diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 0000000..7b9fa48 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,34 @@ +name: Trivy Scanner + +permissions: + contents: read + security-events: write +on: + push: + branches: + - main + - dev + pull_request: +jobs: + trivy-scan: + name: Use Trivy + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy scanner in repo mode + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: "fs" + ignore-unfixed: true + format: "sarif" + output: "trivy-results.sarif" + severity: "CRITICAL,HIGH,UNKNOWN" + scanners: vuln,secret,misconfig,license + github-pat: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: "trivy-results.sarif" diff --git a/src/api/admin/admin.service.ts b/src/api/admin/admin.service.ts index 56b36af..72bd34b 100644 --- a/src/api/admin/admin.service.ts +++ b/src/api/admin/admin.service.ts @@ -19,6 +19,16 @@ import { } from 'src/shared/topcoder/challenges.service'; import { Logger } from 'src/shared/global'; +function formatDate(date = new Date()) { + const pad = (n, z = 2) => String(n).padStart(z, '0'); + + return ( + `${date.getFullYear()}-${pad(date.getMonth() + 1)}-${pad(date.getDate())} ` + + `${pad(date.getHours())}:${pad(date.getMinutes())}:${pad(date.getSeconds())}.` + + `${pad(date.getMilliseconds(), 3)}` + ); +} + /** * The admin winning service. */ @@ -322,7 +332,7 @@ export class AdminService { userId: +winning.winner_id, status: body.paymentStatus, amount: body.paymentAmount, - releaseDate: body.releaseDate, + releaseDate: formatDate(new Date(body.releaseDate)), }; await this.tcChallengesService.updateLegacyPayments(