Merge pull request #4 from topcoder-platform/develop

[v6 PROD RELEASE] - dev -> master

Author: kkartunov

.circleci/config.yml

@@ -119,7 +119,7 @@ workflows:
             only:
             - develop
             - hotfix/deploy
-            - pm-2456
+            - pm-2539
 
     # Production builds are exectuted only on tagged commits to the testing
     # master branch.

.github/workflows/trivy.yaml

@@ -0,0 +1,34 @@
+name: Trivy Scanner
+
+permissions:
+  contents: read
+  security-events: write
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+jobs:
+  trivy-scan:
+    name: Use Trivy
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy scanner in repo mode
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: "fs"
+          ignore-unfixed: true
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH,UNKNOWN"
+          scanners: vuln,secret,misconfig,license
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"

config/default.js

@@ -59,5 +59,6 @@ module.exports = {
   },
 
   AUTOMATED_TESTING_NAME_PREFIX: process.env.AUTOMATED_TESTING_NAME_PREFIX || 'POSTMANE2E-',
-  TOPCROWD_CHALLENGE_TEMPLATE_ID: process.env.TOPCROWD_CHALLENGE_TEMPLATE_ID || '517e76b0-8824-4e72-9b48-a1ebde1793a8'
+  TOPCROWD_CHALLENGE_TEMPLATE_ID: process.env.TOPCROWD_CHALLENGE_TEMPLATE_ID || '517e76b0-8824-4e72-9b48-a1ebde1793a8',
+  RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000
 }

config/test.js

@@ -21,5 +21,6 @@ module.exports = {
   COPILOT_CREDENTIALS_PASSWORD: process.env.COPILOT_CREDENTIALS_PASSWORD || '',
   USER_CREDENTIALS_USERNAME: process.env.USER_CREDENTIALS_USERNAME || '',
   USER_CREDENTIALS_PASSWORD: process.env.USER_CREDENTIALS_PASSWORD || '',
-  AUTOMATED_TESTING_REPORTERS_FORMAT: process.env.AUTOMATED_TESTING_REPORTERS_FORMAT || ['cli', 'html']
+  AUTOMATED_TESTING_REPORTERS_FORMAT: process.env.AUTOMATED_TESTING_REPORTERS_FORMAT || ['cli', 'html'],
+  RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000
 }

env.sh

@@ -31,3 +31,5 @@ export DATABASE_URL="postgresql://johndoe:mypassword@localhost:5532/resourceapi?
 export MEMBER_DB_URL="postgresql://johndoe:mypassword@localhost:5632/memberdb"
 
 export CHALLENGE_DB_URL="postgresql://johndoe:mypassword@localhost:5732/challengedb"
+
+export RESOURCE_SERVICE_PRISMA_TIMEOUT=10000

migrator/src/clients/prismaClient.js

@@ -1,6 +1,11 @@
 const { PrismaClient } = require('@prisma/client');
+const config = require('config')
 
-const prisma = new PrismaClient();
+const prisma = new PrismaClient({
+  transactionOptions: {
+    timeout: config.MEMBER_SERVICE_PRISMA_TIMEOUT,
+  },
+});
 
 module.exports = prisma;
 

prisma/migrations/20251023102730_performance_indices/migration.sql

@@ -0,0 +1,14 @@
+-- CreateIndex
+CREATE INDEX "resource-roleId-index" ON "resources"."Resource"("roleId");
+
+-- CreateIndex
+CREATE INDEX "resource-memberIdChallengeId-index" ON "resources"."Resource"("memberId", "challengeId");
+
+-- CreateIndex
+CREATE INDEX "resourcerole-isActive-index" ON "resources"."ResourceRole"("isActive");
+
+-- CreateIndex
+CREATE INDEX "resourcerole-isActiveSelfObtainable-index" ON "resources"."ResourceRole"("isActive", "selfObtainable");
+
+-- CreateIndex
+CREATE INDEX "resourcerolephasedependency-resourceRoleId-index" ON "resources"."ResourceRolePhaseDependency"("resourceRoleId");

prisma/schema.prisma

@@ -24,8 +24,10 @@ model ResourceRole {
   resources                     Resource[]
   resourceRolePhaseDependencies ResourceRolePhaseDependency[]
 
-  // Index for faster search
+  // Indexes for faster search
   @@index([nameLower], map: "resourcerole-nameLower-index")
+  @@index([isActive], map: "resourcerole-isActive-index")
+  @@index([isActive, selfObtainable], map: "resourcerole-isActiveSelfObtainable-index")
 }
 
 model Resource {
@@ -46,6 +48,8 @@ model Resource {
   // Indexes for faster searches
   @@index([challengeId, memberId], map: "resource-challengeIdMemberId-index")
   @@index([memberId, roleId], map: "resource-memberIdRoleId-index")
+  @@index([roleId], map: "resource-roleId-index")
+  @@index([memberId, challengeId], map: "resource-memberIdChallengeId-index")
 }
 
 model ResourceRolePhaseDependency {
@@ -60,4 +64,5 @@ model ResourceRolePhaseDependency {
   resourceRole   ResourceRole @relation(fields: [resourceRoleId], references: [id])
 
   @@unique([phaseId, resourceRoleId], map: "resourcerolephase-phaseId-resourceRoleId-unique")
+  @@index([resourceRoleId], map: "resourcerolephasedependency-resourceRoleId-index")
 }