ci: reconfigure CI to use the Hyperledger secrets (#328)

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # code
-* @FabioPinheiro @mineme0110
+* @FabioPinheiro @mineme0110 @patlo-iog @yshyn-iohk @bvoiturier @shotexa @CryptoKnightIOG
 
 # E2E tests:
 /tests/ @amagyar-iohk

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,9 +6,9 @@ Link to any discussion, related issues, and bug reports to give the context and
 Link to existing ADR (Architecture Decision Record), if any. If relevant, describe other approaches explored and the selected approach. Documenting why the methods were not selected will create a knowledge base for future reference, helping prevent others from revisiting less optimal ideas.
 
 ### Checklist: 
-- [] My PR follows the contribution guidelines of this project
-- [] My PR is free of third-party dependencies that don't comply with the [Allowlist](https://toc.hyperledger.org/governing-documents/allowed-third-party-license-policy.html#approved-licenses-for-allowlist)
-- [] I have commented my code, particularly in hard-to-understand areas
-- [] I have made corresponding changes to the documentation
-- [] I have added tests that prove my fix is effective or that my feature works
-- [] I have checked the PR title to follow the [conventional commit specification](https://www.conventionalcommits.org/en/v1.0.0/)
+- [ ] My PR follows the contribution guidelines of this project
+- [ ] My PR is free of third-party dependencies that don't comply with the [Allowlist](https://toc.hyperledger.org/governing-documents/allowed-third-party-license-policy.html#approved-licenses-for-allowlist)
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] I have checked the PR title to follow the [conventional commit specification](https://www.conventionalcommits.org/en/v1.0.0/)

.github/workflows/integration-tests.yml

@@ -15,15 +15,20 @@ defaults:
   run:
     shell: bash
 
+permissions:
+  contents: read
+  packages: write
+  actions: write
+  pull-requests: write
+  checks: write
+
 jobs:
   run-integration-tests:
     name: "Run integration tests"
     runs-on: ubuntu-latest
     env:
-      GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }}
-      GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }}
-      ATALA_GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }}
-      ATALA_GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }}
+      GITHUB_ACTOR: "hyperledger-bot"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       REPORTS_DIR: "didcomm-v2-mediator-test-suite/target/site/serenity"
       DIDCOMM_V2_TESTSUITE_VERSION: "d5aac249b6e420f6cce6e842565dd05f994f729f"
       MEDIATOR_DID: "did:peer:2.Ez6LSghwSE437wnDE1pt3X6hVDUQzSjsHzinpX3XFvMjRAm7y.Vz6Mkhh1e5CEYYq6JBUcTZ6Cp2ranCWRrv7Yax3Le4N59R6dd.SeyJ0IjoiZG0iLCJzIjp7InVyaSI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsImEiOlsiZGlkY29tbS92MiJdfX0.SeyJ0IjoiZG0iLCJzIjp7InVyaSI6IndzOi8vbG9jYWxob3N0OjgwODAvd3MiLCJhIjpbImRpZGNvbW0vdjIiXX19"
@@ -55,8 +60,8 @@ jobs:
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
-          username: ${{ secrets.ATALA_GITHUB_ACTOR }}
-          password: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          username: ${{ env.GITHUB_ACTOR }}
+          password: ${{ env.GITHUB_TOKEN }}
 
       - name: Install Compose
         uses: ndeloof/install-compose-action@v0.0.1

.github/workflows/pr-title-lint.yml

@@ -0,0 +1,20 @@
+name: "Validate the PR title to follow the conventional commits"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate PR Title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -17,59 +17,82 @@ on:
         required: false
         default: "main"
 
+permissions:
+  contents: write
+  packages: write
+
 jobs:
   release:
     env:
-      GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }}
-      GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }}
+      GITHUB_ACTOR: "hyperledger-bot"
+      GITHUB_ACTOR_EMAIL: "hyperledger-bot@hyperledger.org"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
-          token: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          token: ${{ secrets.IDENTUS_CI }}
           ref: ${{ github.event.inputs.release-branch }}
           fetch-depth: 0
+
       - name: Setup Java and Scala
-        uses: olafurpg/setup-scala@v13
+        uses: olafurpg/setup-scala@v14
         with:
           java-version: openjdk@1.11
+
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
           node-version: "lts/*"
+
       - name: Setup Helm
         uses: azure/setup-helm@v3
         with:
-          version: "3.12.2" # default is latest (stable)    
+          version: "3.12.2" # default is latest (stable)
+
       - name: Setup yq - portable yaml processor
         uses: mikefarah/yq@v4.34.2
+
       - name: Setup Scala.JS
         uses: japgolly/setup-scalajs@v1
+
       - name: Cache sbt
         uses: coursier/cache-action@v6.3
-      - uses: crazy-max/ghaction-import-gpg@v3
+
+      - uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
-          git-user-signingkey: true
-          git-commit-gpgsign: true
+          gpg_private_key: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+          passphrase: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+          git_config_global: true
+          git_tag_gpgsign: false
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
-          username: ${{ secrets.ATALA_GITHUB_ACTOR }}
-          password: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          username: ${{ env.GITHUB_ACTOR }}
+          password: ${{ env.GITHUB_TOKEN }}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Release
         env:
           GIT_AUTHOR_EMAIL: ${{ steps.import_gpg.outputs.email }}
           GIT_COMMITTER_EMAIL: ${{ steps.import_gpg.outputs.email }}
           GIT_AUTHOR_NAME: ${{ steps.import_gpg.outputs.name }}
           GIT_COMMITTER_NAME: ${{ steps.import_gpg.outputs.name }}
+          GITHUB_TOKEN: ${{ secrets.IDENTUS_CI }}
         run: |
           npm install
+          sed -i 's/\( FIRST_RELEASE\) = "1.0.0"/\1 = "0.15.0"/' node_modules/semantic-release/lib/definitions/constants.js
+          sed -i 's/\( FIRSTPRERELEASE\) = "1"/\1 = "0"/' node_modules/semantic-release/lib/definitions/constants.js
           npx semantic-release

.github/workflows/scala-steward.yml

@@ -6,29 +6,35 @@ on:
 
 name: Scala Steward
 
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
 jobs:
   scala-steward:
     runs-on: ubuntu-latest
     name: Scala Steward
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up JDK 11
         uses: actions/setup-java@v2
         with:
           distribution: "temurin"
           java-version: "11"
 
-      - name: Import GPG key
+      - name: Install GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
-        #https://github.com/crazy-max/ghaction-import-gpg
-        uses: crazy-max/ghaction-import-gpg@v4
         with:
-          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-          git_config_global: true
+          gpg_private_key: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+          passphrase: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
           git_user_signingkey: true
           git_commit_gpgsign: true
+          git_config_global: true
+          git_tag_gpgsign: false
 
       - name: GPG user IDs
         run: |
@@ -40,10 +46,12 @@ jobs:
       - name: Launch Scala Steward
         uses: scala-steward-org/scala-steward-action@v2
         env:
-          GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          github-token: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sign-commits: true
+          signing-key: ${{ steps.import_gpg.outputs.keyid }}
           author-email: ${{ steps.import_gpg.outputs.email }}
           author-name: ${{ steps.import_gpg.outputs.name }}
-          sign-commits: true
           branches: main
+          repo-config: .scala-steward.conf

CHANGELOG.md

@@ -1,3 +1,10 @@
+# [0.15.0-beta.2](https://github.com/hyperledger/identus-mediator/compare/v0.15.0-beta.1...v0.15.0-beta.2) (2024-07-10)
+
+
+### Bug Fixes
+
+* Hyperledger Bot DCO ([0d9ca67](https://github.com/hyperledger/identus-mediator/commit/0d9ca67950dedca5c6f4389b17a70fd496073df3))
+
 ## [0.14.2](https://github.com/input-output-hk/atala-prism-mediator/compare/prism-mediator-v0.14.1...prism-mediator-v0.14.2) (2024-04-04)