diff --git a/.circleci/config.yml b/.circleci/config.yml index 373f521..ae2ec06 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -68,6 +68,7 @@ workflows: branches: only: - develop + - pm-2539 # Production builds are exectuted only on tagged commits to the # master branch. diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 0000000..7b9fa48 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,34 @@ +name: Trivy Scanner + +permissions: + contents: read + security-events: write +on: + push: + branches: + - main + - dev + pull_request: +jobs: + trivy-scan: + name: Use Trivy + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy scanner in repo mode + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: "fs" + ignore-unfixed: true + format: "sarif" + output: "trivy-results.sarif" + severity: "CRITICAL,HIGH,UNKNOWN" + scanners: vuln,secret,misconfig,license + github-pat: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif" diff --git a/prisma/migrations/20251023103423_performance_indices/migration.sql b/prisma/migrations/20251023103423_performance_indices/migration.sql new file mode 100644 index 0000000..9530b7a --- /dev/null +++ b/prisma/migrations/20251023103423_performance_indices/migration.sql @@ -0,0 +1,17 @@ +-- CreateIndex +CREATE INDEX "Group_status_organizationId_idx" ON "Group"("status", "organizationId"); + +-- CreateIndex +CREATE INDEX "Group_domain_idx" ON "Group"("domain"); + +-- CreateIndex +CREATE INDEX "Group_ssoId_idx" ON "Group"("ssoId"); + +-- CreateIndex +CREATE INDEX "Group_privateGroup_status_idx" ON "Group"("privateGroup", "status"); + +-- CreateIndex +CREATE INDEX "GroupMember_memberId_membershipType_idx" ON "GroupMember"("memberId", "membershipType"); + +-- CreateIndex +CREATE INDEX "User_universalUID_idx" ON "User"("universalUID"); diff --git a/prisma/schema.prisma b/prisma/schema.prisma index 4014f9b..ea7bb3b 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -45,6 +45,10 @@ model Group { @@index([name]) // Index for filtering by name @@index([status]) // Index for filtering by status @@index([oldId]) // Index for filtering by oldId + @@index([status, organizationId]) + @@index([domain]) + @@index([ssoId]) + @@index([privateGroup, status]) } model GroupMembership { @@ -63,7 +67,8 @@ model GroupMembership { @@unique([groupId, memberId]) @@index([groupId]) // Index for joining with group table @@index([memberId]) // Index for filtering by memberId - @@map("GroupMember") + @@index([memberId, membershipType]) + @@map("GroupMember") } // This user table is only used in this group challenge @@ -74,4 +79,6 @@ model User { createdBy String updatedAt DateTime @updatedAt updatedBy String? + + @@index([universalUID]) } diff --git a/src/shared/modules/global/prisma.service.ts b/src/shared/modules/global/prisma.service.ts index 423cd03..22c42c3 100644 --- a/src/shared/modules/global/prisma.service.ts +++ b/src/shared/modules/global/prisma.service.ts @@ -12,6 +12,11 @@ export class PrismaService constructor(private readonly prismaErrorService?: PrismaErrorService) { super({ + transactionOptions: { + timeout: process.env.GROUPS_SERVICE_PRISMA_TIMEOUT + ? parseInt(process.env.GROUPS_SERVICE_PRISMA_TIMEOUT, 10) + : 10000, + }, log: [ { level: 'query', emit: 'event' }, { level: 'info', emit: 'event' },