Merge branch 'main' into feat/ATL-6934

.github/workflows/release.yml

@@ -11,7 +11,7 @@ jobs:
     env:
       GITHUB_ACTOR: "hyperledger-bot"
       GITHUB_ACTOR_EMAIL: "[email protected]"
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.IDENTUS_CI }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
       # New JDK version makes 'localhost' lookup on linux return ipv6.
       # Our test containers are on ipv4. We need to make 'localhost' resolve to ipv4.
@@ -24,9 +24,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.IDENTUS_CI }}
+          ref: ${{ github.event.inputs.release-branch }}
           fetch-depth: 0
-          persist-credentials: false
 
       - name: Setup Java and Scala
         uses: olafurpg/setup-scala@v14
@@ -53,7 +53,7 @@ jobs:
         with:
           registry: ghcr.io
           username: ${{ env.GITHUB_ACTOR }}
-          password: ${{ env.GITHUB_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2

build.sbt

@@ -303,12 +303,6 @@ lazy val D_Pollux = new {
 
 lazy val D_Pollux_VC_JWT = new {
 
-  private lazy val circeJsonSchema = ("net.reactivecore" %% "circe-json-schema" % "0.4.1")
-    .cross(CrossVersion.for3Use2_13)
-    .exclude("io.circe", "circe-core_2.13")
-    .exclude("io.circe", "circe-generic_2.13")
-    .exclude("io.circe", "circe-parser_2.13")
-
   val zio = "dev.zio" %% "zio" % V.zio
   val zioPrelude = "dev.zio" %% "zio-prelude" % V.zioPreludeVersion
 
@@ -321,7 +315,7 @@ lazy val D_Pollux_VC_JWT = new {
   // Dependency Modules
   val zioDependencies: Seq[ModuleID] = Seq(zio, zioPrelude, zioTest, zioTestSbt, zioTestMagnolia)
   val baseDependencies: Seq[ModuleID] =
-    zioDependencies :+ D.jwtCirce :+ circeJsonSchema :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest
+    zioDependencies :+ D.jwtCirce :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest
 
   // Project Dependencies
   lazy val polluxVcJwtDependencies: Seq[ModuleID] = baseDependencies

pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala

@@ -8,7 +8,6 @@ import io.circe.parser.decode
 import io.circe.syntax.*
 import org.hyperledger.identus.castor.core.model.did.VerificationRelationship
 import org.hyperledger.identus.pollux.vc.jwt.revocation.BitString
-import org.hyperledger.identus.pollux.vc.jwt.schema.{SchemaResolver, SchemaValidator}
 import org.hyperledger.identus.shared.crypto.{KmpSecp256k1KeyOps, PublicKey as ApolloPublicKey}
 import org.hyperledger.identus.shared.http.UriResolver
 import org.hyperledger.identus.shared.utils.Base64Utils
@@ -170,69 +169,6 @@ object CredentialPayloadValidation {
         )
       )
   }
-
-  def validateCredentialSchema(
-      maybeCredentialSchema: Option[Json]
-  )(schemaToValidator: Json => Validation[String, SchemaValidator]): Validation[String, Option[SchemaValidator]] = {
-    maybeCredentialSchema.fold(Validation.succeed(Option.empty))(credentialSchema => {
-      schemaToValidator(credentialSchema).map(Some(_))
-    })
-  }
-
-  def validateCredentialSubjectSchema(
-      credentialSubject: Json,
-      credentialSchemaValidator: SchemaValidator
-  ): Validation[String, Json] =
-    credentialSchemaValidator.validate(credentialSubject)
-
-  def validateCredentialSubject(
-      credentialSubject: Json,
-      maybeCredentialSchemaValidator: Option[SchemaValidator]
-  ): Validation[String, Json] = {
-    for {
-      validatedCredentialSubjectNotEmpty <- validateCredentialSubjectNotEmpty(credentialSubject)
-      validatedCredentialSubjectHasId <- validateCredentialSubjectHasId(validatedCredentialSubjectNotEmpty)
-      validatedCredentialSubjectSchema <- maybeCredentialSchemaValidator
-        .map(validateCredentialSubjectSchema(validatedCredentialSubjectHasId, _))
-        .getOrElse(Validation.succeed(validatedCredentialSubjectHasId))
-    } yield validatedCredentialSubjectSchema
-  }
-
-  def validate[C <: CredentialPayload](credentialPayload: C): Validation[String, C] =
-    Validation.validateWith(
-      CredentialPayloadValidation.validateContext(credentialPayload.`@context`),
-      CredentialPayloadValidation.validateVcType(credentialPayload.`type`)
-    ) { (`@context`, `type`) => credentialPayload }
-
-  def validateSchema[C <: CredentialPayload](credentialPayload: C)(schemaResolver: SchemaResolver)(
-      schemaToValidator: Json => Validation[String, SchemaValidator]
-  ): IO[String, C] =
-    val validation =
-      for {
-        resolvedSchema <- ZIO.foreach(credentialPayload.maybeCredentialSchema)(schemaResolver.resolve)
-        maybeDocumentValidator <- CredentialPayloadValidation
-          .validateCredentialSchema(resolvedSchema)(schemaToValidator)
-          .toZIO
-        maybeValidatedCredentialSubject <- CredentialPayloadValidation
-          .validateCredentialSubject(
-            credentialPayload.credentialSubject,
-            maybeDocumentValidator
-          )
-          .toZIO
-      } yield maybeValidatedCredentialSubject
-    validation.map(_ => credentialPayload)
-
-  private def validateCredentialSubjectNotEmpty(credentialSubject: Json): Validation[String, Json] = {
-    Validation
-      .fromPredicateWith("credentialSubject is empty.")(credentialSubject)(_.isObject)
-  }
-
-  private def validateCredentialSubjectHasId(credentialSubject: Json): Validation[String, Json] = {
-    Validation
-      .fromPredicateWith("credentialSubject must contain id.")(credentialSubject)(
-        _.asObject.exists(jsonObject => jsonObject.toMap.contains("id"))
-      )
-  }
 }
 
 case class JwtVc(
@@ -796,28 +732,6 @@ object JwtCredential {
     )(_.iss)
   }
 
-  def validateJwtSchema(
-      jwt: JWT
-  )(schemaResolver: SchemaResolver)(
-      schemaToValidator: Json => Validation[String, SchemaValidator]
-  ): IO[String, Validation[String, Unit]] = {
-    val decodeJWT =
-      Validation.fromTry(JwtCirce.decodeRawAll(jwt.value, JwtOptions(false, false, false))).mapError(_.getMessage)
-
-    val validatedDecodedClaim: Validation[String, JwtCredentialPayload] =
-      for {
-        decodedJwtTask <- decodeJWT
-        (_, claim, _) = decodedJwtTask
-        decodedClaim <- Validation.fromEither(decode[JwtCredentialPayload](claim).left.map(_.toString))
-      } yield decodedClaim
-
-    ValidationUtils.foreach(
-      validatedDecodedClaim.map(decodedClaim =>
-        CredentialPayloadValidation.validateSchema(decodedClaim)(schemaResolver)(schemaToValidator)
-      )
-    )(_.replicateZIODiscard(1))
-  }
-
   def validateExpiration(jwt: JWT, dateTime: OffsetDateTime): Validation[String, Unit] = {
     Validation
       .fromTry(
@@ -838,19 +752,6 @@ object JwtCredential {
       .mapError(_.getMessage)
   }
 
-  def validateSchemaAndSignature(
-      jwt: JWT
-  )(didResolver: DidResolver)(schemaResolver: SchemaResolver)(
-      schemaToValidator: Json => Validation[String, SchemaValidator]
-  ): IO[String, Validation[String, Unit]] = {
-    for {
-      validatedJwtSchema <- validateJwtSchema(jwt)(schemaResolver)(schemaToValidator)
-      validateJwtSignature <- validateEncodedJWT(jwt)(didResolver)
-    } yield {
-      Validation.validateWith(validatedJwtSchema, validateJwtSignature)((a, _) => a)
-    }
-  }
-
   def verifyDates(jwtPayload: JwtVerifiableCredentialPayload, leeway: TemporalAmount)(implicit
       clock: Clock
   ): Validation[String, Unit] = {

release.config.mjs

@@ -2,13 +2,10 @@ export default {
     branches: [
         'main',
         '+([0-9])?(.{+([0-9]),x}).x',
-        { name: 'beta/*', prerelease: 'rc' }
+        { name: 'beta', prerelease: true }
     ],
     plugins: [
         '@semantic-release/commit-analyzer',
-        ["@semantic-release/exec", {
-            "prepareCmd": "docker buildx build --platform=linux/arm64,linux/amd64 --push -t ghcr.io/hyperledger/identus-cloud-agent:${nextRelease.version} ./cloud-agent/service/server/target/docker/stage"
-        }],
         ["@semantic-release/exec", {
             "prepareCmd": "echo ${nextRelease.version} > .release-version"
         }],
@@ -17,13 +14,16 @@ export default {
             "changelogFile": "CHANGELOG.md"
         }],
         ["@semantic-release/exec", {
-            "prepareCmd": "sbt \"release release-version ${nextRelease.version} next-version ${nextRelease.version}-SNAPSHOT with-defaults\""
+            "prepareCmd": "sbt \"release release-version ${nextRelease.version} with-defaults\""
         }],
         ["@semantic-release/exec", {
             "prepareCmd": "npm version ${nextRelease.version} --git-tag-version false"
         }],
         ["@semantic-release/exec", {
-            "prepareCmd": "sbt dumpLicenseReportAggregate && cp ./target/license-reports/root-licenses.md ./DEPENDENCIES.md"
+            "prepareCmd": 'sbt "set ThisBuild / version:=\\\"${nextRelease.version}\\\"" "dumpLicenseReportAggregate" && cp ./target/license-reports/root-licenses.md ./DEPENDENCIES.md'
+        }],
+        ["@semantic-release/exec", {
+            "prepareCmd": "docker buildx build --platform=linux/arm64,linux/amd64 --push -t ghcr.io/hyperledger/identus-cloud-agent:${nextRelease.version} ./cloud-agent/service/server/target/docker/stage"
         }],
         ["@semantic-release/exec", {
             "prepareCmd": "sed -i.bak \"s/AGENT_VERSION=.*/AGENT_VERSION=${nextRelease.version}/\" ./infrastructure/local/.env && rm -f ./infrastructure/local/.env.bak"