh-pages.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
extended: true
2222

2323
- name: Setup Node
24-
uses: actions/setup-node@v3
24+
uses: actions/setup-node@v4
2525
with:
2626
node-version: '16.x'
2727

.github/workflows/plantuml.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
with:
3434
args: -v -tpng ${{ steps.getfile.outputs.files }}
3535
- name: Push Local Changes
36-
uses: stefanzweifel/git-auto-commit-action@v4.16.0
36+
uses: stefanzweifel/git-auto-commit-action@v5.0.0
3737
with:
3838
commit_user_name: "PlantUML_bot"
3939
commit_user_email: "[email protected]"

.github/workflows/release-1-create-pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ jobs:
7575
grep -H version helm/defectdojo/Chart.yaml
7676
7777
- name: Push version changes
78-
uses: stefanzweifel/git-auto-commit-action@v4.16.0
78+
uses: stefanzweifel/git-auto-commit-action@v5.0.0
7979
with:
8080
commit_user_name: "${{ env.GIT_USERNAME }}"
8181
commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-3-master-into-dev.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ jobs:
5757
grep version components/package.json
5858
5959
- name: Push version changes
60-
uses: stefanzweifel/git-auto-commit-action@v4.16.0
60+
uses: stefanzweifel/git-auto-commit-action@v5.0.0
6161
with:
6262
commit_user_name: "${{ env.GIT_USERNAME }}"
6363
commit_user_email: "${{ env.GIT_EMAIL }}"
@@ -123,7 +123,7 @@ jobs:
123123
grep version components/package.json
124124
125125
- name: Push version changes
126-
uses: stefanzweifel/git-auto-commit-action@v4.16.0
126+
uses: stefanzweifel/git-auto-commit-action@v5.0.0
127127
with:
128128
commit_user_name: "${{ env.GIT_USERNAME }}"
129129
commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-drafter.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
update_release_draft:
2020
runs-on: ubuntu-latest
2121
steps:
22-
- uses: release-drafter/release-drafter@v5.24.0
22+
- uses: release-drafter/release-drafter@v5.25.0
2323
with:
2424
version: ${{github.event.inputs.version}}
2525
env:

.github/workflows/test-helm-chart.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
helm dependency update ./helm/defectdojo
3636
3737
- name: Set up chart-testing
38-
uses: helm/chart-testing-action@v2.4.0
38+
uses: helm/chart-testing-action@v2.6.1
3939

4040
- name: Determine target branch
4141
id: ct-branch-target

.gitprotect

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
dojo/announcement/
2+
dojo/api_v2/
3+
dojo/authorization/
4+
dojo/db_migrations/
5+
dojo/endpoint/
6+
dojo/engagement/
7+
dojo/finding/
8+
dojo/finding_group/
9+
dojo/group/
10+
dojo/importers/
11+
dojo/jira_link/
12+
dojo/metrics/
13+
dojo/note_type/
14+
dojo/notes/
15+
dojo/product/
16+
dojo/product_type/
17+
dojo/reports/
18+
dojo/risk_acceptance/
19+
dojo/rules/
20+
dojo/search/
21+
dojo/templates/
22+
dojo/templatetags/
23+
dojo/test/
24+
dojo/tool_config/
25+
dojo/tool_product/
26+
dojo/tool_type/
27+
dojo/user/
28+
29+
dojo/apps.py
30+
dojo/celery.py
31+
dojo/context_processors.py
32+
dojo/decorators.py
33+
dojo/filters.py
34+
dojo/forms.py
35+
dojo/middleware.py
36+
dojo/models.py
37+
dojo/okta.py
38+
dojo/pipeline.py
39+
dojo/remote_user.py
40+
dojo/tasks.py
41+
dojo/urls.py
42+
dojo/utils.py
43+
dojo/views.py
44+
dojo/wsgi.py
45+
46+
47+
docker/environments/
48+
docker/extra_settings/
49+
docker/entrypoint-celery-beat.sh
50+
docker/entrypoint-celery-worker.sh
51+
docker/entrypoint-initializer.sh
52+
docker/entrypoint-nginx.sh
53+
docker/entrypoint-uwsgi.sh
54+
docker/wait-for-it.sh

0 commit comments

Comments
 (0)