Merge branch 'master' into PRWLR-5755-improve-rls-performance-in-views

prowler-cloud · Dec 26, 2024 · bcea6a9 · bcea6a9
2 parents 15f5054 + 550165b
commit bcea6a9
Show file tree

Hide file tree

Showing 219 changed files with 15,721 additions and 973 deletions.
diff --git a/.env b/.env
@@ -6,6 +6,7 @@
 PROWLER_UI_VERSION="latest"
 SITE_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
+NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
 # openssl rand -base64 32
@@ -40,9 +41,12 @@ DJANGO_LOGGING_FORMATTER=human_readable
 # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
 # Applies to both Django and Celery Workers
 DJANGO_LOGGING_LEVEL=INFO
-DJANGO_WORKERS=4 # Defaults to the maximum available based on CPU cores if not set.
-DJANGO_ACCESS_TOKEN_LIFETIME=30 # Token lifetime is in minutes
-DJANGO_REFRESH_TOKEN_LIFETIME=1440 # Token lifetime is in minutes
+# Defaults to the maximum available based on CPU cores if not set.
+DJANGO_WORKERS=4
+# Token lifetime is in minutes
+DJANGO_ACCESS_TOKEN_LIFETIME=30
+# Token lifetime is in minutes
+DJANGO_REFRESH_TOKEN_LIFETIME=1440
 DJANGO_CACHE_MAX_AGE=3600
 DJANGO_STALE_WHILE_REVALIDATE=60
 DJANGO_MANAGE_DB_PARTITIONS=True
@@ -87,3 +91,4 @@ jQIDAQAB
 -----END PUBLIC KEY-----"
 # openssl rand -base64 32
 DJANGO_SECRETS_ENCRYPTION_KEY="oE/ltOhp/n1TdbHjVmzcjDPLcLA41CVI/4Rk+UB5ESc="
+DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
diff --git a/.github/workflows/api-build-lint-push-containers.yml b/.github/workflows/api-build-lint-push-containers.yml
@@ -31,19 +31,34 @@ env:
   PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
 
 jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
   # Build Prowler OSS container
   container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ${{ env.WORKING_DIRECTORY }}
 
     steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
-
       - name: Checkout
         uses: actions/checkout@v4
 

diff --git a/.github/workflows/api-codeql.yml b/.github/workflows/api-codeql.yml
@@ -15,16 +15,12 @@ on:
   push:
     branches:
       - "master"
-      - "v3"
-      - "v4.*"
       - "v5.*"
     paths:
       - "api/**"
   pull_request:
     branches:
       - "master"
-      - "v3"
-      - "v4.*"
       - "v5.*"
     paths:
       - "api/**"

diff --git a/.github/workflows/api-pull-request.yml b/.github/workflows/api-pull-request.yml
@@ -4,11 +4,13 @@ on:
   push:
     branches:
       - "master"
+      - "v5.*"
     paths:
       - "api/**"
   pull_request:
     branches:
       - "master"
+      - "v5.*"
     paths:
       - "api/**"
 

diff --git a/.github/workflows/find-secrets.yml b/.github/workflows/find-secrets.yml
@@ -11,7 +11,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.86.1
+        uses: trufflesecurity/trufflehog@v3.88.0
         with:
           path: ./
           base: ${{ github.event.repository.default_branch }}

diff --git a/.github/workflows/sdk-codeql.yml b/.github/workflows/sdk-codeql.yml
@@ -17,6 +17,7 @@ on:
       - "master"
       - "v3"
       - "v4.*"
+      - "v5.*"
     paths-ignore:
       - 'ui/**'
       - 'api/**'
@@ -25,6 +26,7 @@ on:
       - "master"
       - "v3"
       - "v4.*"
+      - "v5.*"
     paths-ignore:
       - 'ui/**'
       - 'api/**'

diff --git a/.github/workflows/sdk-pull-request.yml b/.github/workflows/sdk-pull-request.yml
@@ -37,6 +37,7 @@ jobs:
             README.md
             mkdocs.yml
             .backportrc.json
+            .env
 
       - name: Install poetry
         if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'

diff --git a/.github/workflows/sdk-pypi-release.yml b/.github/workflows/sdk-pypi-release.yml
@@ -10,12 +10,40 @@ env:
   CACHE: "poetry"
 
 jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
   release-prowler-job:
     runs-on: ubuntu-latest
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
     env:
       POETRY_VIRTUALENVS_CREATE: "false"
     name: Release Prowler to PyPI
     steps:
+      - name: Repository check
+        working-directory: /tmp
+        run: |
+              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
+                  echo "This action only runs for prowler-cloud/prowler"
+                  exit 1
+              fi
+
       - name: Get Prowler version
         run: |
           PROWLER_VERSION="${{ env.RELEASE_TAG }}"

diff --git a/.github/workflows/ui-build-lint-push-containers.yml b/.github/workflows/ui-build-lint-push-containers.yml
@@ -31,19 +31,34 @@ env:
   PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
 
 jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
   # Build Prowler OSS container
   container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ${{ env.WORKING_DIRECTORY }}
 
     steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
-
       - name: Checkout
         uses: actions/checkout@v4
 

diff --git a/.github/workflows/ui-codeql.yml b/.github/workflows/ui-codeql.yml
@@ -15,14 +15,12 @@ on:
   push:
     branches:
       - "master"
-      - "v4.*"
       - "v5.*"
     paths:
       - "ui/**"
   pull_request:
     branches:
       - "master"
-      - "v4.*"
       - "v5.*"
     paths:
       - "ui/**"

diff --git a/.github/workflows/ui-pull-request.yml b/.github/workflows/ui-pull-request.yml
@@ -1,9 +1,16 @@
 name: UI - Pull Request
 
 on:
+  push:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - "ui/**"
   pull_request:
     branches:
       - master
+      - "v5.*"
     paths:
       - 'ui/**'
 

diff --git a/README.md b/README.md
@@ -98,6 +98,7 @@ curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/mast
 docker compose up -d
 ```
 
+> Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
 > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
 
 ### From GitHub

diff --git a/api/.env.example b/api/.env.example
@@ -22,6 +22,7 @@ DJANGO_SECRETS_ENCRYPTION_KEY=""
 # Decide whether to allow Django manage database table partitions
 DJANGO_MANAGE_DB_PARTITIONS=[True|False]
 DJANGO_CELERY_DEADLOCK_ATTEMPTS=5
+DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
 
 # PostgreSQL settings
 # If running django and celery on host, use 'localhost', else use 'postgres-db'