Skip to content

[FIX] DIDExchange handlers should do more signature checking #1226 #7694

[FIX] DIDExchange handlers should do more signature checking #1226

[FIX] DIDExchange handlers should do more signature checking #1226 #7694

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
branches:
- "**"
env:
DOCKER_BUILDKIT: 1
MAIN_BRANCH: main
URL_DOCKER_REGISTRY: ghcr.io
DOCKER_IMAGE_AGENCY: ghcr.io/absaoss/vcxagencynode/vcxagency-node:2.6.0
DOCKER_IMAGE_POOL: ghcr.io/hyperledger/aries-vcx/indy_pool_localhost:1.15.0
DOCKER_REPO_LOCAL_VDRPROXY: vdrproxy
DOCKER_REPO_LOCAL_AATH: aath-backchannel
RUST_TOOLCHAIN_VERSION: 1.76.0
NODE_VERSION: 18.x
jobs:
verify-code-formatting:
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly-2023-05-08
components: rustfmt
override: true
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Verify code formatting"
run: just fmt-check
workflow-setup:
runs-on: ubuntu-20.04
outputs:
PUBLISH_VERSION: ${{ steps.run-info.outputs.publish-version }}
RELEASE: ${{ steps.run-info.outputs.release }}
PRERELEASE: ${{ steps.run-info.outputs.pre-release }}
BRANCH_NAME: ${{ steps.run-info.outputs.branch-name }}
IS_MAIN_BRANCH: ${{ steps.run-info.outputs.branch-name == env.MAIN_BRANCH }}
IS_FORK: ${{ steps.run-info.outputs.is-fork }}
SKIP_NAPI_M1: ${{ steps.skip-info.outputs.skip-napi-m1 }}
SKIP_CI: ${{ steps.skip-info.outputs.skip-ci }}
DOCKER_IMG_CACHED_VDRPROXY: ${{ steps.docker-imgs.outputs.DOCKER_IMG_CACHED_VDRPROXY }}
DOCKER_IMG_CACHED_AATH: ${{ steps.docker-imgs.outputs.DOCKER_IMG_CACHED_AATH }}
steps:
- name: "Git checkout"
uses: actions/checkout@v1
- uses: actions-rs/toolchain@v1
with:
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
default: true
- name: "Construct CI run-info"
id: run-info
uses: ./.github/actions/construct-run-info
- name: "Detect CI skip steps"
id: skip-info
uses: ./.github/actions/detect-skip-info
- name: "Set outputs"
id: docker-imgs
run: |
set -x
HASH_DOCKERFILE_VDRPROXY=${{ hashFiles('.github/ci/vdrproxy.dockerfile') }}
HASH_SRC_ARIES=${{ hashFiles('aries') }}
HASH_SRC_DID_CORE=${{ hashFiles('did_core') }}
HASH_SRC_MISC=${{ hashFiles('misc') }}
SEED_HASH_ARIESVCX=${HASH_SRC_ARIES:0:11}-${HASH_SRC_DID_CORE:0:11}-${HASH_SRC_MISC:0:11}
HASH_ARIESVCX=$(echo -n "$SEED_HASH_ARIESVCX" | sha256sum | awk '{print $1}')
echo "DOCKER_IMG_CACHED_VDRPROXY=$DOCKER_REPO_LOCAL_VDRPROXY:$HASH_DOCKERFILE_VDRPROXY" >> $GITHUB_OUTPUT
echo "DOCKER_IMG_CACHED_AATH=$DOCKER_REPO_LOCAL_AATH:$HASH_ARIESVCX" >> $GITHUB_OUTPUT
workflow-setup-check:
runs-on: ubuntu-20.04
needs: workflow-setup
steps:
- name: "Print outputs"
run: |
echo "PUBLISH_VERSION ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}"
echo "RELEASE ${{ needs.workflow-setup.outputs.RELEASE }}"
echo "PRERELEASE ${{ needs.workflow-setup.outputs.PRERELEASE }}"
echo "BRANCH_NAME ${{ needs.workflow-setup.outputs.BRANCH_NAME }}"
echo "IS_MAIN_BRANCH ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH }}"
echo "IS_FORK ${{ needs.workflow-setup.outputs.IS_FORK }}"
echo "SKIP_NAPI_M1 ${{ needs.workflow-setup.outputs.SKIP_NAPI_M1 }}"
echo "SKIP_CI ${{ needs.workflow-setup.outputs.SKIP_CI }}"
echo "DOCKER_IMG_CACHED_VDRPROXY ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}"
echo "DOCKER_IMG_CACHED_AATH ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}"
workspace_clippy:
runs-on: ubuntu-20.04
strategy:
matrix:
wallet: ["vdrtools_wallet", "askar_wallet"]
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- uses: actions-rs/toolchain@v1
with:
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
default: true
components: clippy
- name: "Install dependencies"
shell: bash
run: |
sudo apt-get update -y
sudo apt-get install -y libsodium-dev libssl-dev libzmq3-dev
sudo snap install --edge --classic just
- name: "Verify clippy across the entire workspace"
run: just clippy-workspace ${{ matrix.wallet }}
aries_vcx_clippy:
runs-on: ubuntu-20.04
strategy:
matrix:
backend: ["credx,vdrtools_wallet", "vdr_proxy_ledger,vdrtools_wallet"]
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- uses: actions-rs/toolchain@v1
with:
toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
default: true
components: clippy
- name: "Install dependencies"
shell: bash
run: |
sudo apt-get update -y
sudo apt-get install -y libsodium-dev libssl-dev libzmq3-dev
sudo snap install --edge --classic just
- name: "Verify clippy across the entire workspace with default features"
run: just clippy-aries-vcx ${{ matrix.backend }}
##########################################################################################
############################## DOCKER BUILD ##########################################
# todo: move to indy-vdr repo
build-docker-vdrproxy:
needs: [ workflow-setup ]
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
runs-on: ubuntu-20.04
env:
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
outputs:
image-name: ${{ steps.meta.outputs.tags }}
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Build and cache image"
uses: ./.github/actions/build-image
with:
docker-img: ${{ env.DOCKER_IMG_CACHED }}
dockerfile-path: ".github/ci/vdrproxy.dockerfile"
build-arg: "ALPINE_CORE_IMAGE=$DOCKER_IMG_CACHED_ALPINE_CORE"
branch-name: ${{ env.BRANCH_NAME }}
branch-main: ${{ env.MAIN_BRANCH }}
docker-repo-local-name: ${{ env.DOCKER_REPO_LOCAL_VDRPROXY }}
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }}
# builds and publishes main branch AATH backchannels
build-docker-aath-backchannel:
needs: [ workflow-setup ]
if: ${{ needs.workflow-setup.outputs.IS_MAIN_BRANCH == 'true' }}
runs-on: ubuntu-20.04
env:
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
outputs:
image-name: ${{ steps.meta.outputs.tags }}
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Build and cache image"
uses: ./.github/actions/build-image
with:
docker-img: ${{ env.DOCKER_IMG_CACHED }}
dockerfile-path: "aries/agents/aath-backchannel/Dockerfile.aries-vcx"
build-arg: "ALPINE_CORE_IMAGE=$DOCKER_IMG_CACHED_ALPINE_CORE"
branch-name: ${{ env.BRANCH_NAME }}
branch-main: ${{ env.MAIN_BRANCH }}
docker-repo-local-name: ${{ env.DOCKER_REPO_LOCAL_AATH }}
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }}
##########################################################################################
############################## DOCKER PUBLISH ########################################
publish-docker-vdrproxy:
runs-on: ubuntu-20.04
needs: [ workflow-setup, build-docker-vdrproxy ]
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
env:
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}
PUBLISH_VERSION: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
IS_FORK: ${{ needs.workflow-setup.outputs.IS_FORK }}
steps:
- name: "Git checkout"
if: ${{ env.IS_FORK == 'false' }}
uses: actions/checkout@v3
- name: "Docker Login"
uses: azure/docker-login@v1
with:
login-server: ${{ env.URL_DOCKER_REGISTRY }}
username: $GITHUB_ACTOR
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Publish versioned image"
if: ${{ env.IS_FORK == 'false' }}
uses: ./.github/actions/publish-image
with:
docker-img: ${{ env.DOCKER_IMG_CACHED }}
publish-version: ${{ env.PUBLISH_VERSION }}
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }}
# additional publish of the AATH backchannel image with tagged versions for tags
publish-docker-aath-backchannel:
runs-on: ubuntu-20.04
needs: [ workflow-setup, build-docker-aath-backchannel ]
if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }}
env:
DOCKER_IMG_CACHED: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_AATH }}
PUBLISH_VERSION: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}
BRANCH_NAME: ${{ needs.workflow-setup.outputs.BRANCH_NAME }}
IS_FORK: ${{ needs.workflow-setup.outputs.IS_FORK }}
steps:
- name: "Git checkout"
if: ${{ env.IS_FORK == 'false' }}
uses: actions/checkout@v3
- name: "Docker Login"
uses: azure/docker-login@v1
with:
login-server: ${{ env.URL_DOCKER_REGISTRY }}
username: $GITHUB_ACTOR
password: ${{ secrets.GITHUB_TOKEN }}
- name: "Publish versioned image"
if: ${{ env.IS_FORK == 'false' }}
uses: ./.github/actions/publish-image
with:
docker-img: ${{ env.DOCKER_IMG_CACHED }}
publish-version: ${{ env.PUBLISH_VERSION }}
url-docker-registry: ${{ env.URL_DOCKER_REGISTRY }}
##########################################################################################
############################### TESTING ###########################################
test-unit-workspace:
needs: workflow-setup
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
skip-docker-setup: true
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run workspace unit tests"
run: just test-unit
test-wallet-migrator:
needs: workflow-setup
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
default: true
skip-docker-setup: true
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run wallet migration tests"
run: just test-wallet-migrator
test-compatibility-aries-vcx-wallet:
needs: workflow-setup
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
default: true
skip-docker-setup: true
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run aries-vcx-wallet compatibility tests"
run: just test-compatibility-aries-vcx-wallet
test-integration-aries-vcx:
needs: workflow-setup
runs-on: ubuntu-20.04
strategy:
matrix:
wallet: ["vdrtools_wallet,credx", "askar_wallet,credx"]
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run aries-vcx integration tests"
run: just test-integration-aries-vcx ${{ matrix.wallet }}
test-integration-aries-vcx-anoncreds-rs:
needs: workflow-setup
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run anoncreds-rs integration tests"
run: just test-integration-aries-vcx-anoncreds-rs
test-integration-aries-vcx-mysql:
needs: workflow-setup
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run aries_vcx tests: mysql_test"
run: just test-integration-aries-vcx-mysql
test-integration-aries-vcx-vdrproxy:
needs: [workflow-setup, build-docker-vdrproxy]
runs-on: ubuntu-20.04
env:
RUST_TEST_THREADS: 1
VDR_PROXY_CLIENT_URL: http://127.0.0.1:3030
DOCKER_IMAGE_VDRPROXY: ${{ needs.workflow-setup.outputs.DOCKER_IMG_CACHED_VDRPROXY }}
GENESIS_URL: https://raw.githubusercontent.com/AbsaOSS/sovrin-networks/master/genesis/127.0.0.1.ndjson
VDR_PROXY_PORT: 3030
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Load image"
uses: ./.github/actions/load-image
with:
docker-img: ${{ env.DOCKER_IMAGE_VDRPROXY }}
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
skip-vdrproxy-setup: false
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run aries_vcx tests: vdrproxy_test"
run: just test-integration-aries-vcx-vdrproxy
- name: "Collect docker logs on failure"
if: failure()
uses: ./.github/actions/upload-docker-logs
with:
name: "docker-services-${{ github.job }}"
test-integration-did-crate:
needs: workflow-setup
if: ${{ needs.workflow-setup.outputs.SKIP_CI != 'true' }}
runs-on: ubuntu-20.04
steps:
- name: "Git checkout"
uses: actions/checkout@v3
- name: "Setup rust testing environment"
uses: ./.github/actions/setup-testing-rust
with:
rust-toolchain-version: ${{ env.RUST_TOOLCHAIN_VERSION }}
- name: "Install just"
run: sudo snap install --edge --classic just
- name: "Run resolver tests"
run: just test-integration-did-crate
##########################################################################################
############################## RELEASE #########################################
make-release:
runs-on: ubuntu-20.04
needs:
- workflow-setup
- test-unit-workspace
- test-integration-aries-vcx
- test-integration-aries-vcx-mysql
if: ${{ needs.workflow-setup.outputs.RELEASE == 'true' || needs.workflow-setup.outputs.PRERELEASE == 'true' }}
outputs:
RELEASE_UPLOAD_URL: ${{ steps.create-release.outputs.upload_url }}
steps:
- name: "Git checkout"
uses: actions/checkout@v2
- name: "Generate changelog"
uses: heinrichreimer/action-github-changelog-generator@v2.3
with:
token: ${{ secrets.GITHUB_TOKEN }}
futureRelease: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}
releaseBranch: main
pullRequests: true
unreleased: false
unreleasedOnly: false
issuesWoLabels: true
prWoLabels: true
stripGeneratorNotice: true
stripHeaders: false
maxIssues: 50
excludeLabels: duplicate,question,invalid,wontfix,changelog-excluded
breakingLabels: backwards-incompatible,breaking
deprecatedLabels: deprecated
headerLabel: "# Changelog"
breakingLabel: '### Breaking changes'
enhancementLabel: '### Enhancements'
bugsLabel: '### Bug fixes'
deprecatedLabel: '### Deprecations'
removedLabel: '### Removals'
securityLabel: '### Security fixes'
issuesLabel: '### Other issues'
prLabel: '### Other pull requests'
addSections: '{"ci":{"prefix":"### CI changes","labels":["ci"]},"wrappers":{"prefix":"### Wrapper changes","labels":["wrappers"]},"agents":{"prefix":"### Changes to agents","labels":["agents"]},"features":{"prefix":"### Features","labels":["features"]},"hotfix":{"prefix":"### Hotfixes","labels":["hotfix"]},"security":{"prefix":"### Security fixes","labels":["security"]},"refactoring":{"prefix":"### Refactoring","labels":["refactoring"]},"tests":{"prefix":"### Tests","labels":["tests"]},"update":{"prefix":"### Updates","labels":["update"]}}'
excludeTagsRegex: '^((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))+)?)$'
- name: "Create a new release"
id: create-release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}
release_name: Release ${{ needs.workflow-setup.outputs.PUBLISH_VERSION }}
body_path: ./CHANGELOG.md
draft: ${{ needs.workflow-setup.outputs.PRERELEASE == 'true' }}
prerelease: ${{ needs.workflow-setup.outputs.PRERELEASE == 'true' }}