-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enterprise/enhancements #754
Merged
Merged
Changes from 21 commits
Commits
Show all changes
102 commits
Select commit
Hold shift + click to select a range
70960b8
Gitignore pnpm lockfile in enterprise/frontend
nas-tabchiche 5f6e19d
Remove FF_WHITE_LABEL feature flag
nas-tabchiche 6173223
Localize client settings strings
nas-tabchiche 103f040
Fix logo and favicon being overriden when editing client settings nam…
nas-tabchiche b43092d
chore: run prettier
nas-tabchiche 47530f7
Remove unneeded update method
nas-tabchiche a02ddbc
Implement file upload MIME type validation
nas-tabchiche 2ae718c
Simplify logo and favicon management
nas-tabchiche 34ccaf9
Add image/vnd.microsoft.icon mimetype for favicon and logo upload
nas-tabchiche cd899ac
Componentize login greetings
nas-tabchiche 759a673
Add svg mimetype
nas-tabchiche a41d07c
Localize logo and favicon help texts
nas-tabchiche baaefcb
Fix libmagic1 installation in Dockerfile
nas-tabchiche 9b9f9d3
Merge branch 'main' into enterprise/enhancements
nas-tabchiche c7b8e40
Update Makefile
nas-tabchiche 1c0ca54
Use Object.hasOwn instead of hasOwnProperty
nas-tabchiche 6185bfc
Write manage.sh script
nas-tabchiche eeb58e0
Update enterprise backend README
nas-tabchiche 6cb0d99
Simplify enterprise frontend dev
nas-tabchiche ce3cdf8
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 7420e92
update readme
ab-smith 69698b2
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 636dc55
Use safeTranslate util to attempt translation of dynamic strings
nas-tabchiche 8d2f1e9
Check if response has field
nas-tabchiche 962b538
Write enterprise docker-compose files
nas-tabchiche c830546
Merge branch 'main' into enterprise/enhancements
nas-tabchiche f4181a4
Merge branch 'main' into enterprise/enhancements
nas-tabchiche b8602f7
Gitignore .meta files
nas-tabchiche 9ef32c8
Update enterprise docker-compose-build
nas-tabchiche 0dd959f
Allow specifying docker-compose file in docker-compose-build scripts
nas-tabchiche b2afd67
Build and push enterprise images
nas-tabchiche d624ca9
Merge branch 'main' into enterprise/enhancements
nas-tabchiche d79c828
Update backend deps
nas-tabchiche f18ad24
Add enterprise startup functional test
nas-tabchiche 5c21b3b
Add enterprise startup docker-compose test
nas-tabchiche ed88018
Make sure pnpm is installed before running pre-build
nas-tabchiche bca5eae
Poetry run python manage.py scripts
nas-tabchiche 211b085
Attempt to skip virtualenv creation
nas-tabchiche 3d9d552
Add allauth extras in pyproject
nas-tabchiche 6ed7afd
chore: Run poetry lock
nas-tabchiche e8563ab
Update upload artifacts path
nas-tabchiche b6b8fda
Fix typo
nas-tabchiche b2bcb38
Update enterprise artifact name
nas-tabchiche 36fe34d
Fetch artifact in the right directory
nas-tabchiche 39c51a8
Merge branch 'main' into enterprise/enhancements
nas-tabchiche cdae16c
Run startup tests in debug mode
nas-tabchiche a70a95b
Pin dependencies
nas-tabchiche 27f561d
chore: Lock poetry dependencies
nas-tabchiche f90175c
Use poetry in community Dockerfile
nas-tabchiche 697a722
chore: Run makemigrations
nas-tabchiche 76fb7e6
Mirror community settings file
nas-tabchiche 987fe09
chore: Re-generate package-lock.json file
nas-tabchiche 0d29704
Stop relying on poetry to install enterprise_core in dockerized envir…
nas-tabchiche 78edb74
Run docker compose startup test with poetry
nas-tabchiche 800976a
Pipe falsy responses to stderr
nas-tabchiche ef5bbcb
write enterprise functional tests job
nas-tabchiche cd62335
Add mailhog service and browsers matrix
nas-tabchiche cef05f9
Fix build endpoint in enterprise
nas-tabchiche 235bb58
Allow setting the BASE_DIR through env in enterprise
nas-tabchiche 0fa276e
Fix enterprise functional tests artifact name
nas-tabchiche 4a48bb6
Configure mailer properly in enterprise functional tests
nas-tabchiche 5936a3f
Fetch client settings at the root layout
nas-tabchiche d1b7867
Store logo and favicon in local storage
nas-tabchiche 3a4141d
Squash migrations
nas-tabchiche 6e3daeb
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 292d34c
Include docker compose instructions in enterprise README
nas-tabchiche 51ecd96
Remove obsolete version field
nas-tabchiche 69dc36f
Merge branch 'main' into enterprise/enhancements
nas-tabchiche ad26ba4
Localize parent_domain field label
nas-tabchiche 4aae05b
Manage DJANGO_SETTINGS_MODULE environment variable
nas-tabchiche a0f4ee4
Allow loading additional modules
nas-tabchiche a8d4251
Create enterprise build endpoint
nas-tabchiche 44a4f7d
Update CISO Assistant build display
nas-tabchiche a97b395
Merge branch 'main' into enterprise/enhancements
nas-tabchiche fae7cb2
Don't run cleanup hook in CI
nas-tabchiche 5c95353
Update poetry dependencies
nas-tabchiche f04fc3d
Remove obsolete license route
nas-tabchiche 6304fa4
chore: Run poetry lock
nas-tabchiche 0399171
Run regular startup tests using poetry
nas-tabchiche 6966dcb
Update settings.py INSTALLED_APPS
nas-tabchiche 6084f92
Update enterprise ModelForm
nas-tabchiche 28c4b98
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 26b3970
Always run cleanup
nas-tabchiche 72ec8bc
Only attempt to fetch logo or favicon if set in clientSettings
nas-tabchiche c4a24f0
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 824d58c
Update enterprise image builds
nas-tabchiche b61c6df
Update enterprise registry name
nas-tabchiche 34de01f
squash
nas-tabchiche 6297c03
Merge branch 'main' into enterprise/enhancements
nas-tabchiche c58a780
Remove unused isStableRelease input
nas-tabchiche c235a38
Update docker-build-and-push workflow
nas-tabchiche de98925
Fix logo not showing up when logo is unset in client settings
nas-tabchiche eea65b3
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 4b579dd
Remove unused imports
nas-tabchiche 8eeef0f
Remove unused digestMessage function
nas-tabchiche 03883ce
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 5fc0d92
Add internal route group in enterprise frontend
nas-tabchiche f4ff73c
Remove debug logs
nas-tabchiche 6d18e9a
Internationalize client settings successful update message
nas-tabchiche 2e4c452
fix/simplify docker compose for enterprise
eric-intuitem 0ec5b54
Merge branch 'main' into enterprise/enhancements
nas-tabchiche 9339b93
Run npm audit fix
nas-tabchiche File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,7 +57,6 @@ Here is an overview of CISO Assistant features and capabilities: | |
|
||
![overview](features.png) | ||
|
||
|
||
CISO Assistant is developed and maintained by [intuitem](https://intuitem.com/), a French 🇫🇷 company specialized in Cyber Security, Cloud and Data/AI. | ||
|
||
## Quick Start 🚀 | ||
|
@@ -87,11 +86,11 @@ and run the starter script | |
> If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture. | ||
|
||
> [!CAUTION] | ||
> Don't use the `main` branch code directly for production as it's the merge upstream and can have breaking changes during our developemnt. Either use the `tags` for stable versions or prebuilt images. | ||
> Don't use the `main` branch code directly for production as it's the merge upstream and can have breaking changes during our developemnt. Either use the `tags` for stable versions or prebuilt images. | ||
|
||
## End-user Documentation | ||
|
||
Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant. | ||
Check out the online documentation on <https://intuitem.gitbook.io/ciso-assistant>. | ||
|
||
## Supported frameworks 🐙 | ||
|
||
|
@@ -158,13 +157,12 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant | |
3. ANSSI : Recommandations de configuration d'un système GNU/Linux 🇫🇷 | ||
4. PSSI-MCAS (Politique de sécurité des systèmes d’information pour les ministères chargés des affaires sociales) 🇫🇷 | ||
5. ANSSI : Recommandations pour la protection des systèmes d'information essentiels 🇫🇷 | ||
6. ANSSI : Recommandations de sécurité pour l'architecture d'un système de journalisation 🇫🇷 | ||
6. ANSSI : Recommandations de sécurité pour l'architecture d'un système de journalisation 🇫🇷 | ||
7. ANSSI : Recommandations de sécurité relatives à TLS 🇫🇷 | ||
8. New Zealand Information Security Manual (NZISM) 🇳🇿 | ||
<br/> | ||
<br/> | ||
|
||
> [!NOTE] | ||
> `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage. | ||
> [!NOTE] > `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage. | ||
|
||
<br/> | ||
|
||
|
@@ -364,7 +362,7 @@ python manage.py migrate | |
python manage.py createsuperuser | ||
``` | ||
|
||
9. Run development server. | ||
9. Run development server. | ||
|
||
```sh | ||
python manage.py runserver | ||
|
@@ -398,7 +396,7 @@ npm install | |
npm run dev | ||
``` | ||
|
||
4. Reach the frontend on http://localhost:5173 | ||
4. Reach the frontend on <http://localhost:5173> | ||
|
||
> [!NOTE] | ||
> Safari will not properly work in this setup, as it requires https for secure cookies. The simplest solution is to use Chrome or Firefox. An alternative is to use a caddy proxy. This is the solution used in docker-compose, so you can use it as an example. | ||
|
@@ -407,13 +405,13 @@ npm run dev | |
|
||
All variables in the frontend have handy default values. | ||
|
||
If you move the frontend on another host, you should set the following variable: PUBLIC_BACKEND_API_URL. Its default value is http://localhost:8000/api. | ||
If you move the frontend on another host, you should set the following variable: PUBLIC_BACKEND_API_URL. Its default value is <http://localhost:8000/api>. | ||
|
||
When you launch "node server" instead of "npm run dev", you need to set the ORIGIN variable to the same value as CISO_ASSISTANT_URL in the backend (e.g. http://localhost:3000). | ||
When you launch "node server" instead of "npm run dev", you need to set the ORIGIN variable to the same value as CISO_ASSISTANT_URL in the backend (e.g. <http://localhost:3000>). | ||
|
||
### Managing migrations | ||
|
||
The migrations are tracked by version control, https://docs.djangoproject.com/en/4.2/topics/migrations/#version-control | ||
The migrations are tracked by version control, <https://docs.djangoproject.com/en/4.2/topics/migrations/#version-control> | ||
|
||
For the first version of the product, it is recommended to start from a clean migration. | ||
|
||
|
@@ -449,7 +447,7 @@ The goal of the test harness is to prevent any regression, i.e. all the tests sh | |
|
||
## API and Swagger | ||
|
||
- The API documentation is available in dev mode on the `<backend_endpoint>/api/schema/swagger/`, for instance http://127.0.0.1:8000/api/schema/swagger/ | ||
- The API documentation is available in dev mode on the `<backend_endpoint>/api/schema/swagger/`, for instance <http://127.0.0.1:8000/api/schema/swagger/> | ||
|
||
To interact with it: | ||
|
||
|
@@ -496,7 +494,7 @@ Set DJANGO_DEBUG=False for security reason. | |
|
||
## Security | ||
|
||
Great care has been taken to follow security best practices. Please report any issue to [email protected]. | ||
Great care has been taken to follow security best practices. Please report any issue to <[email protected]>. | ||
|
||
## License | ||
|
||
|
@@ -506,6 +504,6 @@ All the files within the top-level "enterprise" directory are released under the | |
|
||
All the files outside the top-level "enterprise" directory are released under the [AGPLv3](https://choosealicense.com/licenses/agpl-3.0/). | ||
|
||
See [LICENSE.txt](./LICENSE.txt) for details. | ||
See [LICENSE.txt](./LICENSE.txt) for details. For more details about the commercial editions, you can reach us on <[email protected]>. | ||
|
||
Unless otherwise noted, all files are © intuitem. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,15 @@ | ||
# Quick start (development) | ||
|
||
1. Install the `enterprise_core` package | ||
1. Make sure you are in the `enterprise/backend` directory | ||
|
||
```bash | ||
cd enterprise/backend | ||
poetry install | ||
``` | ||
|
||
2. Start the development server with the enterprise settings file | ||
2. Install the `enterprise_core` package | ||
|
||
```bash | ||
python manage.py runserver --settings=enterprise_core.settings | ||
poetry install | ||
``` | ||
|
||
# Running a white label instance | ||
|
||
This can be done by running the development server with the `FF_WHITE_LABEL` environment variable set to `true`. | ||
3. Start the development server with the enterprise settings file | ||
|
||
```bash | ||
export FF_WHITE_LABEL=true | ||
python manage.py runserver --settings=enterprise_core.settings | ||
poetry run manage.sh runserver | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/usr/bin/env bash | ||
|
||
DJANGO_DIR=../../backend | ||
ENTERPRISE_SETTINGS=enterprise_core.settings | ||
|
||
python $DJANGO_DIR/manage.py $@ --settings=$ENTERPRISE_SETTINGS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,3 +24,4 @@ symlink-from | |
coverage/** | ||
.build | ||
package.json | ||
pnpm-lock.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
.DS_Store | ||
node_modules | ||
/build | ||
/.svelte-kit | ||
/package | ||
.env | ||
.env.* | ||
!.env.example | ||
/tests/reports/* | ||
/tests/results/* | ||
|
||
# Ignore files for PNPM, NPM and YARN | ||
pnpm-lock.yaml | ||
package-lock.json | ||
yarn.lock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
{ | ||
"useTabs": true, | ||
"singleQuote": true, | ||
"trailingComma": "none", | ||
"printWidth": 100, | ||
"plugins": ["prettier-plugin-svelte"], | ||
"overrides": [{ "files": "*.svelte", "options": { "parser": "svelte" } }] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apk add <package>
useapk add <package>=<version>
The issue identified by Hadolint is that the
apk add
command does not specify exact versions for the packages being installed. This can lead to inconsistencies and potential issues in the future if the packages are updated and introduce breaking changes. By pinning the package versions, you ensure that the same versions are used each time the Docker image is built, which helps in maintaining a stable and reproducible build environment.Here's the single line change to fix the issue:
This comment was generated by an experimental AI tool.