From a7d51b65804130ad8219b8d97f68e251c2d2f2bb Mon Sep 17 00:00:00 2001 From: Yurii Shynbuiev - IOHK Date: Tue, 20 Aug 2024 21:48:50 +0700 Subject: [PATCH 1/2] ci: set next version properly (#1295) Signed-off-by: Yurii Shynbuiev --- .github/workflows/release.yml | 8 ++++---- release.config.mjs | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8a0cd5f5b..c4ca90fb49 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: env: GITHUB_ACTOR: "hyperledger-bot" GITHUB_ACTOR_EMAIL: "hyperledger-bot@hyperledger.org" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.IDENTUS_CI }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} # New JDK version makes 'localhost' lookup on linux return ipv6. # Our test containers are on ipv4. We need to make 'localhost' resolve to ipv4. @@ -24,9 +24,9 @@ jobs: steps: - uses: actions/checkout@v4 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.IDENTUS_CI }} + ref: ${{ github.event.inputs.release-branch }} fetch-depth: 0 - persist-credentials: false - name: Setup Java and Scala uses: olafurpg/setup-scala@v14 @@ -53,7 +53,7 @@ jobs: with: registry: ghcr.io username: ${{ env.GITHUB_ACTOR }} - password: ${{ env.GITHUB_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v2 diff --git a/release.config.mjs b/release.config.mjs index 58928bb6a1..9b8a9923d4 100644 --- a/release.config.mjs +++ b/release.config.mjs @@ -2,13 +2,10 @@ export default { branches: [ 'main', '+([0-9])?(.{+([0-9]),x}).x', - { name: 'beta/*', prerelease: 'rc' } + { name: 'beta', prerelease: true } ], plugins: [ '@semantic-release/commit-analyzer', - ["@semantic-release/exec", { - "prepareCmd": "docker buildx build --platform=linux/arm64,linux/amd64 --push -t ghcr.io/hyperledger/identus-cloud-agent:${nextRelease.version} ./cloud-agent/service/server/target/docker/stage" - }], ["@semantic-release/exec", { "prepareCmd": "echo ${nextRelease.version} > .release-version" }], @@ -17,13 +14,16 @@ export default { "changelogFile": "CHANGELOG.md" }], ["@semantic-release/exec", { - "prepareCmd": "sbt \"release release-version ${nextRelease.version} next-version ${nextRelease.version}-SNAPSHOT with-defaults\"" + "prepareCmd": "sbt \"release release-version ${nextRelease.version} with-defaults\"" }], ["@semantic-release/exec", { "prepareCmd": "npm version ${nextRelease.version} --git-tag-version false" }], ["@semantic-release/exec", { - "prepareCmd": "sbt dumpLicenseReportAggregate && cp ./target/license-reports/root-licenses.md ./DEPENDENCIES.md" + "prepareCmd": 'sbt "set ThisBuild / version:=\\\"${nextRelease.version}\\\"" "dumpLicenseReportAggregate" && cp ./target/license-reports/root-licenses.md ./DEPENDENCIES.md' + }], + ["@semantic-release/exec", { + "prepareCmd": "docker buildx build --platform=linux/arm64,linux/amd64 --push -t ghcr.io/hyperledger/identus-cloud-agent:${nextRelease.version} ./cloud-agent/service/server/target/docker/stage" }], ["@semantic-release/exec", { "prepareCmd": "sed -i.bak \"s/AGENT_VERSION=.*/AGENT_VERSION=${nextRelease.version}/\" ./infrastructure/local/.env && rm -f ./infrastructure/local/.env.bak" From 6f8c9ffb6283d8da2bf7b92672142a3b27195c4d Mon Sep 17 00:00:00 2001 From: patlo-iog Date: Thu, 22 Aug 2024 23:50:09 +0700 Subject: [PATCH 2/2] chore: remove dead code SchemaValidator (#1296) Signed-off-by: Pat Losoponkul --- build.sbt | 8 +- .../vc/jwt/VerifiableCredentialPayload.scala | 99 ------------------- .../schema/PlaceholderSchemaValidator.scala | 14 --- .../schema/ReactiveCoreSchemaValidator.scala | 22 ----- .../pollux/vc/jwt/schema/SchemaResolver.scala | 9 -- .../vc/jwt/schema/SchemaValidator.scala | 8 -- 6 files changed, 1 insertion(+), 159 deletions(-) delete mode 100644 pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala delete mode 100644 pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala delete mode 100644 pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala delete mode 100644 pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala diff --git a/build.sbt b/build.sbt index 515717e031..6fded75559 100644 --- a/build.sbt +++ b/build.sbt @@ -303,12 +303,6 @@ lazy val D_Pollux = new { lazy val D_Pollux_VC_JWT = new { - private lazy val circeJsonSchema = ("net.reactivecore" %% "circe-json-schema" % "0.4.1") - .cross(CrossVersion.for3Use2_13) - .exclude("io.circe", "circe-core_2.13") - .exclude("io.circe", "circe-generic_2.13") - .exclude("io.circe", "circe-parser_2.13") - val zio = "dev.zio" %% "zio" % V.zio val zioPrelude = "dev.zio" %% "zio-prelude" % V.zioPreludeVersion @@ -321,7 +315,7 @@ lazy val D_Pollux_VC_JWT = new { // Dependency Modules val zioDependencies: Seq[ModuleID] = Seq(zio, zioPrelude, zioTest, zioTestSbt, zioTestMagnolia) val baseDependencies: Seq[ModuleID] = - zioDependencies :+ D.jwtCirce :+ circeJsonSchema :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest + zioDependencies :+ D.jwtCirce :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest // Project Dependencies lazy val polluxVcJwtDependencies: Seq[ModuleID] = baseDependencies diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala index c849369651..e6c894ce23 100644 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala +++ b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala @@ -8,7 +8,6 @@ import io.circe.parser.decode import io.circe.syntax.* import org.hyperledger.identus.castor.core.model.did.VerificationRelationship import org.hyperledger.identus.pollux.vc.jwt.revocation.BitString -import org.hyperledger.identus.pollux.vc.jwt.schema.{SchemaResolver, SchemaValidator} import org.hyperledger.identus.shared.crypto.{KmpSecp256k1KeyOps, PublicKey as ApolloPublicKey} import org.hyperledger.identus.shared.http.UriResolver import org.hyperledger.identus.shared.utils.Base64Utils @@ -170,69 +169,6 @@ object CredentialPayloadValidation { ) ) } - - def validateCredentialSchema( - maybeCredentialSchema: Option[Json] - )(schemaToValidator: Json => Validation[String, SchemaValidator]): Validation[String, Option[SchemaValidator]] = { - maybeCredentialSchema.fold(Validation.succeed(Option.empty))(credentialSchema => { - schemaToValidator(credentialSchema).map(Some(_)) - }) - } - - def validateCredentialSubjectSchema( - credentialSubject: Json, - credentialSchemaValidator: SchemaValidator - ): Validation[String, Json] = - credentialSchemaValidator.validate(credentialSubject) - - def validateCredentialSubject( - credentialSubject: Json, - maybeCredentialSchemaValidator: Option[SchemaValidator] - ): Validation[String, Json] = { - for { - validatedCredentialSubjectNotEmpty <- validateCredentialSubjectNotEmpty(credentialSubject) - validatedCredentialSubjectHasId <- validateCredentialSubjectHasId(validatedCredentialSubjectNotEmpty) - validatedCredentialSubjectSchema <- maybeCredentialSchemaValidator - .map(validateCredentialSubjectSchema(validatedCredentialSubjectHasId, _)) - .getOrElse(Validation.succeed(validatedCredentialSubjectHasId)) - } yield validatedCredentialSubjectSchema - } - - def validate[C <: CredentialPayload](credentialPayload: C): Validation[String, C] = - Validation.validateWith( - CredentialPayloadValidation.validateContext(credentialPayload.`@context`), - CredentialPayloadValidation.validateVcType(credentialPayload.`type`) - ) { (`@context`, `type`) => credentialPayload } - - def validateSchema[C <: CredentialPayload](credentialPayload: C)(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, C] = - val validation = - for { - resolvedSchema <- ZIO.foreach(credentialPayload.maybeCredentialSchema)(schemaResolver.resolve) - maybeDocumentValidator <- CredentialPayloadValidation - .validateCredentialSchema(resolvedSchema)(schemaToValidator) - .toZIO - maybeValidatedCredentialSubject <- CredentialPayloadValidation - .validateCredentialSubject( - credentialPayload.credentialSubject, - maybeDocumentValidator - ) - .toZIO - } yield maybeValidatedCredentialSubject - validation.map(_ => credentialPayload) - - private def validateCredentialSubjectNotEmpty(credentialSubject: Json): Validation[String, Json] = { - Validation - .fromPredicateWith("credentialSubject is empty.")(credentialSubject)(_.isObject) - } - - private def validateCredentialSubjectHasId(credentialSubject: Json): Validation[String, Json] = { - Validation - .fromPredicateWith("credentialSubject must contain id.")(credentialSubject)( - _.asObject.exists(jsonObject => jsonObject.toMap.contains("id")) - ) - } } case class JwtVc( @@ -796,28 +732,6 @@ object JwtCredential { )(_.iss) } - def validateJwtSchema( - jwt: JWT - )(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, Validation[String, Unit]] = { - val decodeJWT = - Validation.fromTry(JwtCirce.decodeRawAll(jwt.value, JwtOptions(false, false, false))).mapError(_.getMessage) - - val validatedDecodedClaim: Validation[String, JwtCredentialPayload] = - for { - decodedJwtTask <- decodeJWT - (_, claim, _) = decodedJwtTask - decodedClaim <- Validation.fromEither(decode[JwtCredentialPayload](claim).left.map(_.toString)) - } yield decodedClaim - - ValidationUtils.foreach( - validatedDecodedClaim.map(decodedClaim => - CredentialPayloadValidation.validateSchema(decodedClaim)(schemaResolver)(schemaToValidator) - ) - )(_.replicateZIODiscard(1)) - } - def validateExpiration(jwt: JWT, dateTime: OffsetDateTime): Validation[String, Unit] = { Validation .fromTry( @@ -838,19 +752,6 @@ object JwtCredential { .mapError(_.getMessage) } - def validateSchemaAndSignature( - jwt: JWT - )(didResolver: DidResolver)(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, Validation[String, Unit]] = { - for { - validatedJwtSchema <- validateJwtSchema(jwt)(schemaResolver)(schemaToValidator) - validateJwtSignature <- validateEncodedJWT(jwt)(didResolver) - } yield { - Validation.validateWith(validatedJwtSchema, validateJwtSignature)((a, _) => a) - } - } - def verifyDates(jwtPayload: JwtVerifiableCredentialPayload, leeway: TemporalAmount)(implicit clock: Clock ): Validation[String, Unit] = { diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala deleted file mode 100644 index d78e69fc0b..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala +++ /dev/null @@ -1,14 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe -import io.circe.Json -import zio.prelude.* - -class PlaceholderSchemaValidator extends SchemaValidator { - override def validate(payloadToValidate: Json): Validation[String, Json] = Validation.succeed(payloadToValidate) -} - -object PlaceholderSchemaValidator { - def fromSchema(schema: Json): Validation[String, PlaceholderSchemaValidator] = - Validation.succeed(PlaceholderSchemaValidator()) -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala deleted file mode 100644 index a10ec28fce..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala +++ /dev/null @@ -1,22 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe -import io.circe.{Encoder, Json} -import io.circe.generic.auto.* -import io.circe.syntax.* -import net.reactivecore.cjs.{DocumentValidator, Loader} -import zio.prelude.* -import zio.NonEmptyChunk - -class ReactiveCoreSchemaValidator(documentValidator: DocumentValidator) extends SchemaValidator { - override def validate(payloadToValidate: Json): Validation[String, Json] = - NonEmptyChunk - .fromIterableOption( - documentValidator.validate(payloadToValidate.asJson).violations.map(_.toString) - ) - .fold(Validation.succeed(payloadToValidate))(Validation.failNonEmptyChunk) -} -object ReactiveCoreSchemaValidator { - def fromSchema(schema: Json): Either[String, ReactiveCoreSchemaValidator] = - Loader.empty.fromJson(schema).left.map(_.message).map(a => ReactiveCoreSchemaValidator(a)) -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala deleted file mode 100644 index 886a758006..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala +++ /dev/null @@ -1,9 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe.Json -import org.hyperledger.identus.pollux.vc.jwt.CredentialSchema -import zio.IO - -trait SchemaResolver { - def resolve(credentialSchema: CredentialSchema): IO[String, Json] -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala deleted file mode 100644 index 470dfb110f..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala +++ /dev/null @@ -1,8 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe.Json -import zio.prelude.Validation - -trait SchemaValidator { - def validate(payloadToValidate: Json): Validation[String, Json] -}