From e998a4270821d65466c615dde2afc2989e0faea6 Mon Sep 17 00:00:00 2001
From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com>
Date: Thu, 7 Nov 2024 16:24:08 +0100
Subject: [PATCH 1/2] BC-8372 - trivy use cache for DBs (#3538)
---
.github/workflows/push.yml | 6 +++++-
.github/workflows/trivy.yml | 39 +++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
create mode 100644 .github/workflows/trivy.yml
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 172678aaca..6e6d326a1c 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -141,13 +141,17 @@ jobs:
security-events: write
steps:
- name: run trivy vulnerability scanner
- uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
+ uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
with:
image-ref: 'ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
ignore-unfixed: true
+ scan-type: 'image'
+ env:
+ TRIVY_SKIP_DB_UPDATE: true
+ TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: upload trivy results
if: ${{ always() }}
uses: github/codeql-action/upload-sarif@v3
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 0000000000..9ba6d25b26
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,39 @@
+# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
+# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
+name: Update Trivy Cache
+
+on:
+ schedule:
+ - cron: '0 0 * * *' # Run daily at midnight UTC
+ workflow_dispatch: # Allow manual triggering
+
+jobs:
+ update-trivy-db:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Setup oras
+ uses: oras-project/setup-oras@v1
+
+ - name: Get current date
+ id: date
+ run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+ - name: Download and extract the vulnerability DB
+ run: |
+ mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+ oras pull ghcr.io/aquasecurity/trivy-db:2
+ tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+ rm db.tar.gz
+
+ - name: Download and extract the Java DB
+ run: |
+ mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+ oras pull ghcr.io/aquasecurity/trivy-java-db:1
+ tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+ rm javadb.tar.gz
+
+ - name: Cache DBs
+ uses: actions/cache/save@v4
+ with:
+ path: ${{ github.workspace }}/.cache/trivy
+ key: cache-trivy-${{ steps.date.outputs.date }}
From 133f4c4a6b4691bfed3e3a36d839014169075309 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marvin=20=C3=96hlerking?=
<103562092+MarvinOehlerkingCap@users.noreply.github.com>
Date: Fri, 8 Nov 2024 10:30:18 +0100
Subject: [PATCH 2/2] N21-2151 Partial course sync (#3534)
add partial sync
---
controllers/courses.js | 18 ++++++++++++++----
views/courses/create-course.hbs | 4 ++++
views/courses/edit-course.hbs | 3 +++
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/controllers/courses.js b/controllers/courses.js
index a646f8c4c5..6ab16c6d23 100644
--- a/controllers/courses.js
+++ b/controllers/courses.js
@@ -80,8 +80,8 @@ const getSyncedElements = (
startDate,
untilDate,
syncedWithGroup,
+ excludeFromSync: course.excludeFromSync?.join(','),
};
-
return selectedElements;
};
@@ -305,7 +305,17 @@ const editCourseHandler = (req, res, next) => {
if (syncedGroupId && group) {
course.name = group.name;
- course.teacherIds = getUserIdsByRole(group.users, 'teacher');
+
+ const teacherIds = getUserIdsByRole(group.users, 'teacher');
+ const isTeacherInGroup = teacherIds.some((tid) => tid === res.locals.currentUser._id);
+ const isTeacher = res.locals.currentUser.roles.map((role) => role.name).includes('teacher');
+ if (!isTeacherInGroup && isTeacher) {
+ course.excludeFromSync = ['teachers'];
+ course.teacherIds = [res.locals.currentUser._id];
+ } else {
+ course.teacherIds = teacherIds;
+ }
+
course.userIds = getUserIdsByRole(group.users, 'student');
if (group.validPeriod) {
@@ -578,7 +588,7 @@ router.post('/', (req, res, next) => {
req.body.untilDate = untilDate.toDate();
}
- const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds'];
+ const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds', 'excludeFromSync'];
req.body = strToPropsArray(req.body, keys);
req.body.features = [];
@@ -843,7 +853,7 @@ router.patch('/:courseId', async (req, res, next) => {
req.body.substitutionIds = [];
}
- const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds'];
+ const keys = ['teacherIds', 'substitutionIds', 'classIds', 'userIds', 'excludeFromSync'];
req.body = strToPropsArray(req.body, keys);
const startDate = timesHelper.dateTimeStringToMoment(req.body.startDate).utc();
diff --git a/views/courses/create-course.hbs b/views/courses/create-course.hbs
index bc4e619dd9..ed96190856 100644
--- a/views/courses/create-course.hbs
+++ b/views/courses/create-course.hbs
@@ -188,6 +188,10 @@
+ {{#if syncedWithGroup}}
+
+ {{/if}}
+
diff --git a/views/courses/edit-course.hbs b/views/courses/edit-course.hbs
index 10eed025c6..acae64f5cf 100644
--- a/views/courses/edit-course.hbs
+++ b/views/courses/edit-course.hbs
@@ -300,6 +300,9 @@
+ {{#if course.syncedWithGroup}}
+
+ {{/if}}
{{#unless @root.course.isArchived}}