From c9bf7cdc5086af56a660225063b93bca15ce2963 Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 23 Oct 2025 21:27:52 +1100 Subject: [PATCH 1/6] Performance indices --- .../migration.sql | 14 ++++++++++++++ prisma/schema.prisma | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 prisma/migrations/20251023102730_performance_indices/migration.sql diff --git a/prisma/migrations/20251023102730_performance_indices/migration.sql b/prisma/migrations/20251023102730_performance_indices/migration.sql new file mode 100644 index 0000000..3f7e90f --- /dev/null +++ b/prisma/migrations/20251023102730_performance_indices/migration.sql @@ -0,0 +1,14 @@ +-- CreateIndex +CREATE INDEX "resource-roleId-index" ON "resources"."Resource"("roleId"); + +-- CreateIndex +CREATE INDEX "resource-memberIdChallengeId-index" ON "resources"."Resource"("memberId", "challengeId"); + +-- CreateIndex +CREATE INDEX "resourcerole-isActive-index" ON "resources"."ResourceRole"("isActive"); + +-- CreateIndex +CREATE INDEX "resourcerole-isActiveSelfObtainable-index" ON "resources"."ResourceRole"("isActive", "selfObtainable"); + +-- CreateIndex +CREATE INDEX "resourcerolephasedependency-resourceRoleId-index" ON "resources"."ResourceRolePhaseDependency"("resourceRoleId"); diff --git a/prisma/schema.prisma b/prisma/schema.prisma index cf81b1b..179a406 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -24,8 +24,10 @@ model ResourceRole { resources Resource[] resourceRolePhaseDependencies ResourceRolePhaseDependency[] - // Index for faster search + // Indexes for faster search @@index([nameLower], map: "resourcerole-nameLower-index") + @@index([isActive], map: "resourcerole-isActive-index") + @@index([isActive, selfObtainable], map: "resourcerole-isActiveSelfObtainable-index") } model Resource { @@ -46,6 +48,8 @@ model Resource { // Indexes for faster searches @@index([challengeId, memberId], map: "resource-challengeIdMemberId-index") @@index([memberId, roleId], map: "resource-memberIdRoleId-index") + @@index([roleId], map: "resource-roleId-index") + @@index([memberId, challengeId], map: "resource-memberIdChallengeId-index") } model ResourceRolePhaseDependency { @@ -60,4 +64,5 @@ model ResourceRolePhaseDependency { resourceRole ResourceRole @relation(fields: [resourceRoleId], references: [id]) @@unique([phaseId, resourceRoleId], map: "resourcerolephase-phaseId-resourceRoleId-unique") + @@index([resourceRoleId], map: "resourcerolephasedependency-resourceRoleId-index") } From 0887655d4f48daffa528078525e2538eed834e09 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Mon, 27 Oct 2025 13:02:36 +0100 Subject: [PATCH 2/6] fix: added timeout for prisma client --- .circleci/config.yml | 2 +- config/default.js | 3 ++- migrator/src/clients/prismaClient.js | 7 ++++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index fe6ea2d..0b90766 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -119,7 +119,7 @@ workflows: only: - develop - hotfix/deploy - - pm-2456 + - pm-2539 # Production builds are exectuted only on tagged commits to the testing # master branch. diff --git a/config/default.js b/config/default.js index 8351d29..c10ea50 100644 --- a/config/default.js +++ b/config/default.js @@ -59,5 +59,6 @@ module.exports = { }, AUTOMATED_TESTING_NAME_PREFIX: process.env.AUTOMATED_TESTING_NAME_PREFIX || 'POSTMANE2E-', - TOPCROWD_CHALLENGE_TEMPLATE_ID: process.env.TOPCROWD_CHALLENGE_TEMPLATE_ID || '517e76b0-8824-4e72-9b48-a1ebde1793a8' + TOPCROWD_CHALLENGE_TEMPLATE_ID: process.env.TOPCROWD_CHALLENGE_TEMPLATE_ID || '517e76b0-8824-4e72-9b48-a1ebde1793a8', + RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000, } diff --git a/migrator/src/clients/prismaClient.js b/migrator/src/clients/prismaClient.js index b2cb036..3c3290e 100644 --- a/migrator/src/clients/prismaClient.js +++ b/migrator/src/clients/prismaClient.js @@ -1,6 +1,11 @@ const { PrismaClient } = require('@prisma/client'); +const config = require('config') -const prisma = new PrismaClient(); +const prisma = new PrismaClient({ + transactionOptions: { + timeout: config.MEMBER_SERVICE_PRISMA_TIMEOUT, + }, +}); module.exports = prisma; From 8deae57e347ea30829966dc89bf2f28d7f47de7f Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Mon, 27 Oct 2025 13:26:16 +0100 Subject: [PATCH 3/6] fix: added timeout for prisma client --- config/test.js | 3 ++- env.sh | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/config/test.js b/config/test.js index f6d3a56..151afff 100644 --- a/config/test.js +++ b/config/test.js @@ -21,5 +21,6 @@ module.exports = { COPILOT_CREDENTIALS_PASSWORD: process.env.COPILOT_CREDENTIALS_PASSWORD || '', USER_CREDENTIALS_USERNAME: process.env.USER_CREDENTIALS_USERNAME || '', USER_CREDENTIALS_PASSWORD: process.env.USER_CREDENTIALS_PASSWORD || '', - AUTOMATED_TESTING_REPORTERS_FORMAT: process.env.AUTOMATED_TESTING_REPORTERS_FORMAT || ['cli', 'html'] + AUTOMATED_TESTING_REPORTERS_FORMAT: process.env.AUTOMATED_TESTING_REPORTERS_FORMAT || ['cli', 'html'], + RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000 } diff --git a/env.sh b/env.sh index 5f31e5e..60ef974 100644 --- a/env.sh +++ b/env.sh @@ -31,3 +31,5 @@ export DATABASE_URL="postgresql://johndoe:mypassword@localhost:5532/resourceapi? export MEMBER_DB_URL="postgresql://johndoe:mypassword@localhost:5632/memberdb" export CHALLENGE_DB_URL="postgresql://johndoe:mypassword@localhost:5732/challengedb" + +export RESOURCE_SERVICE_PRISMA_TIMEOU=10000 \ No newline at end of file From 630f1e4465f3961745de2d9738596ae26cfde07e Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Mon, 27 Oct 2025 13:27:04 +0100 Subject: [PATCH 4/6] fix: added timeout for prisma client --- env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.sh b/env.sh index 60ef974..0d56087 100644 --- a/env.sh +++ b/env.sh @@ -32,4 +32,4 @@ export MEMBER_DB_URL="postgresql://johndoe:mypassword@localhost:5632/memberdb" export CHALLENGE_DB_URL="postgresql://johndoe:mypassword@localhost:5732/challengedb" -export RESOURCE_SERVICE_PRISMA_TIMEOU=10000 \ No newline at end of file +export RESOURCE_SERVICE_PRISMA_TIMEOUT=10000 \ No newline at end of file From 015878e7616c200d9e87bae0663a6802e912ace9 Mon Sep 17 00:00:00 2001 From: Hentry Martin Date: Mon, 27 Oct 2025 14:05:30 +0100 Subject: [PATCH 5/6] fix: added timeout for prisma client --- config/default.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/default.js b/config/default.js index c10ea50..391db55 100644 --- a/config/default.js +++ b/config/default.js @@ -60,5 +60,5 @@ module.exports = { AUTOMATED_TESTING_NAME_PREFIX: process.env.AUTOMATED_TESTING_NAME_PREFIX || 'POSTMANE2E-', TOPCROWD_CHALLENGE_TEMPLATE_ID: process.env.TOPCROWD_CHALLENGE_TEMPLATE_ID || '517e76b0-8824-4e72-9b48-a1ebde1793a8', - RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000, + RESOURCE_SERVICE_PRISMA_TIMEOUT: process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT ? parseInt(process.env.RESOURCE_SERVICE_PRISMA_TIMEOUT, 10) : 10000 } From 1c474886fad82f9fbfc34c4d27d70312b06d3616 Mon Sep 17 00:00:00 2001 From: Kiril Kartunov Date: Tue, 28 Oct 2025 15:32:30 +0200 Subject: [PATCH 6/6] Add Trivy scanner workflow for vulnerability scanning --- .github/workflows/trivy.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/trivy.yaml diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 0000000..7b9fa48 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,34 @@ +name: Trivy Scanner + +permissions: + contents: read + security-events: write +on: + push: + branches: + - main + - dev + pull_request: +jobs: + trivy-scan: + name: Use Trivy + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy scanner in repo mode + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: "fs" + ignore-unfixed: true + format: "sarif" + output: "trivy-results.sarif" + severity: "CRITICAL,HIGH,UNKNOWN" + scanners: vuln,secret,misconfig,license + github-pat: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif"