Merged
Conversation
…n the user wants to edit it again, the edit button doesn't work
PSP_PIMS | Development Sprint: S118.00 | Design Sprint: 117 | Date: 2026-Feb-25 - Dropped sequences: - PIMS_ACQUISITION_ACTIVITY_ID_SEQ - PIMS_ACQUISITION_ACTIVITY_INSTANCE_ID_SEQ - PIMS_ACQUISITION_FILE_PERSON_ID_SEQ - PIMS_ACQUISITION_PAYEE_ID_SEQ - PIMS_ACT_INST_PROP_ACQ_FILE_ID_SEQ - PIMS_ACT_INST_PROP_RSRCH_FILE_ID_SEQ - PIMS_ACTIVITY_INSTANCE_DOCUMENT_ID_SEQ - PIMS_ACTIVITY_INSTANCE_ID_SEQ - PIMS_ACTIVITY_INSTANCE_NOTE_ID_SEQ - PIMS_ACTIVITY_MODEL_ID_SEQ - PIMS_ACTIVITY_MODEL_TASK_ID_SEQ - PIMS_ACTIVITY_SERVICE_FILE_ID_SEQ - PIMS_ACTIVITY_TASK_ID_SEQ - PIMS_ACTIVITY_TEMPLATE_DOCUMENT_ID_SEQ - PIMS_ACTIVITY_TEMPLATE_ID_SEQ - PIMS_ASSET_EVALUATION_ID_SEQs - PIMS_BUILDING_CONSTRUCTION_TYPE_ID_SEQ - PIMS_BUILDING_EVALUATION_ID_SEQ - PIMS_BUILDING_FISCAL_ID_SEQ - PIMS_BUILDING_ID_SEQ - PIMS_BUILDING_OCCUPANT_TYPE_ID_SEQ - PIMS_BUILDING_PREDOMINATE_USE_ID_SEQ - PIMS_FILE_ENTITY_ID_SEQ - PIMS_FILE_ENTITY_PERMISSIONS_ID_SEQ - PIMS_FORM_ID_SEQ - PIMS_GL_ACCOUNT_ID_SEQ - PIMS_INTEREST_HOLDER_PROPERTY_ID_SEQ - PIMS_LEASE_ACTIVITY_ID_SEQ - PIMS_LEASE_ACTIVITY_INSTANCE_ID_SEQ - PIMS_LEASE_ACTIVITY_PERIOD_ID_SEQ - PIMS_LEASE_PAYMENT_FORECAST_ID_SEQ - PIMS_LEASE_PAYMENT_PERIOD_ID_SEQ - PIMS_LEASE_STAKEHOLDER_COMP_REQ_ID_SEQ - PIMS_LEASE_TERM_ID_SEQ - PIMS_MANAGEMENT_FILE_ACTIVITY_ID_SEQ - PIMS_OWNER_REPRESENTATIVE_ID_SEQ - PIMS_OWNER_SOLICITOR_ID_SEQ - PIMS_PRODUCT_BUSINESS_FUNCTION_ID_SEQ - PIMS_PRODUCT_COST_ID_SEQ - PIMS_PRODUCT_WORK_ACTIVITY_ID_SEQ - PIMS_PROJECT_NUMBER_SEQ - PIMS_PROJECT_ORGANIZATION_ID_SEQ - PIMS_PROJECT_PROPERTY_ID_SEQ - PIMS_PROJECT_TEAM_ID_SEQ - PIMS_PROJECT_WORKFLOW_MODEL_ID_SEQ - PIMS_PROP_PROP_ADJACENT_LAND_TYPE_ID_SEQ - PIMS_PROPERTY_EVALUATION_ID_SEQ - PIMS_PROPERTY_PROPERTY_SERVICE_FILE_ID_SEQ - PIMS_PROPERTY_SERVICE_FILE_ID_SEQ - PIMS_PROPERTY_STRUCTURE_ID_SEQ - PIMS_PROPERTY_TAX_ID_SEQ - PIMS_RESEARCH_ACTIVITY_INSTANCE_ID_SEQ - PIMS_RESPONSIBILITY_CENTRE_ID_SEQ - PIMS_STRUCTURE_ID_SEQ - PIMS_TASK_ID_SEQ - PIMS_TASK_TEMPLATE_ACTIVITY_MODEL_ID_SEQ - PIMS_TASK_TEMPLATE_ID_SEQ - PIMS_USER_TASK_ID_SEQ - PIMS_WORKFLOW_MODEL_ID_SEQ
Bump version 6.1
…yConfig and update related imports
…and related logic for improved clarity and consistency
…enhance error handling, and improve span management across various components
…servability PSP-11187 Add bomb errors to our user tracking (FE) - Do Not Merge for 6.0 release
Backmerge test to dev
# Conflicts: # source/frontend/src/features/mapSideBar/acquisition/AcquisitionContainer.tsx
psp-11362 limit document global search visibility based on file/regio…
Increase the timeout values of several CI tasks
…fications-Keycloak PSP-11331 permissions notifications keycloak
…ifications Fix in PIMS_S119_00 Build
Run scripts to add notification claims in Alter Up master.sql transaction
…-AcquisitionFile PSP-11333: When saving a property that is in the MOTT Inventory but lacks of spatial data, the property is saved within the file but it doesn't navigate back to the View form
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+52
to
+142
| runs-on: ubuntu-22.04 | ||
| needs: ci-cd-start-notification | ||
| outputs: | ||
| deps_changed: ${{ steps.detect.outputs.deps_changed }} | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Detect dependency changes since last successful run | ||
| id: detect | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| RUNS=$(gh run list \ | ||
| --workflow "${{ env.WORKFLOW_NAME }}" \ | ||
| --status success \ | ||
| --limit 1 \ | ||
| --json headSha) | ||
|
|
||
| LAST_SHA=$(echo "$RUNS" | jq -r '.[0].headSha // empty') | ||
|
|
||
| if [ -z "$LAST_SHA" ]; then | ||
| echo "No previous successful run found — using HEAD~1" | ||
| LAST_SHA=$(git rev-parse HEAD~1) | ||
| fi | ||
|
|
||
| echo "Last successful run SHA: $LAST_SHA" | ||
| echo "Current SHA: $(git rev-parse HEAD)" | ||
|
|
||
| tracked_files=$(git ls-files \ | ||
| '**/package.json' \ | ||
| '**/package-lock.json' \ | ||
| '**/*.csproj' \ | ||
| '**/*.props') | ||
|
|
||
| deps_changed=false | ||
|
|
||
| extract_node_deps() { | ||
| jq '{ | ||
| dependencies: (.dependencies // {}), | ||
| devDependencies: (.devDependencies // {}) | ||
| }' -S | ||
| } | ||
|
|
||
| extract_itemgroups() { | ||
| sed -n '/<ItemGroup>/,/<\/ItemGroup>/p' | grep '<PackageReference' | sed 's/^ *//' | ||
| } | ||
|
|
||
| for file in $tracked_files; do | ||
| echo "Checking $file" | ||
|
|
||
| old_raw=$(git show "$LAST_SHA:$file" 2>/dev/null || true) | ||
| new_raw=$(git show "HEAD:$file" 2>/dev/null || true) | ||
|
|
||
| if [[ -z "$old_raw" || -z "$new_raw" ]]; then | ||
| echo "Skipping $file (missing in one revision)" | ||
| continue | ||
| fi | ||
|
|
||
| ############################################ | ||
| # package.json and package-lock.json | ||
| ############################################ | ||
| if [[ "$file" == *package.json || "$file" == *package-lock.json ]]; then | ||
| old=$(echo "$old_raw" | extract_node_deps) | ||
| new=$(echo "$new_raw" | extract_node_deps) | ||
| ############################################ | ||
| # .csproj / .props | ||
| ############################################ | ||
| elif [[ "$file" == *.csproj || "$file" == *.props ]]; then | ||
| old=$(echo "$old_raw" | extract_itemgroups) | ||
| new=$(echo "$new_raw" | extract_itemgroups) | ||
| fi | ||
|
|
||
| ############################################ | ||
| # Show diff | ||
| ############################################ | ||
| diff_output=$(diff -u <(echo "$old") <(echo "$new") || true) | ||
|
|
||
| if [[ -n "$diff_output" ]]; then | ||
| deps_changed=true | ||
| echo "" | ||
| echo "==============================" | ||
| echo "Semantic diff for $file" | ||
| echo "==============================" | ||
| echo "$diff_output" | ||
| fi | ||
| done | ||
| echo "deps_changed=$deps_changed" >> "$GITHUB_OUTPUT" | ||
|
|
||
| scan-images: |
Comment on lines
143
to
+215
| @@ -63,104 +168,93 @@ jobs: | |||
| namespace: ${{ env.OPENSHIFT_TOOLS_NAMESPACE }} | |||
| - name: Docker login to OpenShift registry | |||
| run: echo "${{ env.OPENSHIFT_TOKEN }}" | docker login ${{ env.OPENSHIFT_REGISTRY }} -u unused --password-stdin | |||
| - name: Pre-deploy scan frontend (block on CRITICAL/HIGH) | |||
| - name: Scan container image | |||
| env: | |||
| IMAGE: ${{ env.OPENSHIFT_REGISTRY }}/3cd915-tools/pims-app:dev | |||
| IMAGE: ${{ env.OPENSHIFT_REGISTRY }}/3cd915-tools/${{ matrix.service.image }}:dev | |||
| run: | | |||
| docker pull "$IMAGE"; | |||
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy@sha256:b7dc41ff0c3224dea024ee21bb9f6920a8af2fb343bba7139140d8fd0df1bac3 image --exit-code 1 --scanners vuln,secret,misconfig --format table --severity CRITICAL,HIGH "$IMAGE" | tee frontend_predeploy_scan.txt; | |||
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$PWD:/workspace" aquasec/trivy@sha256:b7dc41ff0c3224dea024ee21bb9f6920a8af2fb343bba7139140d8fd0df1bac3 image --scanners vuln,secret,misconfig --format sarif --severity CRITICAL,HIGH "$IMAGE" -o /workspace/frontend_predeploy_scan.sarif | |||
| - name: Upload frontend SARIF to Security tab | |||
| docker pull "$IMAGE" | |||
|
|
|||
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |||
| aquasec/trivy@sha256:b7dc41ff0c3224dea024ee21bb9f6920a8af2fb343bba7139140d8fd0df1bac3 \ | |||
| image --exit-code 1 \ | |||
| --scanners vuln,secret,misconfig \ | |||
| --format table \ | |||
| --severity CRITICAL,HIGH \ | |||
| "$IMAGE" | tee ${{ matrix.service.name }}_predeploy_scan.txt | |||
|
|
|||
| docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |||
| -v "$PWD:/workspace" \ | |||
| aquasec/trivy@sha256:b7dc41ff0c3224dea024ee21bb9f6920a8af2fb343bba7139140d8fd0df1bac3 \ | |||
| image \ | |||
| --scanners vuln,secret,misconfig \ | |||
| --format sarif \ | |||
| --severity CRITICAL,HIGH \ | |||
| "$IMAGE" \ | |||
| -o /workspace/${{ matrix.service.name }}_predeploy_scan.sarif | |||
| - name: Upload SARIF to Security tab | |||
| if: always() | |||
| uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.9 | |||
| with: | |||
| sarif_file: frontend_predeploy_scan.sarif | |||
| category: test-frontend-predeploy | |||
| sarif_file: ${{ matrix.service.name }}_predeploy_scan.sarif | |||
| category: test-${{ matrix.service.name }}-predeploy | |||
| - name: Upload SARIF files as artifacts | |||
| if: always() | |||
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |||
| with: | |||
| name: test-predeploy-sarif-${{ matrix.service.name }} | |||
| path: ${{ matrix.service.name }}_predeploy_scan.sarif | |||
| retention-days: 14 | |||
| - name: Upload scan reports | |||
| if: failure() | |||
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |||
| with: | |||
| name: test-predeploy-scan-${{ matrix.service.name }} | |||
| path: ${{ matrix.service.name }}_predeploy_scan.txt | |||
| retention-days: 14 | |||
|
|
|||
| deploy: | |||
| name: Retag/Deploy to OpenShift | |||
| needs: [ci-cd-start-notification, scan-images] | |||
| if: | | |||
| always() && | |||
| (needs.scan-images.result == 'success' || needs.scan-images.result == 'skipped') | |||
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Contributor
|
See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5278 |
|
Contributor
|
See CodeCov Report Here: https://app.codecov.io/github/bcgov/psp/pull/5278 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.