topcoder-platform · kkartunov · Oct 30, 2025 · Oct 23, 2025 · Oct 24, 2025 · Oct 24, 2025
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -68,6 +68,7 @@ workflows:
           branches:
             only:
               - develop
+              - pm-2539
 
     # Production builds are exectuted only on tagged commits to the
     # master branch.

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -0,0 +1,34 @@
+name: Trivy Scanner
+
+permissions:
+  contents: read
+  security-events: write
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+jobs:
+  trivy-scan:
+    name: Use Trivy
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy scanner in repo mode
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: "fs"
+          ignore-unfixed: true
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH,UNKNOWN"
+          scanners: vuln,secret,misconfig,license
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/prisma/migrations/20251023103423_performance_indices/migration.sql b/prisma/migrations/20251023103423_performance_indices/migration.sql
@@ -0,0 +1,17 @@
+-- CreateIndex
+CREATE INDEX "Group_status_organizationId_idx" ON "Group"("status", "organizationId");
+
+-- CreateIndex
+CREATE INDEX "Group_domain_idx" ON "Group"("domain");
+
+-- CreateIndex
+CREATE INDEX "Group_ssoId_idx" ON "Group"("ssoId");
+
+-- CreateIndex
+CREATE INDEX "Group_privateGroup_status_idx" ON "Group"("privateGroup", "status");
+
+-- CreateIndex
+CREATE INDEX "GroupMember_memberId_membershipType_idx" ON "GroupMember"("memberId", "membershipType");
+
+-- CreateIndex
+CREATE INDEX "User_universalUID_idx" ON "User"("universalUID");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -45,6 +45,10 @@ model Group {
   @@index([name]) // Index for filtering by name
   @@index([status]) // Index for filtering by status
   @@index([oldId]) // Index for filtering by oldId
+  @@index([status, organizationId])
+  @@index([domain])
+  @@index([ssoId])
+  @@index([privateGroup, status])
 }
 
 model GroupMembership {
@@ -63,7 +67,8 @@ model GroupMembership {
   @@unique([groupId, memberId])
   @@index([groupId]) // Index for joining with group table
   @@index([memberId]) // Index for filtering by memberId
-	@@map("GroupMember")
+  @@index([memberId, membershipType])
+  @@map("GroupMember")
 }
 
 // This user table is only used in this group challenge
@@ -74,4 +79,6 @@ model User {
   createdBy        String
   updatedAt        DateTime  @updatedAt
   updatedBy        String?
+
+  @@index([universalUID])
 }
diff --git a/src/shared/modules/global/prisma.service.ts b/src/shared/modules/global/prisma.service.ts
@@ -12,6 +12,11 @@ export class PrismaService
 
   constructor(private readonly prismaErrorService?: PrismaErrorService) {
     super({
+      transactionOptions: {
+        timeout: process.env.GROUPS_SERVICE_PRISMA_TIMEOUT
+          ? parseInt(process.env.GROUPS_SERVICE_PRISMA_TIMEOUT, 10)
+          : 10000,
+      },
       log: [
         { level: 'query', emit: 'event' },
         { level: 'info', emit: 'event' },
-Original file line number
+Diff line change
@@ Expand Up / @@ -68,6 +68,7 @@ workflows: @@
               branches:
                 only:
                   - develop
+                  - pm-2539
         # Production builds are exectuted only on tagged commits to the
         # master branch.
@@ Expand Down @@