Soft merge branch 'dev' into branch '1.6'

.github/workflows/codeql.yml

@@ -35,12 +35,12 @@ jobs:
           python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
           echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           languages: ${{ matrix.language }}
           config-file: ./.github/codeql.yml
           setup-python-dependencies: false
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/container-build.yml

@@ -95,7 +95,7 @@ jobs:
       # Build cached image
       - name: Build image
         if: inputs.CACHE == true
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           file: ${{ inputs.DOCKERFILE }}
@@ -108,7 +108,7 @@ jobs:
       # Build non-cached image
       - name: Build image
         if: inputs.CACHE != true
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           file: ${{ inputs.DOCKERFILE }}

.github/workflows/linux-build.yml

@@ -97,7 +97,7 @@ jobs:
       # Build testing package image
       - name: Build package image
         if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' || inputs.RELEASE == '1.6'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           load: true
@@ -109,7 +109,7 @@ jobs:
       # Build non-testing package image
       - name: Build package image
         if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' && inputs.RELEASE != 'ui' && inputs.RELEASE != '1.6'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           load: true
@@ -145,7 +145,7 @@ jobs:
           images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
       - name: Build test image
         if: inputs.TEST == true
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           file: tests/linux/Dockerfile-${{ inputs.LINUX }}

.github/workflows/push-docker.yml

@@ -70,7 +70,7 @@ jobs:
           images: bunkerity/${{ inputs.IMAGE }}
       # Build and push
       - name: Build and push
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
         with:
           context: .
           file: ${{ inputs.DOCKERFILE }}

.github/workflows/push-github.yml

@@ -51,7 +51,7 @@ jobs:
       # Create release
       - name: Create release
         if: inputs.VERSION != 'testing'
-        uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
         with:
           body: |
             Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
@@ -75,7 +75,7 @@ jobs:
       # Create release
       - name: Create release
         if: inputs.VERSION == 'testing'
-        uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
         with:
           body: |
             **The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.**

.github/workflows/scorecards-analysis.yml

@@ -25,6 +25,6 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           sarif_file: results.sarif

docs/integrations.md

@@ -714,6 +714,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: sa-bunkerweb
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -745,6 +746,7 @@ spec:
       annotations:
         bunkerweb.io/INSTANCE: "yes"
     spec:
+      serviceAccountName: sa-bunkerweb
       containers:
         # using bunkerweb as name is mandatory
         - name: bunkerweb

docs/web-ui.md

@@ -418,10 +418,21 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
         resources: ["ingresses"]
         verbs: ["get", "watch", "list"]
     ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      namespace: default
+      name: role-bunkerweb-logs
+    rules:
+      - apiGroups: [""]
+        resources: ["pods/log"]
+        verbs: ["get"]
+    ---
     apiVersion: v1
     kind: ServiceAccount
     metadata:
       name: sa-bunkerweb
+      namespace: default
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ -437,6 +448,20 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
       name: cr-bunkerweb
       apiGroup: rbac.authorization.k8s.io
     ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: rolebinding-bunkerweb-logs
+      namespace: default
+    subjects:
+      - kind: ServiceAccount
+        name: sa-bunkerweb
+        namespace: default
+    roleRef:
+      kind: Role
+      name: role-bunkerweb-logs
+      apiGroup: rbac.authorization.k8s.io
+    ---
     apiVersion: apps/v1
     kind: DaemonSet
     metadata:
@@ -453,6 +478,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
           annotations:
             bunkerweb.io/INSTANCE: "yes"
         spec:
+          serviceAccountName: sa-bunkerweb
           containers:
             # using bunkerweb as name is mandatory
             - name: bunkerweb
@@ -534,7 +560,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
               env:
                 - name: KUBERNETES_MODE
                   value: "yes"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: apps/v1
@@ -561,7 +587,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
               env:
                 - name: KUBERNETES_MODE
                   value: "yes"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: apps/v1
@@ -608,14 +634,14 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
               env:
                 - name: MYSQL_RANDOM_ROOT_PASSWORD
                   value: "yes"
-                - name: "MYSQL_DATABASE"
+                - name: MYSQL_DATABASE
                   value: "db"
-                - name: "MYSQL_USER"
+                - name: MYSQL_USER
                   value: "bunkerweb"
-                - name: "MYSQL_PASSWORD"
+                - name: MYSQL_PASSWORD
                   value: "changeme"
               volumeMounts:
-                - mountPath: "/var/lib/mysql"
+                - mountPath: /var/lib/mysql
                   name: vol-db
           volumes:
             - name: vol-db
@@ -646,7 +672,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
               env:
                 - name: KUBERNETES_MODE
                   value: "YES"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:testor@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: v1
@@ -1264,10 +1290,21 @@ After a successful login/password combination, you will be prompted to enter you
         resources: ["ingresses"]
         verbs: ["get", "watch", "list"]
     ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      namespace: default
+      name: role-bunkerweb-logs
+    rules:
+      - apiGroups: [""]
+        resources: ["pods/log"]
+        verbs: ["get"]
+    ---
     apiVersion: v1
     kind: ServiceAccount
     metadata:
       name: sa-bunkerweb
+      namespace: default
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ -1283,6 +1320,20 @@ After a successful login/password combination, you will be prompted to enter you
       name: cr-bunkerweb
       apiGroup: rbac.authorization.k8s.io
     ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: rolebinding-bunkerweb-logs
+      namespace: default
+    subjects:
+      - kind: ServiceAccount
+        name: sa-bunkerweb
+        namespace: default
+    roleRef:
+      kind: Role
+      name: role-bunkerweb-logs
+      apiGroup: rbac.authorization.k8s.io
+    ---
     apiVersion: apps/v1
     kind: DaemonSet
     metadata:
@@ -1299,6 +1350,7 @@ After a successful login/password combination, you will be prompted to enter you
           annotations:
             bunkerweb.io/INSTANCE: "yes"
         spec:
+          serviceAccountName: sa-bunkerweb
           containers:
             # using bunkerweb as name is mandatory
             - name: bunkerweb
@@ -1377,7 +1429,7 @@ After a successful login/password combination, you will be prompted to enter you
               env:
                 - name: KUBERNETES_MODE
                   value: "yes"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: apps/v1
@@ -1404,7 +1456,7 @@ After a successful login/password combination, you will be prompted to enter you
               env:
                 - name: KUBERNETES_MODE
                   value: "yes"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: apps/v1
@@ -1451,14 +1503,14 @@ After a successful login/password combination, you will be prompted to enter you
               env:
                 - name: MYSQL_RANDOM_ROOT_PASSWORD
                   value: "yes"
-                - name: "MYSQL_DATABASE"
+                - name: MYSQL_DATABASE
                   value: "db"
-                - name: "MYSQL_USER"
+                - name: MYSQL_USER
                   value: "bunkerweb"
-                - name: "MYSQL_PASSWORD"
+                - name: MYSQL_PASSWORD
                   value: "changeme"
               volumeMounts:
-                - mountPath: "/var/lib/mysql"
+                - mountPath: /var/lib/mysql
                   name: vol-db
           volumes:
             - name: vol-db
@@ -1493,7 +1545,7 @@ After a successful login/password combination, you will be prompted to enter you
                   value: "changeme"
                 - name: KUBERNETES_MODE
                   value: "YES"
-                - name: "DATABASE_URI"
+                - name: DATABASE_URI
                   value: "mariadb+pymysql://bunkerweb:testor@svc-bunkerweb-db:3306/db"
     ---
     apiVersion: v1
@@ -1564,6 +1616,9 @@ After a successful login/password combination, you will be prompted to enter you
     metadata:
       name: ingress
       annotations:
+        bunkerweb.io/www.example.com_SERVE_FILES: "no"
+        bunkerweb.io/www.example.com_USE_CLIENT_CACHE: "yes"
+        bunkerweb.io/www.example.com_USE_GZIP: "yes"
         bunkerweb.io/www.example.com_USE_UI: "yes"
         bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: '400 404 405 413 429 500 501 502 503 504'
         bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: '50m'

examples/prestashop/tests.json → examples/prestashop/tests.json.backup

@@ -2,11 +2,11 @@
   "name": "prestashop",
   "kinds": ["docker", "autoconf", "swarm", "kubernetes"],
   "timeout": 240,
-  "delay": 240,
+  "delay": 300,
   "tests": [
     {
       "type": "string",
-      "url": "https://www.example.com/administration",
+      "url": "https://www.example.com",
       "string": "prestashop",
       "tls": "www.example.com"
     }