Merge branch 'main' of https://github.com/OWASP/Nest into feature

.github/ansible/production/deploy.yaml

@@ -86,3 +86,9 @@
     - name: Retart services
       shell:
         cmd: docker compose up -d
+
+    - name: Index data
+      async: 1800 # 30 minutes
+      poll: 0
+      shell: |
+        make index-data > /var/log/nest/index-data.log 2>&1

.github/ansible/staging/deploy.yaml

@@ -104,3 +104,9 @@
     - name: Retart services
       shell:
         cmd: docker compose up -d
+
+    - name: Index data
+      async: 1800 # 30 minutes
+      poll: 0
+      shell: |
+        make index-data > /var/log/nest/index-data.log 2>&1

.github/labeler.yml

@@ -64,3 +64,16 @@ nginx:
   - changed-files:
       - any-glob-to-any-file:
           - 'nginx/**'
+
+schema:
+  - all:
+      - changed-files:
+          - any-glob-to-any-file:
+              - 'schema/**'
+          - all-globs-to-all-files:
+              - '!schema/tests/**'
+
+schema-tests:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'schema/tests/**'

.github/workflows/pr-labeler.yaml → .github/workflows/label-pull-requests.yaml

@@ -1,4 +1,4 @@
-name: 'Pull Request Labeler'
+name: Label Pull Requests
 
 on:
   - pull_request_target
@@ -13,3 +13,4 @@ jobs:
       - uses: actions/labeler@v5
         with:
           configuration-path: .github/labeler.yml
+          sync-labels: true

.github/workflows/ci-cd.yaml → .github/workflows/run-ci-cd.yaml

@@ -1,4 +1,4 @@
-name: CI/CD
+name: Run CI/CD
 
 on:
   merge_group:
@@ -7,11 +7,13 @@ on:
       - main
     paths-ignore:
       - backend/data/nest.json.gz
+      - schema/*
   push:
     branches:
       - main
     paths-ignore:
       - backend/data/nest.json.gz
+      - schema/*
   release:
     types:
       - published
@@ -219,6 +221,7 @@ jobs:
           echo "VITE_ALGOLIA_SEARCH_API_KEY=${{ secrets.VITE_ALGOLIA_SEARCH_API_KEY }}" >> frontend/.env.staging
           echo "VITE_API_URL=${{ secrets.VITE_API_URL }}" >> frontend/.env.staging
           echo "VITE_ENVIRONMENT=${{ secrets.VITE_ENVIRONMENT }}" >> frontend/.env.staging
+          echo "VITE_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env.staging
           echo "VITE_RELEASE_VERSION=$(date '+%y.%-m.%-d')-${GITHUB_SHA:0:7}" >> frontend/.env.staging
           echo "VITE_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> frontend/.env.staging
 
@@ -333,6 +336,7 @@ jobs:
           echo "VITE_ALGOLIA_SEARCH_API_KEY=${{ secrets.ALGOLIA_SEARCH_API_KEY }}" >> frontend/.env.production
           echo "VITE_API_URL=https://nest.owasp.org/api/v1" >> frontend/.env.production
           echo "VITE_ENVIRONMENT=production" >> frontend/.env.production
+          echo "VITE_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env.staging
           echo "VITE_RELEASE_VERSION=${{ github.event.release.tag_name }}" >> frontend/.env.production
           echo "VITE_SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> frontend/.env.production
 

.github/workflows/sync.yaml → .github/workflows/sync-nest-data.yaml

@@ -1,4 +1,4 @@
-name: Sync data
+name: Sync Nest data
 
 on:
   schedule:

.github/workflows/test-schema.yaml

@@ -0,0 +1,112 @@
+name: Test OWASP Schema
+
+on:
+  merge_group:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - schema/**
+  push:
+    branches:
+      - main
+    paths:
+      - schema/**
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
+
+env:
+  DOCKERHUB_USERNAME: arkid15r
+  FORCE_COLOR: 1
+
+jobs:
+  pre-commit:
+    name: Run pre-commit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          cache: poetry
+          cache-dependency-path: schema/poetry.lock
+          python-version: '3.13'
+
+      - name: Run pre-commit
+        uses: pre-commit/[email protected]
+
+      - name: Check for uncommitted changes
+        run: |
+          git diff --exit-code || (echo 'Unstaged changes detected. \
+          Run `make check` and use `git add` to address it.' && exit 1)
+
+  code-ql:
+    name: CodeQL
+    permissions:
+      security-events: write
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        language:
+          - python
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: '/language:${{ matrix.language }}'
+
+  spellcheck:
+    name: Run spell check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Run cspell
+        run: |
+          make spellcheck
+
+  run-schema-tests:
+    name: Run schema tests
+    needs:
+      - pre-commit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build schema test image
+        uses: docker/build-push-action@v6
+        with:
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:cache
+          context: schema
+          file: schema/Dockerfile.test
+          load: true
+          platforms: linux/amd64
+          tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:latest
+
+      - name: Run schema tests
+        run: |
+          docker run ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:latest poetry run pytest

.github/workflows/nest-test-image-updater.yaml → .github/workflows/update-nest-test-images.yaml

@@ -11,7 +11,7 @@ env:
 
 jobs:
   update-nest-test-images:
-    name: Update Nest test image
+    name: Update Nest test images
     if: ${{ github.repository == 'OWASP/Nest' }}
     runs-on: ubuntu-latest
     steps:
@@ -26,7 +26,7 @@ jobs:
           username: ${{ env.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build backend test image
+      - name: Update backend test image
         uses: docker/build-push-action@v6
         with:
           cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-backend:cache
@@ -37,7 +37,7 @@ jobs:
           push: true
           tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-backend:latest
 
-      - name: Build frontend test image
+      - name: Update frontend test image
         uses: docker/build-push-action@v6
         with:
           cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend:cache
@@ -47,3 +47,14 @@ jobs:
           platforms: linux/amd64
           push: true
           tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend:latest
+
+      - name: Update schema test image
+        uses: docker/build-push-action@v6
+        with:
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:cache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:cache,mode=max
+          context: schema
+          file: schema/Dockerfile.test
+          platforms: linux/amd64
+          push: true
+          tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-schema:latest

.gitignore

@@ -13,12 +13,12 @@ __pycache__
 .python-version
 .ruff_cache
 .vscode
+venv/
 *.code-workspace
 *.local
 *.log
 backend/.venv
 backend/staticfiles
-backend/venv
 frontend/.npm
 frontend/coverage
 frontend/dist
@@ -27,5 +27,6 @@ frontend/npm-debug.log*
 frontend/pnpm-debug.log*
 frontend/yarn-debug.log*
 frontend/yarn-error.log*
+schema/.venv
 logs
 TODO

Makefile

@@ -1,6 +1,7 @@
 include backend/Makefile
 include cspell/Makefile
 include frontend/Makefile
+include schema/Makefile
 
 build:
 	@docker compose build

backend/apps/common/graphql/nodes.py

@@ -0,0 +1,10 @@
+"""Common GraphQL nodes."""
+
+from graphene_django import DjangoObjectType
+
+
+class BaseNode(DjangoObjectType):
+    """Base node."""
+
+    class Meta:
+        abstract = True

backend/apps/common/graphql/queries.py

@@ -0,0 +1,7 @@
+"""Common GraphQL queries."""
+
+import graphene
+
+
+class BaseQuery(graphene.ObjectType):
+    """Base query."""

backend/apps/github/graphql/nodes/issue.py

@@ -0,0 +1,19 @@
+"""GitHub issue GraphQL node."""
+
+from apps.common.graphql.nodes import BaseNode
+from apps.github.models.issue import Issue
+
+
+class IssueNode(BaseNode):
+    """GitHub issue node."""
+
+    class Meta:
+        model = Issue
+        fields = (
+            "author",
+            "comments_count",
+            "created_at",
+            "number",
+            "state",
+            "title",
+        )

backend/apps/github/graphql/nodes/release.py

@@ -0,0 +1,23 @@
+"""GitHub release GraphQL node."""
+
+from graphene import Field
+
+from apps.common.graphql.nodes import BaseNode
+from apps.github.graphql.nodes.user import UserNode
+from apps.github.models.release import Release
+
+
+class ReleaseNode(BaseNode):
+    """GitHub release node."""
+
+    author = Field(UserNode)
+
+    class Meta:
+        model = Release
+        fields = (
+            "author",
+            "is_pre_release",
+            "name",
+            "published_at",
+            "tag_name",
+        )

backend/apps/github/graphql/nodes/user.py

@@ -0,0 +1,18 @@
+"""GitHub user GraphQL node."""
+
+from apps.common.graphql.nodes import BaseNode
+from apps.github.models.user import User
+
+
+class UserNode(BaseNode):
+    """GitHub user node."""
+
+    class Meta:
+        model = User
+        fields = (
+            "avatar_url",
+            "email",
+            "id",
+            "login",
+            "name",
+        )

backend/apps/owasp/graphql/nodes/project.py

@@ -0,0 +1,29 @@
+"""OWASP project GraphQL node."""
+
+import graphene
+
+from apps.common.graphql.nodes import BaseNode
+from apps.github.graphql.nodes.issue import IssueNode
+from apps.github.graphql.nodes.release import ReleaseNode
+from apps.owasp.models.project import Project
+
+RECENT_ISSUES_LIMIT = 10
+RECENT_RELEASES_LIMIT = 10
+
+
+class ProjectNode(BaseNode):
+    """Project node."""
+
+    recent_issues = graphene.List(IssueNode)
+    recent_releases = graphene.List(ReleaseNode)
+
+    class Meta:
+        model = Project
+
+    def resolve_recent_issues(self, info):
+        """Resolve project recent issues."""
+        return self.issues.select_related("author").order_by("-created_at")[:RECENT_ISSUES_LIMIT]
+
+    def resolve_recent_releases(self, info):
+        """Resolve project recent releases."""
+        return self.published_releases.order_by("-published_at")[:RECENT_RELEASES_LIMIT]

backend/apps/owasp/graphql/queries/__init__.py

@@ -0,0 +1,7 @@
+"""OWASP GraphQL queries."""
+
+from apps.owasp.graphql.queries.project import ProjectQuery
+
+
+class OwaspQuery(ProjectQuery):
+    """OWASP queries."""