apiVersion: jenkins.io/v1
kind: PipelineActivity
metadata:
  annotations:
    lighthouse.jenkins-x.io/cloneURI: https://github.com/greencapitaltrade/destiny.git
    lighthouse.jenkins-x.io/job: release
    pipeline.jenkins-x.io/traceID: 2dd160f83f91bdbca87bfdc6a1e9976a
  creationTimestamp: "2026-06-24T07:00:26Z"
  generation: 8
  labels:
    branch: main
    build: "93"
    context: release
    created-by-lighthouse: "true"
    event-GUID: 5d3b6636-6f9a-11f1-833e-70f2f51878ac
    lighthouse.jenkins-x.io/baseSHA: b07b9d99fc27034d103639793ef75e2fc5196cb2
    lighthouse.jenkins-x.io/branch: main
    lighthouse.jenkins-x.io/buildNum: "1782284425942"
    lighthouse.jenkins-x.io/context: release
    lighthouse.jenkins-x.io/id: apitaltrade-destiny-main-release-xw8hz
    lighthouse.jenkins-x.io/job: release
    lighthouse.jenkins-x.io/lastCommitSHA: b07b9d99fc27034d103639793ef75e2fc5196cb2
    lighthouse.jenkins-x.io/refs.org: greencapitaltrade
    lighthouse.jenkins-x.io/refs.repo: destiny
    lighthouse.jenkins-x.io/type: postsubmit
    owner: greencapitaltrade
    podName: apitaltrade-destiny-main-release-ln28p-from-build-pack-pod
    provider: github
    repository: destiny
    tekton.dev/pipeline: apitaltrade-destiny-main-release-ln28p
  managedFields:
  - apiVersion: jenkins.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          f:branch: {}
          f:context: {}
          f:owner: {}
          f:provider: {}
          f:repository: {}
      f:spec:
        f:lastCommitMessage: {}
        f:lastCommitSHA: {}
        f:releaseNotesURL: {}
        f:version: {}
    manager: jx-changelog-0.10.18
    operation: Update
    time: "2026-06-24T07:03:45Z"
  - apiVersion: jenkins.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:lighthouse.jenkins-x.io/cloneURI: {}
          f:lighthouse.jenkins-x.io/job: {}
          f:pipeline.jenkins-x.io/traceID: {}
        f:labels:
          .: {}
          f:build: {}
          f:created-by-lighthouse: {}
          f:event-GUID: {}
          f:lighthouse.jenkins-x.io/baseSHA: {}
          f:lighthouse.jenkins-x.io/branch: {}
          f:lighthouse.jenkins-x.io/buildNum: {}
          f:lighthouse.jenkins-x.io/context: {}
          f:lighthouse.jenkins-x.io/id: {}
          f:lighthouse.jenkins-x.io/job: {}
          f:lighthouse.jenkins-x.io/lastCommitSHA: {}
          f:lighthouse.jenkins-x.io/refs.org: {}
          f:lighthouse.jenkins-x.io/refs.repo: {}
          f:lighthouse.jenkins-x.io/type: {}
          f:podName: {}
          f:tekton.dev/pipeline: {}
      f:spec:
        .: {}
        f:baseSHA: {}
        f:batchPipelineActivity: {}
        f:build: {}
        f:buildLogsUrl: {}
        f:completedTimestamp: {}
        f:context: {}
        f:gitBranch: {}
        f:gitOwner: {}
        f:gitRepository: {}
        f:gitUrl: {}
        f:message: {}
        f:pipeline: {}
        f:startedTimestamp: {}
        f:status: {}
        f:steps: {}
    manager: jx-build-controller
    operation: Update
    time: "2026-06-24T07:06:45Z"
  name: greencapitaltrade-destiny-main-93
  namespace: jx
  resourceVersion: "132651478"
  uid: 3c288e1b-9328-4841-8b7a-bba6c62e0707
spec:
  baseSHA: b07b9d99fc27034d103639793ef75e2fc5196cb2
  batchPipelineActivity: {}
  build: "93"
  buildLogsUrl: s3://logs-gct-prod-20260425045301534100000007/jenkins-x/logs/greencapitaltrade/destiny/main/93.log
  completedTimestamp: "2026-06-24T07:06:40Z"
  context: release
  gitBranch: main
  gitOwner: greencapitaltrade
  gitRepository: destiny
  gitUrl: https://github.com/greencapitaltrade/destiny.git
  lastCommitMessage: |
    refactor: remove the legacy x-gct-file-id header; scope app routes by path

    x-gct-file-id let a caller override the route :application_id, which enabled a
    cross-tenant auth-bypass (closed earlier on the bank-statement endpoint). It also
    masked a routing flaw: the global `router.use(application_user)` and the braced
    `{/:application_id}` mounts never received ctx.params.application_id in their
    middleware, so the app was resolved from the header instead of the path.

    This removes the header end to end:
    - middlewares/application*.js: resolve the app from ctx.params.application_id only.
    - app.js: drop the global application_user; every app-scoped route now mounts at a
      non-braced /:application_id/... with its own application_user (the proven pattern
      already used by /sanction and steps), so the id always comes from the path. The
      /application_user_documents, /application_users and /personal_data routes gain the
      /:application_id path segment (they previously identified the app via the header).
      Both /credit_score mounts (POST trigger + GET/PUT docs) are non-braced so the POST
      resolves to CreditCheckRoute.
    - tests: stop sending x-gct-file-id and call the new path-scoped URLs; cross-tenant
      cases now assert 403 by requesting another app's statement from the caller's own app.

    Verified locally against the devcontainer services: full suite 555 passed, 0 failed.
    `grep -rn x-gct-file-id` (excluding node_modules) returns nothing.

    Closes #1271.

    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  lastCommitSHA: d901e37ff5435cd7f3c7d91e2b2a363066eb8383
  message: 'Tasks Completed: 1 (Failed: 0, Cancelled 0), Skipped: 0'
  pipeline: greencapitaltrade/destiny/main
  releaseNotesURL: https://github.com/greencapitaltrade/destiny/releases/tag/v1.67.2
  startedTimestamp: "2026-06-24T07:00:26Z"
  status: Succeeded
  steps:
  - kind: Stage
    stage:
      completedTimestamp: "2026-06-24T07:06:40Z"
      name: from build pack
      startedTimestamp: "2026-06-24T07:00:29Z"
      status: Succeeded
      steps:
      - completedTimestamp: "2026-06-24T07:00:47Z"
        name: Git Clone
        startedTimestamp: "2026-06-24T07:00:29Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:00:53Z"
        name: Next Version
        startedTimestamp: "2026-06-24T07:00:47Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:00:59Z"
        name: Jx Variables
        startedTimestamp: "2026-06-24T07:00:53Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:02:03Z"
        name: Build Npm Install
        startedTimestamp: "2026-06-24T07:01:00Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:03:20Z"
        name: Build Container Build
        startedTimestamp: "2026-06-24T07:02:03Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:03:45Z"
        name: Promote Changelog
        startedTimestamp: "2026-06-24T07:03:21Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:03:49Z"
        name: Promote Helm Release
        startedTimestamp: "2026-06-24T07:03:45Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:05:06Z"
        name: Promote Jx Promote
        startedTimestamp: "2026-06-24T07:03:50Z"
        status: Succeeded
      - completedTimestamp: "2026-06-24T07:06:40Z"
        name: Publish Org Kb
        startedTimestamp: "2026-06-24T07:05:07Z"
        status: Succeeded
  - kind: Promote
    promote:
      environment: staging
      pullRequest:
        pullRequestURL: https://github.com/greencapitaltrade/mcu/pull/4426
        startedTimestamp: "2026-06-24T07:04:34Z"
        status: Succeeded
      startedTimestamp: "2026-06-24T07:04:34Z"
      status: Succeeded
  - kind: Promote
    promote:
      environment: production
      pullRequest:
        pullRequestURL: https://github.com/greencapitaltrade/mcu/pull/4427
        startedTimestamp: "2026-06-24T07:05:03Z"
        status: Succeeded
      startedTimestamp: "2026-06-24T07:05:03Z"
      status: Succeeded
  version: 1.67.2
status: {}