Merge remote-tracking branch 'origin/main' into feat/ATL-6934

hyperledger · Aug 20, 2024 · f756442 · f756442
2 parents 5bcbe3a + d7394c8
commit f756442
Show file tree

Hide file tree

Showing 55 changed files with 1,606 additions and 611 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,146 @@
+name: Build and Publish Revision
+
+run-name: Build and Publish Cloud-Agent Revision from ${{ github.head_ref || github.ref_name }} run ${{ github.run_number }}
+
+concurrency:
+  group: build-${{ github.sha }}
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "beta"
+    paths:
+      - "cloud-agent/**"
+      - "castor/**"
+      - "connect/**"
+      - "mercury/**"
+      - "pollux/**"
+      - "shared/**"
+      - "shared-test/**"
+      - "*.sbt"
+      - "project/**"
+      - "prism-node/**"
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  build:
+    name: "Build and Publish Cloud-Agent Revision"
+    if: ${{ !contains(github.event.head_commit.message, 'chore(release)') }}
+    env:
+      GITHUB_ACTOR: "hyperledger-bot"
+      GITHUB_ACTOR_EMAIL: "[email protected]"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      JAVA_TOOL_OPTIONS: -Djava.net.preferIPv4Stack=true
+      SBT_OPTS: -Xmx2G
+
+    runs-on: ubuntu-latest
+
+    outputs:
+      COMMIT_HASH: ${{ env.COMMIT_HASH }}
+      BUILD_VERSION: ${{ env.BUILD_VERSION }}
+      REVISION_VERSION: ${{ env.REVISION_VERSION }}
+      OAS_CHECKSUM: ${{ env.OAS_CHECKSUM }}
+      OAS_PUBLISHED: ${{ steps.upload-oas.conclusion == 'success' }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Setup Java and Scala
+        uses: olafurpg/setup-scala@v14
+        with:
+          java-version: [email protected]
+
+      - uses: coursier/cache-action@v6
+        id: coursier-cache
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ env.GITHUB_ACTOR }}
+          password: ${{ env.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Get short commit hash
+        run: |
+          echo "COMMIT_HASH=${GITHUB_SHA::7}" >> $GITHUB_ENV
+
+      - name: Set build number
+        run: echo "BUILD_NUMBER=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV
+
+      - name: Extract version from version.sbt
+        id: get_version
+        run: |
+          VERSION=$(grep -Eo 'version := "[^"]+"' version.sbt | sed 's/version := "//; s/"//; s/-SNAPSHOT//')
+          REVISION_VERSION=${VERSION}-${{ env.COMMIT_HASH }} # Revision version is used for the OAS file name and client libraries
+          BUILD_VERSION=${VERSION}-${{ env.BUILD_NUMBER }}-${{ env.COMMIT_HASH }} # Build version is used for the Docker image tag
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "REVISION_VERSION=${REVISION_VERSION}" >> $GITHUB_ENV
+          echo "BUILD_VERSION=${BUILD_VERSION}" >> $GITHUB_ENV
+
+      - name: Build and push Docker image
+        run: |
+          sbt "set version := \"${{ env.BUILD_VERSION }}\"" "docker:stage"
+          docker buildx build --platform=linux/arm64,linux/amd64 --push -t ghcr.io/hyperledger/identus-cloud-agent:${{ env.BUILD_VERSION}} ./cloud-agent/service/server/target/docker/stage
+
+      - name: Trigger helm chart update
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          repository: input-output-hk/atala-prism-helm-charts
+          event-type: build-chart-package
+          client-payload: '{"version": "${{ env.BUILD_VERSION }}", "chart": "cloud-agent"}'
+
+      - name: Build Cloud-Agent Open API Specification
+        id: build-oas
+        run: |
+          sbt "cloudAgentServer/test:runMain org.hyperledger.identus.api.util.Tapir2StaticOAS ../../../cloud-agent-openapi-spec-${{ env.REVISION_VERSION}}.yaml revision"
+          checksum=$(sha256sum ./cloud-agent-openapi-spec-${{ env.REVISION_VERSION }}.yaml | awk '{ print $1 }')
+          OAS_CHECKSUM=${checksum:0:8}
+          echo "OAS_CHECKSUM=$OAS_CHECKSUM" >> $GITHUB_ENV
+
+      - name: Publish Cloud-Agent Open API Specification
+        id: upload-oas
+        uses: actions/upload-artifact@v3
+        with:
+          name: cloud-agent-openapi-spec-${{ env.OAS_CHECKSUM}}
+          path: ./cloud-agent-openapi-spec-${{ env.REVISION_VERSION}}.yaml
+          overwrite: true
+          compression-level: 0
+
+      - name: Set outputs
+        id: set_outputs
+        run: |
+          echo "COMMIT_HASH=${{ env.COMMIT_HASH }}" >> $GITHUB_ENV
+          echo "BUILD_VERSION=${{ env.BUILD_VERSION }}" >> $GITHUB_ENV
+          echo "REVISION_VERSION=${{ env.REVISION_VERSION }}" >> $GITHUB_ENV
+          echo "OAS_CHECKSUM=${{ env.OAS_CHECKSUM }}" >> $GITHUB_ENV
+          echo "OAS_PUBLISHED=${{ env.OAS_PUBLISHED }}" >> $GITHUB_ENV
+
+  build-and-publish-clients:
+    needs: build
+    if: needs.build.outputs.OAS_PUBLISHED
+    uses: ./.github/workflows/release-clients.yml
+    secrets: inherit
+    with:
+      revision: ${{ needs.build.outputs.REVISION_VERSION }}
+      check_sum: ${{ needs.build.outputs.OAS_CHECKSUM }}
diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
diff --git a/.github/workflows/release-clients.yml b/.github/workflows/release-clients.yml
@@ -1,26 +1,45 @@
 name: Publish Identus-cloud-agent clients
 
+run-name: Build and publish Identus Cloud Agent clients from from ${{ github.head_ref || github.ref_name }} run ${{ github.run_number }}
+
 on:
+  workflow_call:
+    inputs:
+      revision:
+        description: "Revision to build and publish clients (e.g. 1.33.0-a3j4456-1)"
+        required: true
+        type: string
+      check_sum:
+        description: "Checksum of the OAS specification"
+        required: true
+        type: string
   workflow_dispatch:
     inputs:
       releaseTag:
         description: "Tag to release clients (e.g. cloud-agent-v1.33.0)"
-        required: true
+        required: false
+        type: string
+      revision:
+        description: "Revision to build and publish clients (e.g. 1.33.0-a3j4456-1)"
+        required: false
+        type: string
+      check_sum:
+        description: "Checksum of the OAS specification"
+        required: false
         type: string
   push:
     tags:
       - "cloud-agent-v*"
 
 permissions:
-  contents: read
+  contents: write
   packages: write
 
 jobs:
   publish-clients:
     name: "Build and publish Identus Cloud Agent clients"
     runs-on: ubuntu-latest
     env:
-      VERSION_TAG: ${{inputs.releaseTag || github.ref_name}}
       GITHUB_ACTOR: "hyperledger-bot"
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
       NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -54,6 +73,29 @@ jobs:
       - name: Setup yq - portable yaml processor
         uses: mikefarah/[email protected]
 
+      - name: Delete existing Open API specification
+        if: ${{ !inputs.releaseTag }}
+        run: |
+          echo "Current directory: $(pwd)"
+          rm -f ./cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml
+
+      - name: Download OpenAPI specification
+        if: ${{ !inputs.releaseTag }}
+        uses: actions/download-artifact@v3
+        with:
+          name: cloud-agent-openapi-spec-${{ inputs.check_sum }}
+          path: ./cloud-agent/service/api/http
+
+      - name: Rename OpenAPI specification
+        working-directory: cloud-agent/service/api/http
+        run: |
+          mv cloud-agent-openapi-spec-${{ inputs.revision }}.yaml cloud-agent-openapi-spec.yaml
+
+      - name: Set revision version
+        if: ${{ !inputs.releaseTag }}
+        working-directory: cloud-agent/client/generator
+        run: yarn version --new-version ${{ inputs.revision }} --no-git-tag-version
+
       - name: Install generator dependencies
         working-directory: cloud-agent/client/generator
         run: yarn install
@@ -62,6 +104,23 @@ jobs:
         working-directory: cloud-agent/client/generator
         run: yarn generate:all
 
+      - name: Set version for clients
+        run: |
+          if [ -z "${{ github.event.inputs.releaseTag }}" ]; then
+              echo "VERSION_TAG=cloud-agent-v${{ inputs.revision }}" >> $GITHUB_ENV
+          else
+              echo "VERSION_TAG=${{ github.event.inputs.releaseTag }}" >> $GITHUB_ENV
+          fi
+
       - name: Publish clients
         working-directory: cloud-agent/client/generator
-        run: yarn publish:clients
+        env:
+          VERSION_TAG: ${{ env.VERSION_TAG }}
+        run: |
+          if [ -z "${{ github.event.inputs.releaseTag }}" ]; then
+            echo "Using revision version for publishing: ${VERSION_TAG}"
+            yarn publish:clients
+          else
+            echo "Using release tag for publishing: ${VERSION_TAG}"
+            yarn publish:clients
+          fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,18 +4,7 @@ concurrency:
   group: release
 
 on:
-  workflow_call:
-    inputs:
-      release-branch:
-        required: false
-        type: string
-        default: "main"
   workflow_dispatch:
-    inputs:
-      release-branch:
-        description: "Branch to release from"
-        required: false
-        default: "main"
 
 jobs:
   release:
@@ -33,46 +22,45 @@ jobs:
       contents: write
       packages: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          ref: ${{ github.event.inputs.release-branch }}
           fetch-depth: 0
           persist-credentials: false
+
       - name: Setup Java and Scala
         uses: olafurpg/setup-scala@v14
         with:
           java-version: [email protected]
+
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: "lts/*"
-      - name: Setup Helm
-        uses: azure/setup-helm@v3
-        with:
-          version: "3.12.2" # default is latest (stable)
-        id: install
-      - name: Setup yq - portable yaml processor
-        uses: mikefarah/[email protected]
-      - uses: crazy-max/ghaction-import-gpg@v3
+
+      - uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
-          gpg-private-key: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+          gpg_private_key: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
           passphrase: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
-          git-user-signingkey: true
-          git-commit-gpgsign: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
           git_config_global: true
-          git_tag_gpgsign: true
+          git_tag_gpgsign: false
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ env.GITHUB_ACTOR }}
           password: ${{ env.GITHUB_TOKEN }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Release
         env:
           GIT_AUTHOR_EMAIL: ${{ steps.import_gpg.outputs.email }}
@@ -83,3 +71,15 @@ jobs:
         run: |
           npm install
           npx semantic-release
+
+      - name: Get release version
+        id: get_version
+        run: echo "RELEASE_VERSION=$(cat .release-version)" >> $GITHUB_ENV
+
+      - name: Trigger helm chart update
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          repository: input-output-hk/atala-prism-helm-charts
+          event-type: build-chart-package
+          client-payload: '{"version": "${{ env.RELEASE_VERSION }}", "chart": "cloud-agent"}'