DefectDojo · kiblik · Dec 12, 2025
@@ -76,6 +76,7 @@ jobs:
           push: true
           file: ./Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
           context: .
+          target: release
           outputs: type=image,"name=${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}",push-by-digest=true,name-canonical=true
           cache-from: type=gha,scope=${{ matrix.docker-image}}-${{ matrix.os }}-${{ env.PLATFORM }}-${{ github.head_ref || github.ref_name }}
           cache-to: type=gha,mode=max,scope=${{ matrix.docker-image}}-${{ matrix.os }}-${{ env.PLATFORM }}-${{ github.head_ref || github.ref_name }}

@@ -68,25 +68,20 @@ RUN \
 COPY \
   docker/entrypoint-celery-beat.sh \
   docker/entrypoint-celery-worker.sh \
-  docker/entrypoint-celery-worker-dev.sh \
   docker/entrypoint-initializer.sh \
   docker/entrypoint-first-boot.sh \
   docker/entrypoint-uwsgi.sh \
-  docker/entrypoint-uwsgi-dev.sh \
-  docker/entrypoint-unit-tests.sh \
-  docker/entrypoint-unit-tests-devDocker.sh \
   docker/wait-for-it.sh \
   docker/secret-file-loader.sh \
   docker/reach_database.sh \
   docker/certs/* \
   /
-COPY wsgi.py manage.py docker/unit-tests.sh ./
+COPY wsgi.py manage.py ./
 COPY dojo/ ./dojo/
 
 # Add extra fixtures to docker image which are loaded by the initializer
 COPY docker/extra_fixtures/* /app/dojo/fixtures/
 
-COPY tests/ ./tests/
 RUN \
   # Remove placeholder copied from docker/certs
   rm -f /readme.txt && \
@@ -139,9 +134,19 @@ ENTRYPOINT ["/entrypoint-uwsgi.sh"]
 
 FROM release AS development
 USER root
-COPY requirements-dev.txt ./
+COPY \
+  requirements-dev.txt \
+  docker/unit-tests.sh \
+  ./
+COPY \
+  docker/entrypoint-celery-worker-dev.sh \
+  docker/entrypoint-uwsgi-dev.sh \
+  docker/entrypoint-unit-tests.sh \
+  docker/entrypoint-unit-tests-devDocker.sh \
+  /
 RUN pip3 install --no-cache-dir -r requirements-dev.txt
 USER ${uid}
 
 FROM development AS django-unittests
 COPY unittests/ ./unittests/
+COPY tests/ ./tests/
@@ -71,25 +71,20 @@ RUN \
 COPY \
   docker/entrypoint-celery-beat.sh \
   docker/entrypoint-celery-worker.sh \
-  docker/entrypoint-celery-worker-dev.sh \
   docker/entrypoint-initializer.sh \
   docker/entrypoint-first-boot.sh \
   docker/entrypoint-uwsgi.sh \
-  docker/entrypoint-uwsgi-dev.sh \
-  docker/entrypoint-unit-tests.sh \
-  docker/entrypoint-unit-tests-devDocker.sh \
   docker/wait-for-it.sh \
   docker/secret-file-loader.sh \
   docker/reach_database.sh \
   docker/certs/* \
   /
-COPY wsgi.py manage.py docker/unit-tests.sh ./
+COPY wsgi.py manage.py ./
 COPY dojo/ ./dojo/
 
 # Add extra fixtures to docker image which are loaded by the initializer
 COPY docker/extra_fixtures/* /app/dojo/fixtures/
 
-COPY tests/ ./tests/
 RUN \
   # Remove placeholder copied from docker/certs
   rm -f /readme.txt && \
@@ -142,9 +137,19 @@ ENTRYPOINT ["/entrypoint-uwsgi.sh"]
 
 FROM release AS development
 USER root
-COPY requirements-dev.txt ./
+COPY \
+  requirements-dev.txt \
+  docker/unit-tests.sh \
+  ./
+COPY \
+  docker/entrypoint-celery-worker-dev.sh \
+  docker/entrypoint-uwsgi-dev.sh \
+  docker/entrypoint-unit-tests.sh \
+  docker/entrypoint-unit-tests-devDocker.sh \
+  /
 RUN pip3 install --no-cache-dir -r requirements-dev.txt
 USER ${uid}
 
 FROM development AS django-unittests
 COPY unittests/ ./unittests/
+COPY tests/ ./tests/
@@ -63,7 +63,7 @@ COPY dojo/ ./dojo/
 # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching
 RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true
 
-FROM nginx:1.29.3-alpine3.22@sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14
+FROM nginx:1.29.3-alpine3.22@sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14 AS release
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/