Skip to content

Develop#222

Open
loganathan-sekaran wants to merge 338 commits into
1.2.0.1from
develop
Open

Develop#222
loganathan-sekaran wants to merge 338 commits into
1.2.0.1from
develop

Conversation

@loganathan-sekaran

Copy link
Copy Markdown
Contributor

No description provided.

ckm007 and others added 30 commits September 20, 2022 11:50
MOSIP-22861 Added template for send and verify OTP.
…es-in-arabic-language-make-sure-the-templates-are-in-well-structured-format

fixed arabic templates placeholders issue
…es-in-arabic-language-make-sure-the-templates-are-in-well-structured-format

Mosip 23967 update templates in arabic language make sure the templates are in well structured format
MOSIP-22865 Added template for service history table view.
MOSIP-22865 Added template for service history table view.
…ooter-content-in-the-pdf-of-all-the-downloadable-documents

added mosip logo and other details
MOSIP-25438 corrected template for resident service.
MOSIP-24372 Corrected template for resident service ack api.
MOSIP-25463 Corrected template for service history pdf in resident service.
Mahesh-Binayak and others added 3 commits December 20, 2025 18:35
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Comment thread .github/workflows/xlsx-to-csv.yml Fixed
Comment thread .github/workflows/xlsx-to-csv.yml Fixed
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.head.ref }
, which may be controlled by an external user (
pull_request_target
).

Copilot Autofix

AI 18 days ago

Use GitHub’s recommended safe pattern: assign untrusted context values to environment variables in the step, then reference them via shell variables (e.g., "$PR_HEAD_REF"), not ${{ ... }} inside the script body.
For this workflow, the best minimal fix is in .github/workflows/xlsx-to-csv.yml, step “Commit and push changes” (lines 73–80):

  1. Add env: entries for:
    • PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
    • PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
    • ACTION_PAT: ${{ secrets.ACTION_PAT }}
  2. Update line 80 to use shell vars:
    • git push "https://x-access-token:${ACTION_PAT}@github.com/${PR_HEAD_REPO}.git" "HEAD:${PR_HEAD_REF}"

This keeps functionality unchanged while removing direct expression interpolation from the shell command and properly quoting the refspec argument.

Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -72,9 +72,13 @@
 
     - name: Commit and push changes
       if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
+      env:
+        ACTION_PAT: ${{ secrets.ACTION_PAT }}
+        PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
+        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
       run: |
         cd mosip-data
         git branch
         git add .
         git commit -s -m "Added converted CSV files" || echo "No changes to commit"
-        git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
+        git push "https://x-access-token:${ACTION_PAT}@github.com/${PR_HEAD_REPO}.git" "HEAD:${PR_HEAD_REF}"
EOF
@@ -72,9 +72,13 @@

- name: Commit and push changes
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
env:
ACTION_PAT: ${{ secrets.ACTION_PAT }}
PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
cd mosip-data
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
git push "https://x-access-token:${ACTION_PAT}@github.com/${PR_HEAD_REPO}.git" "HEAD:${PR_HEAD_REF}"
Copilot is powered by AI and may make mistakes. Always verify output.
Comment thread .github/workflows/push-trigger.yml Fixed
Comment thread .github/workflows/xlsx-to-csv.yml Fixed
rajapandi1234 and others added 19 commits December 28, 2025 12:43
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
* Create NOTICE

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>

* Delete licenses directory

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>

* Added converted CSV files

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>

* Delete licenses  directory

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>

* Add files via upload

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>

---------

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Signed-off-by: Nidhi0201 <nidhi.k@cyberpwn.com>
Signed-off-by: NidhiKumari0201 <nidhi.k@cyberpwn.com>
…ySchema

[MOSIP-43633] packetCreatedOn added in identity_schema (release-1.3x)
* [MOSIP-32075]: Updated Templates for PMS

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>

* Added converted CSV files

Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>

* [MOSIP-32075]: Updated Templates for PMS

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>

* Added converted CSV files

Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>

* [MOSIP-32075]: Updated Templates for PMS

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>

* Added converted CSV files

Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>

---------

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Signed-off-by: bhumi46 <111699703+bhumi46@users.noreply.github.com>
#404 fixed push-trigger.yml according to  dynamic db changes
Comment on lines +23 to +161
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Create Docker Network
run: docker network create mosip_network
- name: Setup PostgreSQL Container
run: |
echo "[DB] Starting PostgreSQL container..."
docker run -d \
--name postgresql \
--network mosip_network \
-p 5432:5432 \
-e POSTGRES_USER=postgres \
-e POSTGRES_PASSWORD=${{ env.SU_USER_PWD }} \
-e POSTGRES_HOST_AUTH_METHOD=trust \
postgres:16
echo "[DB] PostgreSQL container started."

- name: Wait for PostgreSQL to be ready
run: |
echo "[DB] Waiting for PostgreSQL to accept connections..."
for i in $(seq 1 30); do
if docker exec postgresql pg_isready -U postgres -q; then
echo "[DB] PostgreSQL is ready after ${i} attempt(s)."
break
fi
echo "[DB] Attempt $i/30 - not ready yet, retrying in 2s..."
sleep 2
done
docker exec postgresql pg_isready -U postgres || \
(echo "[DB] ERROR: PostgreSQL did not become ready in time." && exit 1)

- name: Initialise mosip_master DB
run: |
echo "[DB] Starting mosip_master_container (postgres-init)..."
docker run -itd \
--name mosip_master_container \
--network mosip_network \
-e MOSIP_DB_NAME=mosip_master \
-e DB_SERVERIP=postgresql \
-e DB_PORT=5432 \
-e DEFAULT_DB_NAME=postgres \
-e DB_UNAME=masteruser \
-e DB_SCRIPTS_DIR=mosip_master \
-e SU_USER=postgres \
-e DML_FLAG=1 \
-e GIT_REPO_URL=https://github.com/mosip/admin-services.git \
-e GIT_BRANCH=develop \
-e SU_USER_PWD=${{ env.SU_USER_PWD }} \
-e DBUSER_PWD=${{ env.DBUSER_PWD }} \
mosipdev/postgres-init:develop
echo "[DB] mosip_master_container launched."

- name: docker ps command
run: docker ps -a

- name: Stream mosip_master_container logs
run: |
echo "[DB] Streaming mosip_master_container logs (live)..."
docker logs -f mosip_master_container
echo "[DB] mosip_master_container has exited."

- name: Verify mosip_master_container exit code
run: |
EXIT_CODE=$(docker inspect mosip_master_container --format='{{.State.ExitCode}}')
echo "[DB] mosip_master_container exit code: $EXIT_CODE"
if [ "$EXIT_CODE" != "0" ]; then
echo "[DB] ERROR: mosip_master_container exited with non-zero code $EXIT_CODE"
exit 1
fi

- name: Check whether db_init has errors in Logs
run: |
echo "[DB] Scanning mosip_master_container logs for errors..."
if docker logs mosip_master_container 2>&1 | grep -qiE "\berror\b|\bfatal\b"; then
echo "[DB] ERROR: Problem keywords found in mosip_master_container logs:"
docker logs mosip_master_container 2>&1 | grep -iE "\berror\b|\bfatal\b"
exit 1
else
echo "[DB] No errors found in mosip_master_container logs."
fi

- name: Verify masteruser role exists
run: |
echo "[DB] Verifying masteruser role exists in PostgreSQL..."
ROLE=$(docker exec postgresql psql -U postgres -tAc "SELECT rolname FROM pg_roles WHERE rolname='masteruser';")
if [ "$ROLE" = "masteruser" ]; then
echo "[DB] masteruser role confirmed."
else
echo "[DB] ERROR: masteruser role not found. DB init may have failed."
echo "[DB] Existing roles:"
docker exec postgresql psql -U postgres -c "\du"
exit 1
fi


- name: Set environment variables
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
REPO_URL="${{ github.event.pull_request.head.repo.clone_url }}"
BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
else
REPO_URL="https://github.com/${{ github.repository }}.git"
BRANCH_NAME="${{ github.ref_name }}"
fi
echo "REPO_URL=${REPO_URL}" >> $GITHUB_ENV
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV

- name: Run masterdata-loader
run: |
docker run -itd \
--name masterdata_loader \
--network mosip_network \
-e DB_HOST=postgresql \
-e DB_USER=masteruser \
-e DB_PORT=5432 \
-e DB_PWD=${{ env.DBUSER_PWD }} \
-e REPOSITORY=${{ env.REPO_URL }}\
-e BRANCH=${{ env.BRANCH_NAME }} \
mosipdev/masterdata-loader:develop

- name: docker ps command
run: docker ps -a
- name: Print Logs of masterdata_loader
run: |
# Display masterdata_loader logs
docker logs -f masterdata_loader

- name: Check whether masterdata_loader has errors in Logs
run: |
echo "[DB] Scanning masterdata_loader logs for errors..."
if docker logs masterdata_loader 2>&1 | grep -qiE "\berror\b|\bfatal\b"; then
echo "[DB] ERROR: Problem keywords found in masterdata_loader logs:"
docker logs masterdata_loader 2>&1 | grep -iE "\berror\b|\bfatal\b"
exit 1
else
echo "[DB] No errors found in masterdata_loader logs."
fi

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 25 days ago

Add an explicit permissions block in .github/workflows/push-trigger.yml at the workflow root (top-level), so it applies to all jobs unless overridden.
The least-privilege fix for this workflow is:

  • permissions:
    • contents: read

This preserves existing behavior (checkout still works) while ensuring the token is not implicitly overprivileged.

Suggested changeset 1
.github/workflows/push-trigger.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -15,6 +15,8 @@
       - develop
       - 1.2.0.1
       - MOSIP*
+permissions:
+  contents: read
 env:
   DBUSER_PWD: mosip123
   SU_USER_PWD: abc123
EOF
@@ -15,6 +15,8 @@
- develop
- 1.2.0.1
- MOSIP*
permissions:
contents: read
env:
DBUSER_PWD: mosip123
SU_USER_PWD: abc123
Copilot is powered by AI and may make mistakes. Always verify output.
GOKULRAJ136 and others added 5 commits June 8, 2026 18:00
Signed-off-by: Gokulraj C <110164849+GOKULRAJ136@users.noreply.github.com>
Fixes #1830 Merge v1.3.2-rc.1 into develop for mosip-data
Signed-off-by: Abhishek S <127825992+abhishek8shankar@users.noreply.github.com>
…ts (#407)

* Security vulnerabilities and runtime bugs fix upgrade scripts

Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>

* Update data-uploader.py

Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>

* Update data-uploader.py

Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>

---------

Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
[MOSIP-44260] Update xlsx-to-csv.yml
- name: Clone the repository
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.head.ref }
, which may be controlled by an external user (
pull_request_target
).

Copilot Autofix

AI 18 days ago

Use GitHub Actions’ safe pattern for untrusted input in run steps:

  • Put ${{ github.* }} values that may be attacker-controlled into env: entries.
  • In the shell script, use "$VAR" (native shell variable expansion), not ${{ env.VAR }} inside run.
  • Quote all variable usages in commands.

Best minimal fix in .github/workflows/xlsx-to-csv.yml:

  • In the Clone the repository step, add env variables for:
    • PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
    • PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
  • Replace line 36 command to use these env vars:
    • git clone -b "$PR_HEAD_REF" "https://github.com/$PR_HEAD_REPO.git"

This preserves behavior while preventing expression-time injection in shell script text.

Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -32,8 +32,11 @@
 
     - name: Clone the repository
       if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
+      env:
+        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+        PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
       run: |
-        git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
+        git clone -b "$PR_HEAD_REF" "https://github.com/$PR_HEAD_REPO.git"
 
     - name: Get author email
       if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
EOF
@@ -32,8 +32,11 @@

- name: Clone the repository
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
env:
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
run: |
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
git clone -b "$PR_HEAD_REF" "https://github.com/$PR_HEAD_REPO.git"

- name: Get author email
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines +15 to +80
runs-on: ubuntu-latest
steps:
- name: Check for xlsx changes
id: check_xlsx
run: |
PR_NUMBER=${{ github.event.number }}
FILES=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/files")
XLSX_CHANGED=$(echo "$FILES" | jq '[.[].filename | select(endswith(".xlsx"))] | length')
echo "xlsx_changed=$XLSX_CHANGED" >> $GITHUB_OUTPUT

- name: Skip if no xlsx changes
if: steps.check_xlsx.outputs.xlsx_changed == '0' && github.event_name != 'workflow_dispatch'
run: |
echo "No xlsx files changed. Skipping workflow."
exit 0

- name: Clone the repository
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git

- name: Get author email
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
PR_NUMBER=${{ github.event.number }}
commits=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/commits")
email=$(echo "$commits" | jq -r '.[0].commit.author.email // "${{ github.event.pull_request.user.login }}@users.noreply.github.com"')
echo "author_email=$email" >> $GITHUB_ENV

- name: Set up Git identity
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
git config --global user.name "${{ github.event.pull_request.user.login }}"
git config --global user.email "${{ env.author_email }}"

- name: Install xlsx2csv
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: sudo apt-get install -y xlsx2csv

- name: Create output directory
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
rm -rf mosip-data/mosip_master_csv/csv
mkdir -p mosip-data/mosip_master_csv/csv

- name: Convert all XLSX to CSV
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
for xlsx_file in mosip-data/mosip_master/xlsx/*.xlsx; do
csv_file="mosip-data/mosip_master_csv/csv/$(basename "${xlsx_file%.xlsx}.csv")"
xlsx2csv "$xlsx_file" > "$csv_file"
echo "Converted $xlsx_file to $csv_file"
done

- name: Commit and push changes
if: steps.check_xlsx.outputs.xlsx_changed != '0' || github.event_name == 'workflow_dispatch'
run: |
cd mosip-data
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 18 days ago

Add an explicit permissions block in .github/workflows/xlsx-to-csv.yml at the workflow root (best here since there is one job), setting only the minimum needed for this workflow’s GITHUB_TOKEN usage.

Best minimal, non-functional-change fix:

  • Add:
    • contents: read (for repository metadata access)
    • pull-requests: read (for PR files/commits API reads)

This preserves existing behavior because writes are done through ACTION_PAT, not GITHUB_TOKEN.

Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -10,6 +10,10 @@
         default: 'Triggered for Updates'
         type: string
 
+permissions:
+  contents: read
+  pull-requests: read
+
 jobs:
   convert_xlsx_to_csv:
     runs-on: ubuntu-latest
EOF
@@ -10,6 +10,10 @@
default: 'Triggered for Updates'
type: string

permissions:
contents: read
pull-requests: read

jobs:
convert_xlsx_to_csv:
runs-on: ubuntu-latest
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.