Merge branch 'main' into add-almalinux-advisories

Author: ambuj-1211

.VERSION

@@ -1,3 +1,3 @@
 refs=$Format:%D$
-commit=$Format:%H$
+commit=$Format:%h$
 abbrev_commit=$Format:%H$

.dockerignore

@@ -6,7 +6,6 @@ docker-compose.yml
 
 
 # Ignore Git directory and files and github directory.
-**/.git
 **/.gitignore
 **/.gitattributes
 **/.gitmodules

.gitattributes

@@ -0,0 +1 @@
+.VERSION export-subst

.github/workflows/pypi-release.yml

@@ -47,7 +47,7 @@ jobs:
     name: Create GH release
     needs:
       - build-pypi-distribs
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Download built archives
@@ -67,7 +67,7 @@ jobs:
     name: Create PyPI release
     needs:
       - create-gh-release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Download built archives

CHANGELOG.rst

@@ -2,6 +2,29 @@ Release notes
 =============
 
 
+Version v36.1.2
+---------------------
+
+- Get tag from VERSION manifest #1895
+
+
+Version v36.1.1
+---------------------
+
+- Update is_active help text in pipeline migration #1887
+
+
+Version v36.1.0
+---------------------
+
+- Remove admin panel #1885
+- Support running pipelines in scheduled task queue #1871
+- Optimize export management command #1868
+- Fix alpine linux importer #1861
+- Stop github OSV importer crashes #1854
+- Make advisory content_id a unique field #1864
+
+
 Version v36.0.0
 ---------------------
 

Dockerfile

@@ -17,8 +17,21 @@ ENV PYTHONDONTWRITEBYTECODE 1
 
 RUN mkdir -p /var/vulnerablecode/static
 
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+       wait-for-it \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
 # Keep the dependencies installation before the COPY of the app/ for proper caching
 COPY setup.cfg setup.py requirements.txt pyproject.toml /app/
 RUN pip install . -c requirements.txt
 
 COPY . /app
+
+# Store commit hash for docker deployment from local checkout.
+RUN if [ -d ".git" ]; then \
+  GIT_COMMIT=$(git rev-parse --short HEAD) && \
+  echo "VULNERABLECODE_GIT_COMMIT=\"$GIT_COMMIT\"" >> /app/vulnerablecode/settings.py; \
+  rm -rf .git; \
+fi

docker-compose.yml

@@ -10,6 +10,15 @@ services:
       - db_data:/var/lib/postgresql/data/
       - ./etc/postgresql/postgresql.conf:/etc/postgresql/postgresql.conf
 
+  vulnerablecode_redis:
+    image: redis
+    # Enable redis data persistence using the "Append Only File" with the
+    # default policy of fsync every second. See https://redis.io/topics/persistence
+    command: redis-server --appendonly yes
+    volumes:
+      - vulnerablecode_redis_data:/data
+    restart: always
+
   vulnerablecode:
     build: .
     command: /bin/sh -c "
@@ -26,6 +35,31 @@ services:
     depends_on:
       - db
 
+  vulnerablecode_scheduler:
+    build: .
+    command: wait-for-it web:8000 -- python ./manage.py run_scheduler
+    env_file:
+      - docker.env
+    volumes:
+      - /etc/vulnerablecode/:/etc/vulnerablecode/
+    depends_on:
+      - vulnerablecode_redis
+      - db
+      - vulnerablecode
+
+  vulnerablecode_rqworker:
+    build: .
+    command: wait-for-it web:8000 -- python ./manage.py rqworker default
+    env_file:
+      - docker.env
+    volumes:
+      - /etc/vulnerablecode/:/etc/vulnerablecode/
+    depends_on:
+      - vulnerablecode_redis
+      - db
+      - vulnerablecode
+
+
   nginx:
     image: nginx
     ports:
@@ -44,4 +78,5 @@ services:
 volumes:
   db_data:
   static:
+  vulnerablecode_redis_data:
 

docker.env

@@ -4,3 +4,5 @@ POSTGRES_PASSWORD=vulnerablecode
 
 VULNERABLECODE_DB_HOST=db
 VULNERABLECODE_STATIC_ROOT=/var/vulnerablecode/static/
+
+VULNERABLECODE_REDIS_HOST=vulnerablecode_redis

docs/source/conf.py

@@ -38,6 +38,8 @@
     "https://example.org/api/non-existent-packages",
     "https://github.com/aboutcode-org/vulnerablecode/pull/495/commits",
     "https://nvd.nist.gov/products/cpe",
+    "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
+    "http://ftp.suse.com/pub/projects/security/yaml/",
 ]
 
 # Add any Sphinx extension module names here, as strings. They can be

docs/source/user-interface.rst

@@ -15,11 +15,11 @@ package URL or purl prefix fragment such as
 
 The search by packages is available at the following URL:
 
-    `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+    `https://public.vulnerablecode.io/packages/search/ <https://public.vulnerablecode.io/packages/search/>`_
 
 How to search by packages:
 
-    1. Go to the URL: `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+    1. Go to the URL: `https://public.vulnerablecode.io/packages/search/ <https://public.vulnerablecode.io/packages/search/>`_
     2. Enter the package URL or purl prefix fragment such as ``pkg:pypi``
        or by package name in the search box.
     3. Click on the search button.
@@ -46,11 +46,11 @@ fragment of these identifiers like ``CVE-2021``.
 
 The search by vulnerabilities is available at the following URL:
 
-    `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+    `https://public.vulnerablecode.io/vulnerabilities/search/ <https://public.vulnerablecode.io/vulnerabilities/search/>`_
 
 How to search by vulnerabilities:
 
-    1. Go to the URL: `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+    1. Go to the URL: `https://public.vulnerablecode.io/vulnerabilities/search/ <https://public.vulnerablecode.io/vulnerabilities/search/>`_
     2. Enter the VCID, CVE, GHSA, CPEs etc. in the search box.
     3. Click on the search button.