Merge branch 'main' into readme-update

.github/actions/gradle-setup-action/action.yml

@@ -0,0 +1,23 @@
+name: Configure gradle
+description: Composite Action to setup gradle
+runs:
+  using: "composite"
+  steps:
+    - name: Setup cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+    - name: Setup JDK
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '21'
+    - name: Gradle wrapper validation
+      uses: gradle/actions/wrapper-validation@v4
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v4

.github/workflows/build-docker.yml

@@ -51,7 +51,7 @@ jobs:
             image: portal
           }
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Login to Docker Hub
         if: ${{ inputs.publish }}
         uses: docker/login-action@v2

.github/workflows/build-gradle.yml

@@ -23,38 +23,20 @@ jobs:
         with:
           tool-cache: false
           docker-images: false
-      - uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Configure gradle
+        uses: ./.github/actions/gradle-setup-action@266f5c09359450c39019a6da38f2b331e7122918
       - name: Set version
         run: |
           sed -i "s/1.0.0-SNAPSHOT/${{ inputs.version }}/g" build.gradle.kts
-      - name: Setup cache
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-      - name: Setup java
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-      - name: Gradle wrapper validation
-        uses: gradle/wrapper-validation-action@v3
-      - name: Set gradle build publish arguments
-        id: publish-arguments
-        run: |
-          if [ "${{ inputs.publish }}" == "true" ]; then
-            echo "arguments=publish" >> $GITHUB_OUTPUT
-          else
-            echo "arguments=" >> $GITHUB_OUTPUT
-          fi
-      - name: Running gradle build
-        uses: eskatos/gradle-command-action@v3
+      - name: Assemble the project
+        run: ./gradlew assemble --no-daemon
+      - name: Run the tests
+        run: ./gradlew test --no-daemon
+      - name: Publish
+        if: ${{ inputs.publish }}
         env:
           MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
-        with:
-          arguments: build ${{ steps.publish-arguments.outputs.arguments }} --no-daemon
+        run: ./gradlew publish --no-daemon

.github/workflows/build.yml

@@ -7,14 +7,14 @@ on:
 
 jobs:
   version:
-    uses: walt-id/waltid-identity/.github/workflows/version.yml@c69d2155372700071dad887fa6339b51e0266be5
+    uses: walt-id/waltid-identity/.github/workflows/version.yml@266f5c09359450c39019a6da38f2b331e7122918
   gradle-build:
-    uses: walt-id/waltid-identity/.github/workflows/build-gradle.yml@c69d2155372700071dad887fa6339b51e0266be5
+    uses: walt-id/waltid-identity/.github/workflows/build-gradle.yml@266f5c09359450c39019a6da38f2b331e7122918
     needs: version
     with:
       version: ${{ needs.version.outputs.release_version }}
   docker-build:
-    uses: walt-id/waltid-identity/.github/workflows/build-docker.yml@c69d2155372700071dad887fa6339b51e0266be5
+    uses: walt-id/waltid-identity/.github/workflows/build-docker.yml@266f5c09359450c39019a6da38f2b331e7122918
     needs: version
     with:
       version: ${{ needs.version.outputs.release_version }}

.github/workflows/changelog.yml

@@ -1,10 +1,10 @@
-name: Create changelog with tag (reusable workflow)
+name: Create changelog (reusable workflow)
 
 on:
   workflow_call:
     inputs:
-      version:
-        description: "release version"
+      tag:
+        description: "tag name"
         required: true
         type: string
 
@@ -13,16 +13,13 @@ jobs:
     name: Create
     runs-on: ubuntu-latest
     steps:
-      - run: |
-          git tag v${{ inputs.version }}
-          git push --tags
       - name: Changelog
         uses: ardalanamini/auto-changelog@v4
         id: changelog
         with:
-          github-token: ${{ github.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           default-commit-type: Other Changes
-          release-name: v${{ inputs.version }}
+          release-name: ${{ inputs.tag }}
           mention-authors: true
           mention-new-contributors: true
           include-compare-link: true
@@ -33,7 +30,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: v${{ inputs.version }}
+          tag_name: ${{ inputs.tag }}
 #          body: |
 #            ${{ steps.changelog.outputs.changelog }}
           prerelease: ${{ steps.changelog.outputs.prerelease }}

.github/workflows/deployment.yml

@@ -13,44 +13,58 @@ on:
         type: string
         default: "dev"
       namespace:
-        description: "deployment namespace (defaults to dev)"
+        description: "deployment namespace (defaults to test-identity-main)"
         required: false
         type: string
-        default: "dev"
+        default: "test-identity-main"
       portals:
-        description: "deployment namespace for portal related services (defaults to dev)"
+        description: "deployment namespace for portal related services (defaults to test-identity-main)"
         required: false
         type: string
-        default: "dev"
+        default: "test-identity-main"
+      kubeconfig_secret:
+        description: "The name of the kubeconfig secret to use (defaults to 'AKS_KUBE_CONFIG')"
+        required: false
+        type: string
+        default: "AKS_KUBE_CONFIG"
 
 jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
     env:
       IMAGE_TAG: ${{ inputs.version }}
-      PORTALS: ${{ inputs.portals }}
-      NAMESPACE: ${{ inputs.namespace }}
       KEYCLOAK: ${{ secrets.DEV_KEYCLOAK_CLIENT_SECRET }}
     strategy:
       matrix:
-        services: [
-          { kube: waltid-services/waltid-issuer-api/k8s, name: issuer, namespace: $PORTALS },
-          { kube: waltid-services/waltid-verifier-api/k8s, name: verifier, namespace: $PORTALS },
-          { kube: waltid-services/waltid-wallet-api/k8s, name: web-wallet, namespace: $NAMESPACE, keycloak: $KEYCLOAK },
-          { kube: waltid-applications/waltid-web-portal/k8s, name: portal, namespace: $PORTALS }
-        ]
+        services:
+          - k8s: waltid-services/waltid-issuer-api/k8s
+            name: issuer
+            namespace: ${{ inputs.portals }}
+          - k8s: waltid-services/waltid-verifier-api/k8s
+            name: verifier
+            namespace: ${{ inputs.portals }}
+          - k8s: waltid-services/waltid-wallet-api/k8s
+            name: web-wallet
+            namespace: ${{ inputs.namespace }}
+            keycloak: true
+          - k8s: waltid-applications/waltid-web-portal/k8s
+            name: portal
+            namespace: ${{ inputs.portals }}
     steps:
+      - uses: actions/checkout@v4
       - name: Prepare CD - ${{ matrix.services.name }}
         run: |
-          sed "s/_DEFAULT_DEPLOYMENT_/$GITHUB_SHA/g" ${{ matrix.services.kube }}/deployment-${{ inputs.deployment }}.yaml > ${{ matrix.services.kube }}/deployment_mod.yaml |
-          sed "s/__DEFAULT_IMAGE_TAG__/$IMAGE_TAG/g" > ${{ matrix.services.kube }}/deployment_mod.yaml |
-          if [ "${{ matrix.services.keycloak }}" != "" ]; then
-            sed "s/__DEFAULT_KEYCLOAK_CLIENT_SECRET__/${{ matrix.services.keycloak }}/g" > ${{ matrix.services.kube }}/deployment_mod.yaml
+          modified_deployment=$(sed "s/_DEFAULT_DEPLOYMENT_/$GITHUB_SHA/g" ${{ matrix.services.k8s }}/deployment-${{ inputs.deployment }}.yaml | \
+                                sed "s/__DEFAULT_IMAGE_TAG__/$IMAGE_TAG/g")
+          if [ "${{ matrix.services.keycloak }}" == true ]; then
+            echo "$modified_deployment" | sed "s/__DEFAULT_KEYCLOAK_CLIENT_SECRET__/$KEYCLOAK/g" > ${{ matrix.services.k8s }}/deployment_mod.yaml
+          else
+            echo "$modified_deployment" > ${{ matrix.services.k8s }}/deployment_mod.yaml
           fi
       - name: Continuous deployment - ${{ matrix.services.name }}
         uses: actions-hub/kubectl@master
         env:
-          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+          KUBE_CONFIG: ${{ secrets[inputs.kubeconfig_secret] }}
         with:
-          args: apply -n ${{ matrix.services.namespace }} -f ${{ matrix.services.kube }}/deployment_mod.yaml
+          args: apply -n ${{ matrix.services.namespace }} -f ${{ matrix.services.k8s }}/deployment_mod.yaml

.github/workflows/ebsictv3.yml

@@ -0,0 +1,76 @@
+name: EBSI Conformance Test v3.2
+
+on:
+  push:
+    paths:
+      - 'waltid-libraries/credentials/**'
+      - 'waltid-libraries/crypto/**'
+      - 'waltid-libraries/protocols/**'
+      - 'waltid-libraries/waltid-did/**'
+      - 'waltid-services/services/waltid-issuer-api/**'
+      - '.github/workflows/**'
+
+jobs:
+  EBSI-Conformance-Test-v3:
+    runs-on: ubuntu-latest
+    steps:
+      - name: The EBSI Conformance Test v3.2 job is starting
+        run: |
+          echo -e "🔎 The EBSI Conformance Test v3.2 job is starting\n"
+
+      - name: Check EBSI Conformance API Status
+        run: |
+          echo "Checking if the API is available..."
+          RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" https://api-conformance.ebsi.eu/did-registry/v5/identifiers/did:ebsi:zf39qHTXaLrr6iy3tQhT3UZ)
+          if [ "$RESPONSE" -ne 200 ]; then
+            echo "EBSI Conformance API is down. Exiting workflow with success. ✅"
+            exit 0  # Exit the workflow successfully
+          else
+            echo "EBSI Conformance API is up. Proceeding with tests."
+          fi
+
+      - name: Docker
+        run: docker --version
+
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - name: Start ngrok tunnel
+        run: |
+          docker run --net=host -d -it -e NGROK_AUTHTOKEN=${{ secrets.NGROK_AUTH_TOKEN }} ngrok/ngrok:latest http 7002           
+          sleep 2s
+
+      - name: Update config files and start Issuer API
+        run: |
+          NGROK_URL=$(curl --retry 5 --retry-delay 5 --retry-connrefused -s http://127.0.0.1:4040/api/tunnels | jq -r '.tunnels[0].public_url')
+          
+          if [[ -z "$NGROK_URL" ]]; then
+            echo "Error: Failed to fetch ngrok URL. Exiting..."
+          exit 1
+          fi
+
+          echo "The ngork url is ${NGROK_URL}\n"       
+
+          sed -i 's|readonly ISSUER_URL=".*"|readonly ISSUER_URL="'"${NGROK_URL}"'"|g' .github/workflows/ebsictv3/EBSICTV3-IssueToHolder.sh
+          sed -i 's|baseUrl = ".*"|baseUrl = "'"${NGROK_URL}"'"|g' waltid-services/waltid-issuer-api/config/issuer-service.conf
+
+          docker build -t waltid/issuer-api:latest -f waltid-services/waltid-issuer-api/Dockerfile .
+          docker run --net=host -d -v $PWD/waltid-services/waltid-issuer-api/config:/waltid-issuer-api/config --name waltid-issuer-api waltid/issuer-api:latest
+          
+          curl --retry 5 --retry-delay 5 --retry-connrefused http://localhost:7002/livez
+
+          ISSUER_URL=$(curl --retry 5 --retry-delay 5 --retry-connrefused http://localhost:7002/draft11/.well-known/openid-credential-issuer | jq -r '.issuer')
+
+          if [[ "$ISSUER_URL" == "${NGROK_URL}/draft11" ]]; then
+            echo -e "\nIssuer URL is valid: ${ISSUER_URL}\n"
+          else
+            echo -e "\nIssuer URL is invalid (matches forbidden value): $ISSUER_URL and "${NGROK_URL}/draft11"\n"
+            exit 1
+          fi
+
+      - name: Execute test scripts
+        env:
+          EBSI_CT_PRIVATE_KEY_PARAM: "${{ secrets.EBSI_CT_PRIVATE_KEY_PARAM }}"
+        run: |
+          chmod +x .github/workflows/ebsictv3/EBSICTV3-IssueToHolder.sh
+          ./.github/workflows/ebsictv3/EBSICTV3-IssueToHolder.sh