From 214ff788146c8f8db3ce0e55ff3a18f6c7c8a5ca Mon Sep 17 00:00:00 2001
From: ckm007 <chandrakeshavmishra@gmail.com>
Date: Wed, 6 Mar 2024 16:14:49 +0000
Subject: [PATCH 1/3] [DSD-4772] PLA 1.2.0.1 release changes code to master

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fe5d16a5fa..cb46a777e6 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
-[![Maven Package upon a push](https://github.com/mosip/pre-registration/actions/workflows/push_trigger.yml/badge.svg?branch=release-1.2.0.1)](https://github.com/mosip/pre-registration/actions/workflows/push_trigger.yml)
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=release-1.2.0.1&project=mosip_pre-registration&metric=alert_status)](https://sonarcloud.io/dashboard?branch=release-1.2.0.1&id=mosip_pre-registration)
+[![Maven Package upon a push](https://github.com/mosip/pre-registration/actions/workflows/push-trigger.yml/badge.svg?branch=master)](https://github.com/mosip/pre-registration/actions/workflows/push-trigger.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?branch=master&project=mosip_pre-registration&metric=alert_status)](https://sonarcloud.io/dashboard?branch=master&id=mosip_pre-registration)
 
 # Pre-registration 
 This repository contains the source code and design documents for MOSIP Pre-registration server.  For an overview refer [here](https://docs.mosip.io/1.2.0/modules/pre-registration).  The modules exposes API endpoints. For a reference front-end UI implementation refer to [Pre-registration UI github repo](https://github.com/mosip/pre-registration-ui/)

From 11a91d110e996fed310cf4da9261324263826668 Mon Sep 17 00:00:00 2001
From: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Date: Tue, 15 Oct 2024 16:53:16 +0530
Subject: [PATCH 2/3] Update push-trigger.yml

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
---
 .github/workflows/push-trigger.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index c323bbe800..0d0294e75c 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -80,7 +80,7 @@ jobs:
 
   sonar_analysis:
     needs: build-maven-pre-registration
-    if: "${{  github.event_name != 'pull_request' }}"
+    if: "${{ github.event_name != 'pull_request' }}"
     uses: mosip/kattu/.github/workflows/maven-sonar-analysis.yml@master
     with:
       SERVICE_LOCATION: ./pre-registration
@@ -92,3 +92,28 @@ jobs:
       OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
       GPG_SECRET: ${{ secrets.GPG_SECRET }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  trivy_scan:
+    needs: build-dockers
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - SERVICE_NAME: 'pre-registration-application-service'
+          - SERVICE_NAME: 'pre-registration-batchjob'
+          - SERVICE_NAME: 'pre-registration-datasync-service'
+          - SERVICE_NAME: 'pre-registration-captcha-service'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/your_dockerhub_namespace/${{ matrix.SERVICE_NAME }}:latest'
+          format: 'sarif'
+          output: 'trivy-report-${{ matrix.SERVICE_NAME }}.sarif'
+      - name: Upload SARIF file
+        uses: actions/upload-artifact@v3
+        with:
+          name: trivy-report-${{ matrix.SERVICE_NAME }}
+          path: trivy-report-${{ matrix.SERVICE_NAME }}.sarif

From ba9dae68ee342108c1b9def6a78f48d2563659d0 Mon Sep 17 00:00:00 2001
From: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Date: Tue, 15 Oct 2024 17:57:32 +0530
Subject: [PATCH 3/3] Update push-trigger.yml

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
---
 .github/workflows/push-trigger.yml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
index 0d0294e75c..f9a8e12071 100644
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -104,16 +104,22 @@ jobs:
           - SERVICE_NAME: 'pre-registration-datasync-service'
           - SERVICE_NAME: 'pre-registration-captcha-service'
     steps:
+      - name: Set environment variables
+        run: |
+          echo "SERVICE_NAME=${{ matrix.SERVICE_NAME }}" >> $GITHUB_ENV
+          echo "VERSION=latest" >> $GITHUB_ENV
+
       - name: Checkout code
         uses: actions/checkout@v3
+
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
         with:
-          image-ref: 'docker.io/your_dockerhub_namespace/${{ matrix.SERVICE_NAME }}:latest'
+          image-ref: 'docker.io/${{ env.SERVICE_NAME }}:${{ env.VERSION }}'
           format: 'sarif'
-          output: 'trivy-report-${{ matrix.SERVICE_NAME }}.sarif'
-      - name: Upload SARIF file
-        uses: actions/upload-artifact@v3
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          name: trivy-report-${{ matrix.SERVICE_NAME }}
-          path: trivy-report-${{ matrix.SERVICE_NAME }}.sarif
+          sarif_file: 'trivy-results.sarif'