intuitem
diff --git a/‎.github/workflows/rpm-build.yml‎
Lines changed: 126 additions & 0 deletions b/‎.github/workflows/rpm-build.yml‎
Lines changed: 126 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/ciso_assistant/settings.py‎
Lines changed: 5 additions & 0 deletions b/‎backend/ciso_assistant/settings.py‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎backend/ciso_assistant/urls.py‎
Lines changed: 1 addition & 0 deletions b/‎backend/ciso_assistant/urls.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎backend/core/apps.py‎
Lines changed: 3 additions & 0 deletions b/‎backend/core/apps.py‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎backend/core/migrations/0117_evidencerevision_task_node_tasktemplate_evidences.py‎
Lines changed: 35 additions & 0 deletions b/‎backend/core/migrations/0117_evidencerevision_task_node_tasktemplate_evidences.py‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎backend/core/models.py‎
Lines changed: 21 additions & 0 deletions b/‎backend/core/models.py‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎backend/core/serializers.py‎
Lines changed: 38 additions & 25 deletions b/‎backend/core/serializers.py‎
Lines changed: 38 additions & 25 deletions
@@ -0,0 +1,126 @@
+name: Build RPM Package
+
+permissions:
+  contents: write
+  packages: read
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+# Cancel older in-progress runs for the same PR or the same ref (branch)
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-rpm:
+    runs-on: ubuntu-24.04
+    container:
+      image: rockylinux:9
+      options: --privileged
+
+    steps:
+      - name: Install Git (required for checkout)
+        run: |
+          dnf install -y git
+
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Build Dependencies
+        run: |
+          dnf install -y \
+            rpm-build \
+            rpmdevtools \
+            rsync \
+            curl \
+            wget \
+            gcc \
+            gcc-c++ \
+            make \
+            openssl-devel \
+            bzip2-devel \
+            libffi-devel \
+            zlib-devel \
+            readline-devel \
+            sqlite-devel \
+            xz-devel \
+            tk-devel \
+            ncurses-devel \
+            gdbm-devel
+
+      - name: Install Node.js and pnpm
+        run: |
+          curl -fsSL https://rpm.nodesource.com/setup_22.x | bash -
+          dnf install -y nodejs
+          npm install -g pnpm
+
+      - name: Install Poetry
+        run: |
+          curl -sSL https://install.python-poetry.org | python3 -
+          echo "/root/.local/bin" >> $GITHUB_PATH
+
+      - name: Generate Version
+        id: version
+        run: |
+          VERSION=$(git describe --tags --always 2>/dev/null || echo 'dev')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Building version: $VERSION"
+
+      - name: Build RPM
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          cd packaging/rhel
+          bash build-rpm.sh
+
+      - name: Find Built RPM
+        id: rpm
+        run: |
+          RPM_PATH=$(find packaging/rhel/RPMS -name "*.rpm" -type f | head -n 1)
+          RPM_NAME=$(basename "$RPM_PATH")
+          echo "path=$RPM_PATH" >> $GITHUB_OUTPUT
+          echo "name=$RPM_NAME" >> $GITHUB_OUTPUT
+
+          # Get file size for summary
+          RPM_SIZE=$(du -h "$RPM_PATH" | cut -f1)
+          echo "size=$RPM_SIZE" >> $GITHUB_OUTPUT
+
+          echo "Built RPM: $RPM_NAME ($RPM_SIZE)"
+
+      - name: Upload RPM as Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ciso-assistant-rpm-${{ steps.version.outputs.version }}
+          path: ${{ steps.rpm.outputs.path }}
+          retention-days: 90
+          if-no-files-found: error
+
+      - name: Create Release and Upload RPM
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ${{ steps.rpm.outputs.path }}
+          generate_release_notes: true
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Job Summary
+        run: |
+          echo "## RPM Build Complete 🎉" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Version:** \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "**Package:** \`${{ steps.rpm.outputs.name }}\`" >> $GITHUB_STEP_SUMMARY
+          echo "**Size:** ${{ steps.rpm.outputs.size }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Installation" >> $GITHUB_STEP_SUMMARY
+          echo '```bash' >> $GITHUB_STEP_SUMMARY
+          echo "sudo rpm -ivh ${{ steps.rpm.outputs.name }}" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
@@ -628,4 +628,4 @@ Unless otherwise noted, all files are © intuitem.
 
 ## Activity
 
-![Alt](https://repobeats.axiom.co/api/embed/83162c6044da29efd7efa28f746b6bee5a3c6a8a.svg "Repobeats analytics image")
+![Alt](https://repobeats.axiom.co/api/embed/02f80d1b099ffd1ae66d9cfdc3a0e13234606f35.svg "Repobeats analytics image")
@@ -200,6 +200,7 @@ def set_ciso_assistant_url(_, __, event_dict):
     "library",
     "serdes",
     "integrations",
+    "webhooks",
     "rest_framework",
     "knox",
     "drf_spectacular",
@@ -504,3 +505,7 @@ def set_ciso_assistant_url(_, __, event_dict):
 
 AUDITLOG_RETENTION_DAYS = int(os.environ.get("AUDITLOG_RETENTION_DAYS", 90))
 AUDITLOG_MAX_RECORDS = int(os.environ.get("AUDITLOG_MAX_RECORDS", 50000))
+
+WEBHOOK_ALLOW_PRIVATE_IPS = (
+    os.environ.get("WEBHOOK_ALLOW_PRIVATE_IPS", "False") == "True"
+)
@@ -23,6 +23,7 @@
 
 # beware of the order of url patterns, this can change de behavior in case of multiple matches and avoid giving identical paths that could cause conflicts
 urlpatterns = [
+    path("api/webhooks/", include("webhooks.urls")),
     path("api/schema/", SpectacularAPIView.as_view(), name="schema"),
     path(
         "api/schema/swagger/",
 
@@ -11,6 +11,9 @@ class CoreConfig(AppConfig):
     verbose_name = "Core"
 
     def ready(self):
+        # This import runs the @webhook_registry.register decorator
+        import core.webhooks
+
         # avoid post_migrate handler if we are in the main, as it interferes with restore
         if not os.environ.get("RUN_MAIN"):
             post_migrate.connect(startup, sender=self)
@@ -0,0 +1,35 @@
+# Generated by Django 5.2.7 on 2025-11-28 08:36
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0116_validationflow_flowevent"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="evidencerevision",
+            name="task_node",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="evidence_revisions",
+                to="core.tasknode",
+                verbose_name="Task Node",
+            ),
+        ),
+        migrations.AddField(
+            model_name="tasktemplate",
+            name="evidences",
+            field=models.ManyToManyField(
+                blank=True,
+                help_text="Evidences related to the task",
+                related_name="task_templates",
+                to="core.evidence",
+            ),
+        ),
+    ]
@@ -3388,6 +3388,14 @@ class EvidenceRevision(AbstractBaseModel, FolderMixin):
     evidence = models.ForeignKey(
         Evidence, on_delete=models.CASCADE, related_name="revisions"
     )
+    task_node = models.ForeignKey(
+        "TaskNode",
+        on_delete=models.SET_NULL,
+        related_name="evidence_revisions",
+        blank=True,
+        null=True,
+        verbose_name=_("Task Node"),
+    )
     version = models.IntegerField(
         default=1,
         verbose_name=_("version number"),
@@ -6637,6 +6645,12 @@ class TaskTemplate(NameDescriptionMixin, FolderMixin):
     assigned_to = models.ManyToManyField(
         User, verbose_name="Assigned to", blank=True, related_name="task_templates"
     )
+    evidences = models.ManyToManyField(
+        Evidence,
+        blank=True,
+        help_text="Evidences related to the task",
+        related_name="task_templates",
+    )
     assets = models.ManyToManyField(
         Asset,
         verbose_name="Related assets",
@@ -6774,10 +6788,17 @@ class TaskNode(AbstractBaseModel, FolderMixin):
 
     to_delete = models.BooleanField(default=False)
 
+    def __str__(self):
+        return f"{self.task_template.name} ({self.due_date})"
+
     @property
     def assigned_to(self):
         return self.task_template.assigned_to
 
+    @property
+    def expected_evidence(self):
+        return self.task_template.evidences.all()
+
     @property
     def assets(self):
         return self.task_template.assets.all()
 
@@ -1552,6 +1552,7 @@ class EvidenceRevisionReadSerializer(BaseModelSerializer):
     evidence = FieldsRelatedField()
     folder = FieldsRelatedField()
     str = serializers.CharField(source="__str__")
+    task_node = FieldsRelatedField()
 
     class Meta:
         model = EvidenceRevision
@@ -1569,6 +1570,9 @@ def create(self, validated_data):
             models.Max("version")
         )["version__max"]
         validated_data["version"] = (max_version or 0) + 1
+        # Update evidence status to in_review when a new revision is submitted
+        evidence.status = Evidence.Status.IN_REVIEW
+        evidence.save()
         return super().create(validated_data)
 
 
@@ -2399,6 +2403,7 @@ def get_timeline_entries(self, obj):
 class TaskTemplateReadSerializer(BaseModelSerializer):
     path = PathField(read_only=True)
     folder = FieldsRelatedField()
+    evidences = FieldsRelatedField(many=True)
     assets = FieldsRelatedField(many=True)
     applied_controls = FieldsRelatedField(many=True)
     compliance_assessments = FieldsRelatedField(many=True)
@@ -2417,7 +2422,6 @@ class TaskTemplateReadSerializer(BaseModelSerializer):
     # Expose task_node fields directly
     status = serializers.SerializerMethodField()
     observation = serializers.SerializerMethodField()
-    evidences = serializers.SerializerMethodField()
 
     class Meta:
         model = TaskTemplate
@@ -2439,21 +2443,12 @@ def get_observation(self, obj):
         task_node = self.get_task_node(obj)
         return task_node.observation if task_node else ""
 
-    def get_evidences(self, obj):
-        task_node = self.get_task_node(obj)
-        if task_node:
-            return [{"id": e.id, "str": e.name} for e in task_node.evidences.all()]
-        return []
-
 
 class TaskTemplateWriteSerializer(BaseModelSerializer):
     status = serializers.CharField(required=False)
     observation = serializers.CharField(
         required=False, allow_blank=True, allow_null=True
     )
-    evidences = serializers.PrimaryKeyRelatedField(
-        queryset=Evidence.objects.all(), many=True, required=False
-    )
 
     class Meta:
         model = TaskTemplate
@@ -2470,11 +2465,9 @@ def to_representation(self, instance):
             if task_node:
                 data["status"] = task_node.status
                 data["observation"] = task_node.observation
-                data["evidences"] = [e.id for e in task_node.evidences.all()]
             else:
                 data["status"] = None
                 data["observation"] = ""
-                data["evidences"] = []
         return data
 
     def create(self, validated_data):
@@ -2539,7 +2532,6 @@ def _extract_tasknode_fields(self, validated_data):
         return {
             "status": validated_data.pop("status", None),
             "observation": validated_data.pop("observation", None),
-            "evidences": validated_data.pop("evidences", []),
         }
 
     def _sync_task_node(
@@ -2580,28 +2572,49 @@ def _sync_task_node(
             task_node.observation = tasknode_data["observation"]
         task_node.save()
 
-        evidences = tasknode_data.get("evidences")
-        if evidences is not None:
-            task_node.evidences.set(evidences)
-
 
 class TaskNodeReadSerializer(BaseModelSerializer):
     path = PathField(read_only=True)
-    task_template = FieldsRelatedField()
+    task_template = FieldsRelatedField(["folder", "id"])
     folder = FieldsRelatedField()
     name = serializers.SerializerMethodField()
     assigned_to = FieldsRelatedField(many=True)
-    evidences = FieldsRelatedField(many=True)
+    evidences = FieldsRelatedField(["folder", "id"], many=True)
     is_recurrent = serializers.BooleanField(source="task_template.is_recurrent")
-    applied_controls = FieldsRelatedField(many=True)
-    compliance_assessments = FieldsRelatedField(many=True)
-    assets = FieldsRelatedField(many=True)
-    risk_assessments = FieldsRelatedField(many=True)
-    findings_assessment = FieldsRelatedField(many=True)
+    expected_evidence = FieldsRelatedField(["folder", "id"], many=True)
+    evidence_reviewed = serializers.SerializerMethodField()
+    evidence_revisions_map = serializers.SerializerMethodField()
+    applied_controls = FieldsRelatedField(["folder", "id"], many=True)
+    compliance_assessments = FieldsRelatedField(["folder", "id"], many=True)
+    assets = FieldsRelatedField(["folder", "id"], many=True)
+    risk_assessments = FieldsRelatedField(["folder", "id"], many=True)
+    findings_assessment = FieldsRelatedField(["folder", "id"], many=True)
 
     def get_name(self, obj):
         return obj.task_template.name if obj.task_template else ""
 
+    def get_evidence_reviewed(self, obj):
+        evidence_reviewed = []
+        for evidence in obj.expected_evidence:
+            last_revision = evidence.last_revision
+            if last_revision and last_revision.task_node == obj:
+                evidence_reviewed.append(evidence.id)
+        return evidence_reviewed
+
+    def get_evidence_revisions_map(self, obj):
+        """Returns a mapping of evidence ID to revision ID for this task node"""
+        from core.models import EvidenceRevision
+
+        evidence_revisions = {}
+        for evidence in obj.expected_evidence:
+            # Find revisions for this evidence that belong to this task node
+            revision = EvidenceRevision.objects.filter(
+                evidence=evidence, task_node=obj
+            ).first()
+            if revision:
+                evidence_revisions[str(evidence.id)] = str(revision.id)
+        return evidence_revisions
+
     class Meta:
         model = TaskNode
         exclude = ["to_delete"]
@@ -2610,7 +2623,7 @@ class Meta:
 class TaskNodeWriteSerializer(BaseModelSerializer):
     class Meta:
         model = TaskNode
-        exclude = ["task_template"]
+        exclude = ["task_template", "evidences"]
 
 
 class TerminologyReadSerializer(BaseModelSerializer):
Original file line number	Diff line number	Diff line change
`@@ -628,4 +628,4 @@ Unless otherwise noted, all files are © intuitem.`
`628`	`628`
`629`	`629`	`## Activity`
`630`	`630`
`631`		`-![Alt](https://repobeats.axiom.co/api/embed/83162c6044da29efd7efa28f746b6bee5a3c6a8a.svg "Repobeats analytics image")`
	`631`	`+![Alt](https://repobeats.axiom.co/api/embed/02f80d1b099ffd1ae66d9cfdc3a0e13234606f35.svg "Repobeats analytics image")`