feat: Release V2.1.0 #276
feat: Release V2.1.0 #276
Conversation
feat: add token middleware and env toggle
Bumps [find-my-way](https://github.com/delvedor/find-my-way) from 8.2.0 to 8.2.2. - [Release notes](https://github.com/delvedor/find-my-way/releases) - [Commits](delvedor/find-my-way@v8.2.0...v8.2.2) --- updated-dependencies: - dependency-name: find-my-way dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
* refactor: migrate from frms to tazama-lf
* feat: add env validation * test: mock envs
fix: update auth flag from service auth to node env
…y-way-8.2.2 chore(deps): bump find-my-way from 8.2.0 to 8.2.2
refactor: apply cache option environment variable split
refactor: encapsulate environment variables
* feat(deps): use latest datacache from frms-coe-lib * feat: add xchgRate and use multi currency datacache * refactor(rename): use better naming for pending promises array * test: update datacache tests * docs: update message samples and activity diagram
feat: updated old links
feat: updated XchgRate object for Pain001
refactor: Bump frms coe lib
Co-authored-by: rtkay123 <[email protected]>
* ci: sync workflows from central-workflows Signed-off-by: Kyle Vorster <[email protected]> * ci: sync workflows from central-workflows Signed-off-by: Scott <[email protected]> * ci: sync workflows from central-workflows Signed-off-by: Scott <[email protected]> * ci: sync workflows from central-workflows Signed-off-by: Scott <[email protected]> --------- Co-authored-by: github-actions <[email protected]> Co-authored-by: Scott <[email protected]>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Scorecard found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
| @@ -142,6 +142,8 @@ | |||
|
|
|||
| Currently, the TMS API is able to accept ISO20022 pain.001.001.11, pain.013.001.09, pacs.002.001.12 and pacs.008.001.10 messages. Depending on the configuration of the TMS API service via the `QUOTING` environment variable, the pain.001 and pain.013 messages may be excluded (`QUOTING=false`). | |||
|
|
|||
| API authentication is turned off by default (ENV: `AUTHENTICATED=false`) but when turned on a public key (ENV `CERT_PATH_PUBLIC=/path/to/public/key`) is required to be able to validate tokens received via the Auth-Service login. | |||
Check warning
Code scanning / Markdownlint (reported by Codacy)
Expected: 80; Actual: 228 Warning
| uses: actions/setup-node@v3 | ||
| - name: Get Last Merged PR | ||
| id: get_merged_pr | ||
| uses: actions-ecosystem/action-get-merged-pull-request@v1 |
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
| @@ -1,3 +1,5 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | |||
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure top-level permissions are not set to write-all Note
| @@ -0,0 +1,57 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | |||
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure top-level permissions are not set to write-all Note
| with: | ||
| fetch-depth: 0 # Fetch all history for all branches to ensure complete commit history is available | ||
|
|
||
| - name: Set up environment variables |
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure run commands are not vulnerable to shell injection Note
| runs-on: ubuntu-latest # Use the latest Ubuntu runner for the job | ||
| steps: | ||
| - uses: actions/checkout@v4 # Checkout the repository code using the actions/checkout action | ||
| with: | ||
| fetch-depth: 0 # Fetch all history for all branches to ensure we have the full commit history | ||
|
|
||
| - name: Set up environment variables |
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure run commands are not vulnerable to shell injection Note
| @@ -1,5 +1,12 @@ | |||
| # SPDX-License-Identifier: Apache-2.0 | |||
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure top-level permissions are not set to write-all Note
| tfsec: | ||
| name: Run tfsec sarif report | ||
| runs-on: ubuntu-latest | ||
| permissions: |
Check notice
Code scanning / Checkov (reported by Codacy)
Ensure top-level permissions are not set to write-all Note
SPDX-License-Identifier: Apache-2.0
What did we change?
Create Tazama Release V2.1.0
How was it tested?