Merge branch 'main' into feature/iac-scaffolding

Author: kasya

.github/workflows/run-ci-cd.yaml

@@ -276,7 +276,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
 
       - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -377,16 +377,18 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Scan backend image
+        continue-on-error: true
         uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
-          exit-code: 0
+          exit-code: 1
           image-ref: owasp/nest:backend-staging
           scan-type: image
           trivy-config: trivy.yaml
           trivyignores: trivyignore.yaml
           version: latest
 
       - name: Scan frontend image
+        continue-on-error: true
         uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           exit-code: 1
@@ -600,7 +602,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
 
       - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/run-code-ql.yaml

@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93
         with:
           languages: ${{ matrix.language }}
 
@@ -55,6 +55,6 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93
         with:
           category: /language:${{ matrix.language }}

.github/workflows/update-nest-test-images.yaml

@@ -23,7 +23,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
 
       - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
         exclude: (.github|pnpm-lock.yaml)
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.1
+    rev: v0.13.2
     hooks:
       - id: ruff
         args:
@@ -83,7 +83,7 @@ repos:
         exclude: pnpm-lock.yaml
 
   - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.6.0
+    rev: v2.7.0
     hooks:
       - id: pyproject-fmt
 

backend/apps/owasp/admin/chapter.py

@@ -4,7 +4,7 @@
 
 from apps.owasp.models.chapter import Chapter
 
-from .mixins import EntityMemberInline, GenericEntityAdminMixin
+from .mixins import EntityChannelInline, EntityMemberInline, GenericEntityAdminMixin
 
 
 class ChapterAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
@@ -15,7 +15,7 @@ class ChapterAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
         "leaders",
         "suggested_leaders",
     )
-    inlines = (EntityMemberInline,)
+    inlines = (EntityMemberInline, EntityChannelInline)
     list_display = (
         "name",
         "created_at",

backend/apps/owasp/admin/committee.py

@@ -2,10 +2,13 @@
 
 from django.contrib import admin
 
+from apps.owasp.admin.mixins import (
+    EntityChannelInline,
+    EntityMemberInline,
+    GenericEntityAdminMixin,
+)
 from apps.owasp.models.committee import Committee
 
-from .mixins import EntityMemberInline, GenericEntityAdminMixin
-
 
 class CommitteeAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
     """Admin for Committee model."""
@@ -15,7 +18,7 @@ class CommitteeAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
         "leaders",
         "suggested_leaders",
     )
-    inlines = (EntityMemberInline,)
+    inlines = (EntityMemberInline, EntityChannelInline)
     search_fields = ("name",)
 
 

backend/apps/owasp/admin/mixins.py

@@ -1,10 +1,14 @@
 """OWASP admin mixins for common functionality."""
 
 from django.contrib.contenttypes.admin import GenericTabularInline
+from django.contrib.contenttypes.models import ContentType
 from django.utils.html import escape
 from django.utils.safestring import mark_safe
 
+from apps.owasp.admin.widgets import ChannelIdWidget
+from apps.owasp.models.entity_channel import EntityChannel
 from apps.owasp.models.entity_member import EntityMember
+from apps.slack.models.conversation import Conversation
 
 
 class BaseOwaspAdminMixin:
@@ -58,6 +62,36 @@ class EntityMemberInline(GenericTabularInline):
     raw_id_fields = ("member",)
 
 
+class EntityChannelInline(GenericTabularInline):
+    """EntityChannel inline for admin."""
+
+    ct_field = "entity_type"
+    ct_fk_field = "entity_id"
+    extra = 1
+    fields = (
+        "channel_type",
+        "channel_id",
+        "platform",
+        "is_default",
+        "is_active",
+        "is_reviewed",
+    )
+    model = EntityChannel
+    ordering = ("platform", "channel_id")
+
+    def formfield_for_dbfield(self, db_field, request, **kwargs):
+        """Override to add custom widget for channel_id field and limit channel_type options."""
+        if db_field.name == "channel_id":
+            kwargs["widget"] = ChannelIdWidget()
+        elif db_field.name == "channel_type":
+            # Limit channel_type to only Conversation (Slack channels)
+            conversation_ct = ContentType.objects.get_for_model(Conversation)
+            kwargs["queryset"] = ContentType.objects.filter(id=conversation_ct.id)
+            kwargs["initial"] = conversation_ct
+
+        return super().formfield_for_dbfield(db_field, request, **kwargs)
+
+
 class GenericEntityAdminMixin(BaseOwaspAdminMixin):
     """Mixin for generic entity admin with common entity functionality."""
 

backend/apps/owasp/admin/project.py

@@ -2,10 +2,13 @@
 
 from django.contrib import admin
 
+from apps.owasp.admin.mixins import (
+    EntityChannelInline,
+    EntityMemberInline,
+    GenericEntityAdminMixin,
+)
 from apps.owasp.models.project import Project
 
-from .mixins import EntityMemberInline, GenericEntityAdminMixin
-
 
 class ProjectAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
     """Admin for Project model."""
@@ -20,7 +23,7 @@ class ProjectAdmin(admin.ModelAdmin, GenericEntityAdminMixin):
         "leaders",
         "suggested_leaders",
     )
-    inlines = (EntityMemberInline,)
+    inlines = (EntityMemberInline, EntityChannelInline)
     list_display = (
         "custom_field_name",
         "created_at",

backend/apps/owasp/admin/widgets.py

@@ -0,0 +1,24 @@
+"""Custom widgets for OWASP admin."""
+
+from django import forms
+from django.utils.safestring import mark_safe
+
+
+class ChannelIdWidget(forms.TextInput):
+    """Custom widget for channel_id with search functionality."""
+
+    def __init__(self, *args, **kwargs):
+        """Initialize the widget with custom attributes."""
+        super().__init__(*args, **kwargs)
+        self.attrs.update({"class": "vForeignKeyRawIdAdminField", "placeholder": "Channel ID"})
+
+    def render(self, name, value, attrs=None, renderer=None):
+        """Render the widget with a search button."""
+        widget_html = super().render(name, value, attrs, renderer)
+
+        search_button = (
+            "<a href='/a/slack/conversation/' class='related-lookup'"
+            f"id='lookup_id_{name}' title='Look up related objects'></a>"
+        )
+
+        return mark_safe(f"{widget_html}{search_button}")  # noqa: S308

backend/apps/owasp/migrations/0053_entitychannel.py

@@ -0,0 +1,77 @@
+# Generated by Django 5.2.6 on 2025-09-30 23:14
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("contenttypes", "0002_remove_content_type_name"),
+        ("owasp", "0052_remove_entitymember_owasp_entit_member__6e516f_idx_and_more"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="EntityChannel",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                ("channel_id", models.PositiveBigIntegerField()),
+                ("entity_id", models.PositiveBigIntegerField()),
+                (
+                    "is_active",
+                    models.BooleanField(
+                        default=True, help_text="Indicates if this channel is active"
+                    ),
+                ),
+                (
+                    "is_default",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Indicates if this is the main channel for the entity",
+                    ),
+                ),
+                (
+                    "is_reviewed",
+                    models.BooleanField(
+                        default=False, help_text="Indicates if the channel has been reviewed"
+                    ),
+                ),
+                (
+                    "platform",
+                    models.CharField(
+                        choices=[("slack", "Slack")],
+                        default="slack",
+                        help_text="Platform of the channel (e.g., Slack)",
+                        max_length=5,
+                    ),
+                ),
+                (
+                    "channel_type",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="+",
+                        to="contenttypes.contenttype",
+                    ),
+                ),
+                (
+                    "entity_type",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="+",
+                        to="contenttypes.contenttype",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Entity channel",
+                "verbose_name_plural": "Entity channels",
+                "db_table": "owasp_entity_channels",
+                "unique_together": {("channel_id", "channel_type", "entity_id", "entity_type")},
+            },
+        ),
+    ]