secfb
diff --git a/‎.github/ISSUE_TEMPLATE/security_issue.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/security_issue.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/labeler.yml‎
Lines changed: 10 additions & 7 deletions b/‎.github/labeler.yml‎
Lines changed: 10 additions & 7 deletions
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 7 additions & 16 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 7 additions & 16 deletions
diff --git a/‎.github/workflows/k8s-testing.yml‎
Lines changed: 18 additions & 6 deletions b/‎.github/workflows/k8s-testing.yml‎
Lines changed: 18 additions & 6 deletions
diff --git a/‎.github/workflows/new-release-chart.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/new-release-chart.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/new-release-tag-docker.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/new-release-tag-docker.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/test-helm-chart.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/test-helm-chart.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/unit-tests.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/unit-tests.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎Dockerfile.django‎
Lines changed: 7 additions & 3 deletions b/‎Dockerfile.django‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎Dockerfile.integration-tests‎
Lines changed: 2 additions & 1 deletion b/‎Dockerfile.integration-tests‎
Lines changed: 2 additions & 1 deletion
@@ -9,7 +9,7 @@ assignees: ''
 
 **DefectDojo security reporting program**
 
-If you believe you have found a **security issue** in DefectDojo, please review the [disclosure policy](https://github.com/DefectDojo/django-DefectDojo/blob/master/SECURITY.md) and submit your finding via our security reporting program. 
+If you believe you have found a **security issue** in DefectDojo, please review the [disclosure policy](../../readme-docs/SECURITY.md) and submit your finding via our security reporting program. 
 
 Please, do not submit **security issues** via GitHub directly.
 
 
@@ -1,20 +1,23 @@
 docs:
-- any: ['docs/**/*', 'readme-docs/**/*']
+- docs/**/*
+- readme-docs/**/*
 
 docker:
-- any: ['docker/**/*', 'docker**', 'Docker*']
+- docker/**/*
+- docker**
+- Docker*
 
 "New Migration":
-- any: ['dojo/db_migrations/*']
+- dojo/db_migrations/*
 
 unittests:
-- any: ['dojo/unittests/**/*']
+- unittests/**/*
 
 integration_tests:
-- any: ['tests/**/*']
+- tests/**/*
 
 settings_changes:
-- any: ['dojo/settings/settings.dist.py']
+- dojo/settings/settings.dist.py
 
 apiv2:
-- any: ['dojo/api_v2/**/*']
+- dojo/api_v2/**/*
@@ -43,19 +43,10 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        uses: actions/cache@v2
-        env:
-          docker-image: ${{ matrix.docker-image }}
         with:
-          path: /tmp/.buildx-cache-${{ env.docker-image }}
-          key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }}-${{ github.run_id }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}-${{ github.sha }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ github.workflow }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}
-
+          buildkitd-flags: --debug
+          driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
+          
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v2
@@ -68,9 +59,9 @@ jobs:
             ${{ env.DD_DOCKER_REPO }}/defectdojo-${{ env.docker-image }}:latest
           file: Dockerfile.${{ env.docker-image }}
           outputs: type=docker,dest=${{ env.docker-image }}_img
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
-
+          cache-from: type=gha,scope=${{ matrix.docker-image }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }}
+          
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         uses:  actions/upload-artifact@v2
@@ -134,7 +125,7 @@ jobs:
 
       - name: Start Dojo
         # implicity starts uwsgi and rabbitmq
-        run: docker-compose up -d mysql nginx celerybeat celeryworker
+        run: docker-compose up -d mysql nginx celerybeat celeryworker mailhog
 
       - name: Initialize
         run: docker-compose up --exit-code-from initializer initializer
 
@@ -108,9 +108,22 @@ jobs:
 
     strategy:
       matrix:
-        databases: [pgsql, mysql]
-        brokers: [redis, rabbit]
-        k8s: ['v1.16.0','v1.20.0']
+        include:
+          # databases, broker and k8s are independent, so we don't need to test each combination
+          # lastest k8s version (https://kubernetes.io/releases/) and oldest supported version from aws
+          # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
+          - databases: pgsql
+            brokers: redis
+            k8s: 'v1.18.16'
+          - databases: mysql
+            brokers: rabbit
+            k8s: 'v1.18.16'
+          - databases: pgsql
+            brokers: rabbit
+            k8s: 'v1.22.0'
+          - databases: mysql
+            brokers: redis
+            k8s: 'v1.22.0'
 
     steps:
 #      - name: Login to DockerHub
@@ -124,7 +137,7 @@ jobs:
       - name: Setup Minikube
         uses: manusa/[email protected]
         with:
-          minikube version: 'v1.22.0'
+          minikube version: 'v1.24.0'
           kubernetes version: ${{ matrix.k8s }}
           driver: docker
           start args: '--addons=ingress'
@@ -145,7 +158,6 @@ jobs:
 
       - name: Configure HELM repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
@@ -172,7 +184,7 @@ jobs:
                ${{ steps.set.outputs[matrix.databases] }} \
                ${{ steps.set.outputs[matrix.brokers] }} \
                --set createSecret=true \
-              #  --set imagePullSecrets=defectdojoregistrykey
+               # --set imagePullSecrets=defectdojoregistrykey
 
       - name: Check deployment status
         run: |-
 
@@ -35,7 +35,6 @@ jobs:
           version: v3.4.0
       - name: Configure HELM repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 
@@ -36,7 +36,6 @@ jobs:
           version: v3.4.0
       - name: Configure Helm repos
         run: |
-          helm repo add stable https://charts.helm.sh/stable
           helm repo add bitnami https://charts.bitnami.com/bitnami
           helm dependency list ./helm/defectdojo
           helm dependency update ./helm/defectdojo
 
@@ -30,7 +30,6 @@ jobs:
 
       - name: Configure Helm repos
         run: |-
-             helm repo add stable https://charts.helm.sh/stable
              helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 
@@ -39,7 +39,8 @@ jobs:
         uses: docker/setup-buildx-action@v1
         with:
           buildkitd-flags: --debug
-
+          driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
+          
       - name: Build
         id: docker_build
         uses: docker/build-push-action@v2
@@ -60,7 +61,7 @@ jobs:
 
       # phased startup so we can use the exit code from unit test container
       - name: Start MySQL
-        run: docker-compose up -d
+        run: docker-compose up -d mysql
 
       # no celery or initializer needed for unit tests
       - name: Unit tests
 
@@ -5,11 +5,12 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as build
+FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012 as base
+FROM base as build
 WORKDIR /app
 RUN \
   apt-get -y update && \
-  apt-get -y install \
+  apt-get -y install --no-install-recommends \
     build-essential \
     dnsutils \
     default-mysql-client \
@@ -25,7 +26,7 @@ RUN \
 COPY requirements.txt ./
 RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
 
-FROM python:3.8.12-slim-buster@sha256:7e732593f25983fa7d4b2d54444be4a785f2397c1cf2f815d2e3638337eee012
+FROM base as django
 WORKDIR /app
 ARG uid=1001
 ARG appuser=defectdojo
@@ -136,3 +137,6 @@ ENV \
   DD_DJANGO_METRICS_ENABLED="False"
 RUN mkdir -p media && mkdir -p media/threat && chown -R ${uid} media
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]
+
+FROM django as django-unittests
+COPY unittests/ ./unittests/
@@ -45,7 +45,8 @@ COPY tests/ ./tests/
 
 RUN chmod -R 0777 /app
 
-USER 1001
+ARG uid=1001
+USER ${uid}
 ENV \
   DD_ADMIN_USER=admin \
   DD_ADMIN_PASSWORD='' \