Merge branch 'release/1.6.0'

Author: madchap

.gitignore

@@ -92,7 +92,8 @@ Quarterly.txt
 # yarn
 components/*
 !components/package.json
-dojo/static/*
+!components/yarn.lock
+# dojo/static/*
 !dojo/static/dojo/*
 dojo/media
 /static

.travis.yml

@@ -9,14 +9,14 @@ env:
     - HELM_VERSION=v2.13.0
     - CHANGE_MINIKUBE_NONE_USER=true
   matrix:
+    - TEST=flake8
+    - TEST=integration_tests
+    - TEST=docker
     - BROKER=rabbitmq DATABASE=mysql
     - BROKER=rabbitmq DATABASE=postgresql
     - BROKER=redis DATABASE=mysql
     - BROKER=redis DATABASE=postgresql
-    - TEST=flake8
     - TEST=snyk
-    - TEST=docker
-    - TEST=integration_tests
 matrix: 
   allow_failures:
     - env: TEST=snyk

BRANCHING-MODEL.md

@@ -0,0 +1,26 @@
+# Introduction
+This section describes
+- how branches are handled
+- defectdojo release cycle
+
+Please be careful to submit your pull requests to the correct branch: 
+- bugfix: latest release branch
+- evolutions: dev branch
+
+If in doubt please use dev branch.
+
+# Release and hotfix model
+![Schemas](doc/branching_model.png)
+## Releasing
+- Start an x.y.0 release branch off dev branch
+- Commit only bug fixes onto this branch (and merge those fixes back to dev)
+- Dev branch keeps living with further evolutions
+- Every 4-8 weeks, merge the release branch to master and tag: this is when the new release is out: x.(y+1).z
+
+# Issuing a hotfix
+- In case of major issue found after releasing, issue a hotfix branch (first is x.y.1) which is merged to master, dev, and the next release branch
+
+
+(Schemes created with https://www.planttext.com/)
+
+(This model is inspired by https://nvie.com/posts/a-successful-git-branching-model/ but without feature branches.)

DefectDojoMaintainers.md

@@ -104,5 +104,6 @@ ENV \
   DD_UWSGI_MODE="socket" \
   DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
   DD_DJANGO_ADMIN_ENABLED="True" \
-  DD_TRACK_MIGRATIONS="True"
+  DD_TRACK_MIGRATIONS="True" \
+  DD_DJANGO_METRICS_ENABLED="False"
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]

Dockerfile.django

@@ -0,0 +1,51 @@
+
+# code: language=Dockerfile
+
+FROM python:3.5.9-slim-buster@sha256:8068eec6231ae9b097b296068ba4ed0da08eff5f8a4b44c585d25afaea9e8b33 as build
+WORKDIR /app
+RUN \
+  apt-get -y update && \
+  apt-get -y install \
+    git \
+    wget \
+    curl \
+    unzip \
+    gpg \
+    && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists && \
+  true
+
+# Installing Google Chrome browser
+RUN \
+  curl -sS -o - https://dl.google.com/linux/linux_signing_key.pub | apt-key add && \
+  echo "deb [arch=amd64]  http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
+  apt-get -y update && \
+  apt-get -y install \
+    google-chrome-stable \
+  && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists && \
+  true
+
+# Installing Chromium Driver and Selenium for test automation
+RUN LATEST_VERSION=$(curl -s https://chromedriver.storage.googleapis.com/LATEST_RELEASE) && \
+    wget -O /tmp/chromedriver.zip https://chromedriver.storage.googleapis.com/$LATEST_VERSION/chromedriver_linux64.zip && \
+    unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ && \
+    rm /tmp/chromedriver.zip && \
+    chmod 777 /usr/local/bin/chromedriver;
+
+RUN pip install --no-cache-dir selenium requests
+
+COPY tests/ ./tests/
+COPY docker/wait-for-it.sh \
+  docker/entrypoint-integration-tests.sh \
+  /
+
+RUN chmod -R 0777 /app
+USER 1001
+ENV \
+  DD_ADMIN_USER=admin \
+  DD_ADMIN_PASSWORD='' \
+  DD_BASE_URL="http://localhost:8080/"
+CMD ["/entrypoint-integration-tests.sh"]

Dockerfile.integration-tests

@@ -30,16 +30,17 @@ ENV \
 RUN \
   apt-get -y update && \
   apt-get -y install apt-transport-https ca-certificates && \
-  curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \
+  curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \
   curl -sL https://deb.nodesource.com/setup_12.x | bash - && \
   curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
-  echo "deb https://nightly.yarnpkg.com/debian/ nightly main" | tee /etc/apt/sources.list.d/yarn.list && \
+  wget https://github.com/yarnpkg/yarn/releases/download/v1.21.0/yarn_1.21.0_all.deb && \
+  dpkg -i yarn_1.21.0_all.deb && \
   apt-get -y update && \
+  echo "$(yarn --version)" && \
   apt-get -y install nodejs && \
   echo "$(node --version)" && \
-  apt-get -y install --no-install-recommends yarn && \
-  echo "$(yarn --version)" && \
   apt-get clean && \
+  rm yarn_1.21.0_all.deb && \
   rm -rf /var/lib/apt/lists && \
   true
 
@@ -61,19 +62,28 @@ RUN \
   python3 manage.py collectstatic --noinput && \
   true
 
-FROM nginx:1.17.7@sha256:89a42c3ba15f09a3fbe39856bddacdf9e94cd03df7403cad4fc105088e268fc9
+FROM nginx:1.17.9@sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
-COPY wsgi_params nginx/nginx.conf /etc/nginx/
-COPY docker/entrypoint-nginx.sh nginx/*.cer nginx/*.key /
+COPY wsgi_params nginx/nginx.conf nginx/nginx_TLS.conf /etc/nginx/
+COPY docker/entrypoint-nginx.sh /
 RUN \
+  apt-get -y update && \
+  apt-get -y install openssl && \
+  apt-get clean && \
   chmod -R g=u /var/cache/nginx && \
   chmod -R g=u /var/run && \
-  if [ -f /*.key -o -f /*.cer ]; then chown 1001 /*.key /*.cer; fi && \
+  mkdir -p /etc/nginx/ssl && \
+  chmod -R g=u /etc/nginx && \
   true
 ENV \
   DD_UWSGI_PASS="uwsgi_server" \
   DD_UWSGI_HOST="uwsgi" \
-  DD_UWSGI_PORT="3031"
+  DD_UWSGI_PORT="3031" \
+  GENERATE_TLS_CERTIFICATE="false" \
+  USE_TLS="false" \
+  NGINX_METRICS_ENABLED="false" \
+  METRICS_HTTP_AUTH_USER="" \
+  METRICS_HTTP_AUTH_PASSWORD=""
 USER 1001
 EXPOSE 8080
 ENTRYPOINT ["/entrypoint-nginx.sh"]