chore(deps): update actions/upload-artifact action from v4.4.3 to v4.5.0 (.github/workflows/fetch-oas.yml)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/upload-artifact	action	minor	v4.4.3 -> v4.5.0

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.5.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The GitHub Actions workflows were updated to fetch OpenAPI Specifications and build Docker images for testing, with improvements in artifact retention, image versioning, and build processes while maintaining security considerations.

Expand for full summary

Summary:

The provided code changes include updates to two GitHub Actions workflows: one that fetches OpenAPI Specifications (OAS) from a local server and uploads them as artifacts, and another that builds Docker images for testing purposes.

The OAS fetching workflow updates the version of the actions/upload-artifact GitHub Action and sets a 1-day retention period for the uploaded artifacts. It's important to ensure that no sensitive information is accidentally included in the OAS files, as they will be publicly accessible during the retention period. The workflow also uses specific versions of Docker images, which is a good practice to ensure reproducibility and avoid potential security issues.

The Docker image building workflow uses the Docker Buildx tool to build images for different components and operating systems. It's crucial to review the contents of the Dockerfiles used in this workflow to ensure they follow best practices for secure Docker image building, such as using trusted base images, applying security updates, and minimizing the attack surface. Additionally, the use of the latest (potentially unstable) version of Buildkit should be reviewed, as it may introduce potential security risks.

Files Changed:

1. .github/workflows/fetch-oas.yml:

   • Updates the version of the actions/upload-artifact GitHub Action.
   • Sets a 1-day retention period for the uploaded OAS artifacts.
   • Uses specific versions of the defectdojo-django and defectdojo-nginx Docker images.
   • Downloads the OAS files from a local server, which should be properly secured.
   • Includes a Logs step to capture Docker logs for debugging.

2. .github/workflows/build-docker-images-for-testing.yml:

   • Builds Docker images for django, nginx, and integration-tests components, for both alpine and debian operating systems.
   • Exports the built Docker images as artifacts for reuse in subsequent jobs or workflows.
   • Uses the Docker Buildx tool and the moby/buildkit:master image for the Buildx setup.
   • Sets a 1-day retention period for the uploaded Docker image artifacts.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved