[FIX] #1245 DIDExchange request handling should require invitation key rotation #7757
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "**" | |
env: | |
DOCKER_BUILDKIT: 1 | |
MAIN_BRANCH: main | |
URL_DOCKER_REGISTRY: ghcr.io | |
DOCKER_IMAGE_AGENCY: ghcr.io/absaoss/vcxagencynode/vcxagency-node:2.6.0 | |
DOCKER_IMAGE_POOL: ghcr.io/hyperledger/aries-vcx/indy_pool_localhost:1.15.0 | |
DOCKER_REPO_LOCAL_VDRPROXY: vdrproxy | |
DOCKER_REPO_LOCAL_AATH: aath-backchannel | |
RUST_TOOLCHAIN_VERSION: 1.79.0 | |
NODE_VERSION: 18.x | |
jobs: | |
verify-code-formatting: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: nightly-2023-05-08 | |
components: rustfmt | |
override: true | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Verify code formatting" | |
run: just fmt-check | |
workflow-setup: | |
runs-on: ubuntu-20.04 | |
outputs: | |
PUBLISH_VERSION: ${{ steps.run-info.outputs.publish-version }} | |
RELEASE: ${{ steps.run-info.outputs.release }} | |
PRERELEASE: ${{ steps.run-info.outputs.pre-release }} | |
BRANCH_NAME: ${{ steps.run-info.outputs.branch-name }} | |
IS_MAIN_BRANCH: ${{ steps.run-info.outputs.branch-name == env.MAIN_BRANCH }} | |
IS_FORK: ${{ steps.run-info.outputs.is-fork }} | |
SKIP_NAPI_M1: ${{ steps.skip-info.outputs.skip-napi-m1 }} | |
SKIP_CI: ${{ steps.skip-info.outputs.skip-ci }} | |
DOCKER_IMG_CACHED_VDRPROXY: ${{ steps.docker-imgs.outputs.DOCKER_IMG_CACHED_VDRPROXY }} | |
DOCKER_IMG_CACHED_AATH: ${{ steps.docker-imgs.outputs.DOCKER_IMG_CACHED_AATH }} | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v1 | |
- uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
default: true | |
- name: "Construct CI run-info" | |
id: run-info | |
uses: ./.github/actions/construct-run-info | |
- name: "Detect CI skip steps" | |
id: skip-info | |
uses: ./.github/actions/detect-skip-info | |
- name: "Set outputs" | |
id: docker-imgs | |
run: | | |
set -x | |
HASH_DOCKERFILE_VDRPROXY=${{ hashFiles('.github/ci/vdrproxy.dockerfile') }} | |
HASH_SRC_ARIES=${{ hashFiles('aries') }} | |
HASH_SRC_DID_CORE=${{ hashFiles('did_core') }} | |
HASH_SRC_MISC=${{ hashFiles('misc') }} | |
SEED_HASH_ARIESVCX=${HASH_SRC_ARIES:0:11}-${HASH_SRC_DID_CORE:0:11}-${HASH_SRC_MISC:0:11} | |
HASH_ARIESVCX=$(echo -n "$SEED_HASH_ARIESVCX" | sha256sum | awk '{print $1}') | |
echo "DOCKER_IMG_CACHED_VDRPROXY=$DOCKER_REPO_LOCAL_VDRPROXY:$HASH_DOCKERFILE_VDRPROXY" >> $GITHUB_OUTPUT | |
echo "DOCKER_IMG_CACHED_AATH=$DOCKER_REPO_LOCAL_AATH:$HASH_ARIESVCX" >> $GITHUB_OUTPUT | |
workflow-setup-check: | |
runs-on: ubuntu-20.04 | |
needs: workflow-setup | |
steps: | |
- name: "Print outputs" | |
run: | | |
echo "PUBLISH_VERSION ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}" | |
echo "RELEASE ${{ needs.workflow-setup.outputs.RELEASE }}" | |
echo "PRERELEASE ${{ needs.workflow-setup.outputs.PRERELEASE }}" | |
echo "BRANCH_NAME ${{ needs.workflow-setup.outputs.BRANCH_NAME }}" | |
echo "IS_MAIN_BRANCH ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH }}" | |
echo "IS_FORK ${{ needs.workflow-setup.outputs.IS_FORK }}" | |
echo "SKIP_NAPI_M1 ${{ needs.workflow-setup.outputs.SKIP_NAPI_M1 }}" | |
echo "SKIP_CI ${{ needs.workflow-setup.outputs.SKIP_CI }}" | |
echo "DOCKER_IMG_CACHED_VDRPROXY ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}" | |
echo "DOCKER_IMG_CACHED_AATH ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}" | |
workspace_clippy: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
wallet: ["vdrtools_wallet", "askar_wallet"] | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
default: true | |
components: clippy | |
- name: "Install dependencies" | |
shell: bash | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libsodium-dev libssl-dev libzmq3-dev | |
sudo snap install --edge --classic just | |
- name: "Verify clippy across the entire workspace" | |
run: just clippy-workspace ${{ matrix.wallet }} | |
aries_vcx_clippy: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
backend: ["credx,vdrtools_wallet", "vdr_proxy_ledger,vdrtools_wallet"] | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
default: true | |
components: clippy | |
- name: "Install dependencies" | |
shell: bash | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libsodium-dev libssl-dev libzmq3-dev | |
sudo snap install --edge --classic just | |
- name: "Verify clippy across the entire workspace with default features" | |
run: just clippy-aries-vcx ${{ matrix.backend }} | |
########################################################################################## | |
############################## DOCKER BUILD ########################################## | |
# todo: move to indy-vdr repo | |
build-docker-vdrproxy: | |
needs: [ workflow-setup ] | |
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }} | |
runs-on: ubuntu-20.04 | |
env: | |
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }} | |
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }} | |
outputs: | |
image-name: ${{ steps.meta.outputs.tags }} | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Build and cache image" | |
uses: ./.github/actions/build-image | |
with: | |
docker-img: ${{ env.DOCKER_IMG_CACHED }} | |
dockerfile-path: ".github/ci/vdrproxy.dockerfile" | |
build-arg: "ALPINE_CORE_IMAGE=$DOCKER_IMG_CACHED_ALPINE_CORE" | |
branch-name: ${{ env.BRANCH_NAME }} | |
branch-main: ${{ env.MAIN_BRANCH }} | |
docker-repo-local-name: ${{ env.DOCKER_REPO_LOCAL_VDRPROXY }} | |
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }} | |
# builds and publishes main branch AATH backchannels | |
build-docker-aath-backchannel: | |
needs: [ workflow-setup ] | |
if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }} | |
runs-on: ubuntu-20.04 | |
env: | |
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }} | |
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }} | |
outputs: | |
image-name: ${{ steps.meta.outputs.tags }} | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Build and cache image" | |
uses: ./.github/actions/build-image | |
with: | |
docker-img: ${{ env.DOCKER_IMG_CACHED }} | |
dockerfile-path: "aries/agents/aath-backchannel/Dockerfile.aries-vcx" | |
build-arg: "ALPINE_CORE_IMAGE=$DOCKER_IMG_CACHED_ALPINE_CORE" | |
branch-name: ${{ env.BRANCH_NAME }} | |
branch-main: ${{ env.MAIN_BRANCH }} | |
docker-repo-local-name: ${{ env.DOCKER_REPO_LOCAL_AATH }} | |
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }} | |
########################################################################################## | |
############################## DOCKER PUBLISH ######################################## | |
publish-docker-vdrproxy: | |
runs-on: ubuntu-20.04 | |
needs: [ workflow-setup, build-docker-vdrproxy ] | |
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }} | |
env: | |
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }} | |
PUBLISH_VERSION: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }} | |
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }} | |
IS_FORK: ${{ needs.workflow-setup.outputs.IS_FORK }} | |
steps: | |
- name: "Git checkout" | |
if: ${{ env.IS_FORK == 'false' }} | |
uses: actions/checkout@v3 | |
- name: "Docker Login" | |
uses: azure/docker-login@v1 | |
with: | |
login-server: ${{ env.URL_DOCKER_REGISTRY }} | |
username: $GITHUB_ACTOR | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Publish versioned image" | |
if: ${{ env.IS_FORK == 'false' }} | |
uses: ./.github/actions/publish-image | |
with: | |
docker-img: ${{ env.DOCKER_IMG_CACHED }} | |
publish-version: ${{ env.PUBLISH_VERSION }} | |
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }} | |
# additional publish of the AATH backchannel image with tagged versions for tags | |
publish-docker-aath-backchannel: | |
runs-on: ubuntu-20.04 | |
needs: [ workflow-setup, build-docker-aath-backchannel ] | |
if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }} | |
env: | |
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }} | |
PUBLISH_VERSION: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }} | |
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }} | |
IS_FORK: ${{ needs.workflow-setup.outputs.IS_FORK }} | |
steps: | |
- name: "Git checkout" | |
if: ${{ env.IS_FORK == 'false' }} | |
uses: actions/checkout@v3 | |
- name: "Docker Login" | |
uses: azure/docker-login@v1 | |
with: | |
login-server: ${{ env.URL_DOCKER_REGISTRY }} | |
username: $GITHUB_ACTOR | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "Publish versioned image" | |
if: ${{ env.IS_FORK == 'false' }} | |
uses: ./.github/actions/publish-image | |
with: | |
docker-img: ${{ env.DOCKER_IMG_CACHED }} | |
publish-version: ${{ env.PUBLISH_VERSION }} | |
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }} | |
########################################################################################## | |
############################### TESTING ########################################### | |
test-unit-workspace: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
skip-docker-setup: true | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run workspace unit tests" | |
run: just test-unit | |
test-wallet-migrator: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
default: true | |
skip-docker-setup: true | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run wallet migration tests" | |
run: just test-wallet-migrator | |
test-compatibility-aries-vcx-wallet: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
default: true | |
skip-docker-setup: true | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run aries-vcx-wallet compatibility tests" | |
run: just test-compatibility-aries-vcx-wallet | |
test-integration-aries-vcx: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
wallet: ["vdrtools_wallet,credx", "askar_wallet,credx"] | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run aries-vcx integration tests" | |
run: just test-integration-aries-vcx ${{ matrix.wallet }} | |
test-integration-aries-vcx-anoncreds-rs: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run anoncreds-rs integration tests" | |
run: just test-integration-aries-vcx-anoncreds-rs | |
test-integration-aries-vcx-mysql: | |
needs: workflow-setup | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run aries_vcx tests: mysql_test" | |
run: just test-integration-aries-vcx-mysql | |
test-integration-aries-vcx-vdrproxy: | |
needs: [workflow-setup, build-docker-vdrproxy] | |
runs-on: ubuntu-20.04 | |
env: | |
RUST_TEST_THREADS: 1 | |
VDR_PROXY_CLIENT_URL: http://127.0.0.1:3030 | |
DOCKER_IMAGE_VDRPROXY: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }} | |
GENESIS_URL: https://raw.githubusercontent.com/AbsaOSS/sovrin-networks/master/genesis/127.0.0.1.ndjson | |
VDR_PROXY_PORT: 3030 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Load image" | |
uses: ./.github/actions/load-image | |
with: | |
docker-img: ${{ env.DOCKER_IMAGE_VDRPROXY }} | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
skip-vdrproxy-setup: false | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run aries_vcx tests: vdrproxy_test" | |
run: just test-integration-aries-vcx-vdrproxy | |
- name: "Collect docker logs on failure" | |
if: failure() | |
uses: ./.github/actions/upload-docker-logs | |
with: | |
name: "docker-services-${{ github.job }}" | |
test-integration-did-crate: | |
needs: workflow-setup | |
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }} | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
- name: "Setup rust testing environment" | |
uses: ./.github/actions/setup-testing-rust | |
with: | |
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }} | |
- name: "Install just" | |
run: sudo snap install --edge --classic just | |
- name: "Run resolver tests" | |
run: just test-integration-did-crate | |
########################################################################################## | |
############################## RELEASE ######################################### | |
make-release: | |
runs-on: ubuntu-20.04 | |
needs: | |
- workflow-setup | |
- test-unit-workspace | |
- test-integration-aries-vcx | |
- test-integration-aries-vcx-mysql | |
if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }} | |
outputs: | |
RELEASE_UPLOAD_URL: ${{ steps.create-release.outputs.upload_url }} | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v2 | |
- name: "Generate changelog" | |
uses: heinrichreimer/action-github-changelog-generator@v2.3 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
futureRelease: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }} | |
releaseBranch: main | |
pullRequests: true | |
unreleased: false | |
unreleasedOnly: false | |
issuesWoLabels: true | |
prWoLabels: true | |
stripGeneratorNotice: true | |
stripHeaders: false | |
maxIssues: 50 | |
excludeLabels: duplicate,question,invalid,wontfix,changelog-excluded | |
breakingLabels: backwards-incompatible,breaking | |
deprecatedLabels: deprecated | |
headerLabel: "# Changelog" | |
breakingLabel: '### Breaking changes' | |
enhancementLabel: '### Enhancements' | |
bugsLabel: '### Bug fixes' | |
deprecatedLabel: '### Deprecations' | |
removedLabel: '### Removals' | |
securityLabel: '### Security fixes' | |
issuesLabel: '### Other issues' | |
prLabel: '### Other pull requests' | |
addSections: '{"ci":{"prefix":"### CI changes","labels":["ci"]},"wrappers":{"prefix":"### Wrapper changes","labels":["wrappers"]},"agents":{"prefix":"### Changes to agents","labels":["agents"]},"features":{"prefix":"### Features","labels":["features"]},"hotfix":{"prefix":"### Hotfixes","labels":["hotfix"]},"security":{"prefix":"### Security fixes","labels":["security"]},"refactoring":{"prefix":"### Refactoring","labels":["refactoring"]},"tests":{"prefix":"### Tests","labels":["tests"]},"update":{"prefix":"### Updates","labels":["update"]}}' | |
excludeTagsRegex: '^((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))+)?)$' | |
- name: "Create a new release" | |
id: create-release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }} | |
release_name: Release ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }} | |
body_path: ./CHANGELOG.md | |
draft: ${{ needs.workflow-setup.outputs.PRERELEASE == 'true' }} | |
prerelease: ${{ needs.workflow-setup.outputs.PRERELEASE == 'true' }} |