Skip to content

Develop #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
loganathan-sekaran wants to merge 269 commits into
base: 1.2.0.1
Choose a base branch
from
Open

Develop #222

loganathan-sekaran wants to merge 269 commits into from

Conversation

@loganathan-sekaran
Copy link
Contributor

@loganathan-sekaran loganathan-sekaran commented Apr 5, 2023

No description provided.

Puneet Joshi and others added 30 commits April 5, 2022 21:40
Previous change was incomplete.
73df497
@Mahesh-Binayak
DSD-919:
e9f9037 
Made changes to machine_spec.xlsx and zone_user and zone_user_h tables
Merge pull request #146 from Mahesh-Binayak/develop
7f857fd 
DSD-919:
@balaji-alluru
MOSIP-21071 : Updated loc_holiday.xlsx
1f7254b
Merge pull request #147 from balaji-alluru/develop
ae4d82f 
MOSIP-21071 : Updated loc_holiday.xlsx
@balaji-alluru
Updated blacklisted_words.xlsx
083fb7e
Merge pull request #149 from balaji-alluru/develop
0ecce6a 
Updated blacklisted_words.xlsx
@gaganama
updated the mosip-data
1e98c16
@gaganama
updated the mosip-data
649eb38
@ckm007
Merge pull request #151 from gaganamadival/develop
f6d1f19 
[MOSIP-21520] updated the mosip-data
@gaganama
[MOSIP-21520] update mosip-data for hindi,kannada, and tamil language
70d2a69
@ckm007
Merge pull request #152 from gaganamadival/develop
861abf3 
[MOSIP-21520] update mosip-data for hindi,kannada, and tamil language
[ MOSIP-21520 ] Set is_active to \'TRUE\'
60c7d8e
@ckm007
Merge pull request #153 from syed-salman-technoforte/develop
d35bce3 
[ MOSIP-21520 ] Set is_active to 'TRUE'
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
11fc657
@ckm007
Merge pull request #154 from gaganamadival/develop
2fa66d4 
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
8f911b7
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
cdddb2f
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
0b741c4
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
f92d9b1
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
9aa2aa1
[MOSIP-21520] fixed template.xlsx
1379f2f
@gaganama
[MOSIP-21520] updated mosip-data for hindi,kannada, and tamil language
13f2d07
@ckm007
Merge pull request #155 from gaganamadival/develop
b379174 
Develop
@gaganama
[MOSIP-21577] updated mosip-data for hindi,kannada, and tamil language
b032aed
@gaganama
[MOSIP-21577] updated mosip-data for hindi,kannada, and tamil language
6e2c3e0
@gaganama
Merge remote-tracking branch 'origin/develop' into develop
aef1c08
@ckm007
Merge pull request #156 from gaganamadival/develop
dc27ab3 
[MOSIP-21577] updated mosip-data for hindi,kannada, and tamil language
[ MOSIP-21589 ] updated applicant_valid_document.xlsx
035e80a
@ckm007
Merge pull request #157 from syed-salman-technoforte/develop
4487217 
[ MOSIP-21589 ] updated applicant_valid_document.xlsx
GOKULRAJ136 and others added 24 commits April 16, 2025 17:28
@GOKULRAJ136
Blocklisted word changes [MOSIP-28207]
dffb18b 
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
@Sudeep7353
MOSIP-41249 , MOSIP - 41250 : Email template changes
480d388 
Signed-off-by: sudeep <sudeep.j7353@gmail.com>
@Sudeep7353
Added converted CSV files
f7ba130 
Signed-off-by: Sudeep7353 <sudeep.j7353@gmail.com>
@ckm007
Merge pull request #338 from Sudeep7353/mydev
8540113 
MOSIP-41249 ,MOSIP -41250,MOSIP-41222 : Email template changes
@SwethaKrish4
MOSIP-40766: removed pms-revamp templates (#340)
3a05f26 
* MOSIP-40766: removed pms-revamp templates

Signed-off-by: Swetha K <swetha.k@technoforte.co.in>

* Added converted CSV files

Signed-off-by: SwethaKrish4 <swetha.k@technoforte.co.in>

---------

Signed-off-by: Swetha K <swetha.k@technoforte.co.in>
Signed-off-by: SwethaKrish4 <swetha.k@technoforte.co.in>
Co-authored-by: Swetha K <swetha.k@technoforte.co.in>
MOSIP-40766: Added all new pms-revamp templates
4f92e17 
Signed-off-by: Swetha K <swetha.k@technoforte.co.in>
Added converted CSV files
acc24fb 
Signed-off-by: SwethaKrish4 <swetha.k@technoforte.co.in>
@dhanendra06
Merge pull request #341 from SwethaKrish4/mydevelop
304af91 
MOSIP-40766: Added all new pms-revamp templates
MOSIP-42622: Added new FTM, APIKEY, SBI and Weekly summary templates
29d1860 
Signed-off-by: Swetha K <swetha.k@technoforte.co.in>
Added converted CSV files
f6a27a8 
Signed-off-by: SwethaKrish4 <swetha.k@technoforte.co.in>
@ckm007
Merge pull request #342 from SwethaKrish4/mydevelop
4e2cad3 
MOSIP-42622: Added new FTM, APIKEY, SBI and Weekly summary templates
@GOKULRAJ136
Merge remote-tracking branch 'upstream/develop' into block-dev
919ce76
@dhanendra06
Merge pull request #337 from GOKULRAJ136/block-dev
85fccbb 
Blocklisted word changes [MOSIP-28207]
@chetankh239
Updated identity_schema with CRVS attributes
494d709 
Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
@chetankh239
Added converted CSV files
076d552 
Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>
@chetankh239
Reverted back version with 0.2
99223f6 
Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
@chetankh239
Revered back version
cc9b97e 
Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
@chetankh239
Added converted CSV files
d23636d 
Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>
@chetankh239
changes done
6bd4643 
Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
@chetankh239
Added converted CSV files
ab55fd4 
Signed-off-by: chetankh239 <chetankumar.h.239@gmail.com>
@dhanendra06
Merge pull request #345 from chetankh239/MOSIP-42990-develop
64671be 
[MOSIP-42990] : Updated identity_schema with CRVS attributes
@ashok-ksharma
[MOSIP-43633] Added packetCreatedOn to identity schema for biometric …
60975de 
…issue fix in develop branch

Signed-off-by: Ashok Kumar Sharma <ashok@mosip.io>
@ashok-ksharma
Added converted CSV files
c0e65d8 
Signed-off-by: ashok-ksharma <ashok@mosip.io>
@dhanendra06
Merge pull request #352 from ashok-ksharma/MOSIP-43633_develop
19a7ef9 
[MOSIP-43633] Added packetCreatedOn to identity schema for biometric issue fix in develop branch
@coderabbitai
Copy link

coderabbitai bot commented Nov 15, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)
  • develop

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

rajapandi1234 and others added 2 commits December 24, 2025 13:23
@rajapandi1234
Create NOTICE
53a7892 
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
@Mahesh-Binayak
Merge pull request #364 from rajapandi1234/patch-3
cd3e846 
Create NOTICE
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 24, 2025
View reviewed changes
.github/workflows/xlsx-to-csv.yml
steps:
- name: Clone the repository
run: |
#git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.head.ref }
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Copilot Autofix

AI 17 days ago

In general, the fix is to avoid using ${{ github.event.pull_request.head.ref }} directly in run: commands. Instead, assign it to an environment variable via the env: block and then reference it using the shell’s native syntax (e.g., $HEAD_REF) within the script. This prevents the GitHub expression engine from injecting untrusted content directly into the shell command line and confines any untrusted characters to a single argument position.

Concretely, we should:

  • For the git clone command, move github.event.pull_request.head.ref into an env var (e.g., HEAD_REF) and then use git clone -b "$HEAD_REF" ... in the script. Even though that line is commented out, we should fix the pattern so it is safe if re-enabled.
  • For the git push command, likewise pass both the head ref and the repo full name via env: as HEAD_REF and HEAD_REPO_FULL_NAME, and then use them as $HEAD_REF and $HEAD_REPO_FULL_NAME inside the shell script. This eliminates ${{ github.event.* }} from the run: body.

We will modify:

  • The “Clone the repository” step to add an env: section with HEAD_REF and HEAD_REPO_FULL_NAME, and update both the commented and active git clone commands to use $HEAD_REF and $HEAD_REPO_FULL_NAME.
  • The “Commit and push changes” step to add an env: block with HEAD_REF and HEAD_REPO_FULL_NAME, and update the git push line to use standard shell variable syntax.

No new imports or external packages are needed; we only change the YAML workflow configuration.

Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -16,9 +16,12 @@
     runs-on: ubuntu-latest
     steps:
     - name: Clone the repository
+      env:
+        HEAD_REF: ${{ github.event.pull_request.head.ref }}
+        HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
       run: |
-        #git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
-        git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
+        #git clone -b "$HEAD_REF" "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$HEAD_REPO_FULL_NAME.git"
+        git clone -b "$HEAD_REF" "https://github.com/$HEAD_REPO_FULL_NAME.git"
     
     - name: Get  author email
       run: |
@@ -51,9 +53,12 @@
         done
 
     - name: Commit and push changes
+      env:
+        HEAD_REF: ${{ github.event.pull_request.head.ref }}
+        HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
       run: |
         cd mosip-data
         git branch
         git add .
         git commit -s -m "Added converted CSV files" || echo "No changes to commit"
-        git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
+        git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/$HEAD_REPO_FULL_NAME.git" "HEAD:$HEAD_REF"
EOF
@@ -16,9 +16,12 @@
runs-on: ubuntu-latest
steps:
- name: Clone the repository
env:
HEAD_REF: ${{ github.event.pull_request.head.ref }}
HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
run: |
#git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
#git clone -b "$HEAD_REF" "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/$HEAD_REPO_FULL_NAME.git"
git clone -b "$HEAD_REF" "https://github.com/$HEAD_REPO_FULL_NAME.git"

- name: Get author email
run: |
@@ -51,9 +53,12 @@
done

- name: Commit and push changes
env:
HEAD_REF: ${{ github.event.pull_request.head.ref }}
HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
run: |
cd mosip-data
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/$HEAD_REPO_FULL_NAME.git" "HEAD:$HEAD_REF"
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/xlsx-to-csv.yml
- name: Clone the repository
run: |
#git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.head.ref }
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Copilot Autofix

AI 17 days ago

In general, to fix code injection issues in GitHub Actions, you should avoid using untrusted expressions directly in run: or script contexts. Instead, assign the expression to an environment variable via env: and then reference it using the shell’s native syntax ($VAR) inside the script, making sure it is properly quoted.

For this workflow, the best targeted fix is to move ${{ github.event.pull_request.head.ref }} into an environment variable (for example, PR_HEAD_REF) and use $PR_HEAD_REF in the git clone command. This keeps behavior identical—Git still clones the same branch from the same repository—but the untrusted value is no longer interpolated into the script as GitHub expression syntax at evaluation time. We will update only the “Clone the repository” step in .github/workflows/xlsx-to-csv.yml, adding an env: section and switching the git clone line to use $PR_HEAD_REF. No additional imports or external dependencies are needed.

Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -16,9 +16,11 @@
     runs-on: ubuntu-latest
     steps:
     - name: Clone the repository
+      env:
+        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
       run: |
-        #git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
-        git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
+        #git clone -b "$PR_HEAD_REF" "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
+        git clone -b "$PR_HEAD_REF" https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
     
     - name: Get  author email
       run: |
EOF
@@ -16,9 +16,11 @@
runs-on: ubuntu-latest
steps:
- name: Clone the repository
env:
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
#git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git
#git clone -b "$PR_HEAD_REF" "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git clone -b "$PR_HEAD_REF" https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git

- name: Get author email
run: |
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/xlsx-to-csv.yml
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.head.ref }
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Copilot Autofix

AI 17 days ago

Generally, to fix this class of problems in GitHub Actions, untrusted expressions like ${{ github.event.pull_request.head.ref }} should not be interpolated directly into the shell in run: blocks. Instead, assign them to environment variables using workflow expression syntax and then reference them using the shell’s own variable expansion ($VAR). This prevents the workflow expression engine from injecting raw user-controlled strings directly into the shell script.

In this specific case, we should (1) move github.event.pull_request.head.ref and github.event.pull_request.head.repo.full_name into environment variables for the “Commit and push changes” step, and (2) use those variables as $PR_HEAD_REF and $PR_HEAD_REPO_FULL_NAME inside the shell script. This keeps the existing functionality (push back to the pull request’s head branch in the fork) but avoids direct expression interpolation inside the git push command. No other behavior changes are needed, and no extra libraries are required; the only change is within the YAML for that step.

Concretely:

  • Edit the “Commit and push changes” step at lines 53–59.
  • Add an env: section under the step that sets PR_HEAD_REF and PR_HEAD_REPO_FULL_NAME from the existing expressions.
  • Update the git push line to use $PR_HEAD_REPO_FULL_NAME and $PR_HEAD_REF instead of ${{ github.event.pull_request.head.repo.full_name }} and ${{ github.event.pull_request.head.ref }}.
Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -51,9 +51,12 @@
         done
 
     - name: Commit and push changes
+      env:
+        PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+        PR_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
       run: |
         cd mosip-data
         git branch
         git add .
         git commit -s -m "Added converted CSV files" || echo "No changes to commit"
-        git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
+        git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/$PR_HEAD_REPO_FULL_NAME.git" HEAD:$PR_HEAD_REF
EOF
@@ -51,9 +51,12 @@
done

- name: Commit and push changes
env:
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
PR_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
run: |
cd mosip-data
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/$PR_HEAD_REPO_FULL_NAME.git" HEAD:$PR_HEAD_REF
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/push-trigger.yml
Comment on lines +23 to +111
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Create Docker Network
run: docker network create mosip_network
- name: Setup PostgreSQL Container
run: |
docker run -d \
--name postgresql \
--network mosip_network \
-p 5432:5432 \
-e POSTGRES_USER=postgres \
-e POSTGRES_PASSWORD=${{ env.SU_USER_PWD }} \
-e POSTGRES_HOST_AUTH_METHOD=trust \
postgres:16
- name: Initialise mosip_master DB
run: |
docker run -itd \
--name mosip_master_container \
--network mosip_network \
-e MOSIP_DB_NAME=mosip_master \
-e DB_SERVERIP=postgresql \
-e DB_PORT=5432 \
-e SU_USER=postgres \
-e DML_FLAG=1 \
-e GIT_REPO_URL=https://github.com/mosip/admin-services.git \
-e GIT_BRANCH=develop \
-e SU_USER_PWD=${{ env.SU_USER_PWD }} \
-e DBUSER_PWD=${{ env.DBUSER_PWD }} \
mosipdev/postgres-init:develop

- name: docker ps command
run: docker ps -a
- name: Print Logs of mosip_master
run: |
# Display mosip_master_container logs
docker logs -f mosip_master_container

- name: Check whether db_init has errors in Logs
run: |
if docker logs mosip_master_container | grep -qi "error"; then
echo "Error found in mosip_master_container logs."
exit 1
else
echo "No errors found in mosip_master_container logs."
fi


- name: Set environment variables
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
REPO_URL="${{ github.event.pull_request.head.repo.clone_url }}"
BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
else
REPO_URL="https://github.com/${{ github.repository }}.git"
BRANCH_NAME="${{ github.ref_name }}"
fi
echo "REPO_URL=${REPO_URL}" >> $GITHUB_ENV
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV

- name: Run masterdata-loader
run: |
docker run -itd \
--name masterdata_loader \
--network mosip_network \
-e DB_HOST=postgresql \
-e DB_USER=masteruser \
-e DB_PORT=5432 \
-e DB_PWD=${{ env.DBUSER_PWD }} \
-e REPOSITORY=${{ env.REPO_URL }}\
-e BRANCH=${{ env.BRANCH_NAME }} \
mosipdev/masterdata-loader:develop

- name: docker ps command
run: docker ps -a
- name: Print Logs of masterdata_loader
run: |
# Display masterdata_loader logs
docker logs -f masterdata_loader

- name: Check whether masterdata_loader has errors in Logs
run: |
if docker logs masterdata_loader | grep -qi "error"; then
echo "Error found in masterdata_loader logs."
exit 1
else
echo "No errors found in masterdata_loader logs."
fi

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 17 days ago

In general, the fix is to explicitly declare minimal GITHUB_TOKEN permissions for this workflow or specific job(s) using a permissions: block, instead of relying on repository defaults. For a workflow that just checks out code and runs Docker/database commands, contents: read is sufficient for the entire workflow.

The single best fix here is to add a top-level permissions: block (so it applies to all jobs) with contents: read. This does not change existing functionality, because actions/checkout@v2 only requires read access to repository contents, and no steps modify GitHub resources. Concretely, in .github/workflows/push-trigger.yml, insert:

permissions:
  contents: read

between the on: block and the existing env: block (around current line 18). No imports, methods, or additional definitions are required, since this is purely a workflow configuration change.

Suggested changeset 1
.github/workflows/push-trigger.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/push-trigger.yml b/.github/workflows/push-trigger.yml
--- a/.github/workflows/push-trigger.yml
+++ b/.github/workflows/push-trigger.yml
@@ -15,6 +15,8 @@
       - develop
       - 1.2.0.1
       - MOSIP*
+permissions:
+  contents: read
 env:
   DBUSER_PWD: mosip123
   SU_USER_PWD: abc123
EOF
@@ -15,6 +15,8 @@
- develop
- 1.2.0.1
- MOSIP*
permissions:
contents: read
env:
DBUSER_PWD: mosip123
SU_USER_PWD: abc123
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/xlsx-to-csv.yml
Comment on lines +16 to +59
runs-on: ubuntu-latest
steps:
- name: Clone the repository
run: |
#git clone -b ${{ github.event.pull_request.head.ref }} "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git clone -b ${{ github.event.pull_request.head.ref }} https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git

- name: Get author email
run: |
PR_NUMBER=${{ github.event.number }}
commits=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/commits")
email=$(echo "$commits" | jq -r '.[0].commit.author.email // "${{ github.event.pull_request.user.login }}@users.noreply.github.com"')
echo "author_email=$email" >> $GITHUB_ENV

- name: Set up Git identity
run: |
git config --global user.name "${{ github.event.pull_request.user.login }}"
git config --global user.email "${{ env.author_email }}"

- name: Install xlsx2csv
run: sudo apt-get install -y xlsx2csv

- name: Create output directory
run: |
rm -rf mosip-data/mosip_master_csv/csv
mkdir -p mosip-data/mosip_master_csv/csv

- name: Convert all XLSX to CSV
run: |
for xlsx_file in mosip-data/mosip_master/xlsx/*.xlsx; do
csv_file="mosip-data/mosip_master_csv/csv/$(basename "${xlsx_file%.xlsx}.csv")"
xlsx2csv "$xlsx_file" > "$csv_file"
echo "Converted $xlsx_file to $csv_file"
done

- name: Commit and push changes
run: |
cd mosip-data
git branch
git add .
git commit -s -m "Added converted CSV files" || echo "No changes to commit"
git push "https://x-access-token:${{ secrets.ACTION_PAT }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git" HEAD:${{ github.event.pull_request.head.ref }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 17 days ago

In general, fix this by explicitly declaring a permissions: block for the workflow or for the specific job, granting only the scopes required. This overrides repository defaults and constrains the GITHUB_TOKEN used within the job.

For this workflow, the steps only need to read repository contents and call GitHub’s REST API to read PR commits and metadata. All write operations to the repository use secrets.ACTION_PAT, not GITHUB_TOKEN. Therefore, we can set permissions: contents: read at the workflow or job level. Because the warning is on the job line (runs-on: ubuntu-latest), the clearest fix with minimal behavioral change is to add a permissions: block under the convert_xlsx_to_csv job, before runs-on.

Concretely:

  • Edit .github/workflows/xlsx-to-csv.yml.
  • Under jobs: convert_xlsx_to_csv:, insert:
    permissions:
      contents: read
  • Keep indentation consistent (two spaces per level).
    No new imports, methods, or additional configuration are required.
Suggested changeset 1
.github/workflows/xlsx-to-csv.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/xlsx-to-csv.yml b/.github/workflows/xlsx-to-csv.yml
--- a/.github/workflows/xlsx-to-csv.yml
+++ b/.github/workflows/xlsx-to-csv.yml
@@ -13,6 +13,8 @@
 
 jobs:
   convert_xlsx_to_csv:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
     - name: Clone the repository
EOF
@@ -13,6 +13,8 @@

jobs:
convert_xlsx_to_csv:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Clone the repository
Copilot is powered by AI and may make mistakes. Always verify output.
rajapandi1234 and others added 2 commits December 28, 2025 12:43
@rajapandi1234
Add files via upload
dcedef0 
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
@Mahesh-Binayak
Merge pull request #365 from rajapandi1234/develop
04b000f 
license folder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.