Skip to content

demo creds #1324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
Open

demo creds #1324

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
d8b893b
feat: added birth & hunt schemas
jorgenavben Sep 1, 2025
1718234
feat: added rome cred & improved birth certificate
jorgenavben Sep 1, 2025
eb1161c
feat: added "u" field to schemas
jorgenavben Sep 1, 2025
2153b2d
fix(cred-serv): private issuance
iFergal Sep 2, 2025
ded1d02
fix(cred-ui): issue UI for schema with lots of attributes
iFergal Sep 2, 2025
41a5827
build: old signify
iFergal Sep 2, 2025
0861c51
chore: commit lock file
iFergal Sep 2, 2025
2a71e7c
fix: request presentation bugs
iFergal Sep 4, 2025
bf09125
fix(ui): Credential UI not passing presentation attributes to server …
Sotatek-DukeVu Aug 5, 2025
b0d1467
feat(cred-serv): reeve credential
iFergal Sep 23, 2025
1e53859
fix(cred-serv): include new schema in const files mapper
iFergal Sep 23, 2025
635a9ff
chore(gha): replace pull_request_target with pull_request
rcmorano Sep 24, 2025
4530852
feat(cred-serv): OOR credential issuance
iFergal Sep 29, 2025
00f262d
fix(core): recursively resolve schemas
iFergal Sep 29, 2025
2b5f366
chore(gha): align with main branch
rcmorano Sep 29, 2025
ece7042
chore(package-lock): bump sha.js depend to fix a critical sec issue
rcmorano Sep 29, 2025
73abd1a
chore(gha): trigger build
rcmorano Oct 1, 2025
5f119cd
feat: implement presentation verification and request handling (#1367)
Sotatek-DucPhung Oct 1, 2025
f9ae79d
fix(cred-serv): post merge fix rename of signifyclient var in express
iFergal Oct 1, 2025
262bde4
fix(cred-serv): skip presentation requests for deleted connections
iFergal Oct 1, 2025
88faca1
feat(cred-ui): credential presentation details (request and response)…
Sotatek-DucPhung Oct 3, 2025
1ec0a49
Merge remote-tracking branch 'origin/main' into feat/birth-fishing-cred
iFergal Oct 3, 2025
7e072af
chore: trigger builds
iFergal Oct 3, 2025
3343f31
fix(core): recursive schema resolve should return correctly with no e…
iFergal Oct 6, 2025
9410ef0
fix(cred-serv): properly fail on OOBI errors
iFergal Oct 6, 2025
d52ae2f
debug logs
iFergal Oct 6, 2025
a23a2b0
more debug logs
iFergal Oct 6, 2025
565486c
fix(cred-serv): ensure OOR-AUTH issuance completes, and remove flakey…
iFergal Oct 6, 2025
32d25a7
fix(cred-ui): presentation request modal text
iFergal Oct 7, 2025
8354d8f
feat(cred-serv): add cardano-metadata signer
iFergal Nov 4, 2025
cc68ed1
Revert "feat(cred-serv): add cardano-metadata signer"
iFergal Nov 4, 2025
9bbe6e4
Revert "Revert "feat(cred-serv): add cardano-metadata signer""
iFergal Nov 7, 2025
280d51d
fix(cred-serv): cardano-metadata signer schema shouldnt have required…
iFergal Nov 7, 2025
7b34a77
correct schema
iFergal Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions .github/workflows/docker-builds.yaml → ...s/build-and-publish-docker-artifacts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build and publish docker artifacts
name: build-and-publish-docker-artifacts

###############################################################################
# WARNING:
Expand All @@ -15,7 +15,7 @@ on:
- 'release/**'
tags:
- '[0-9]+.[0-9]+.[0-9]+*'
pull_request_target:
pull_request:
types: [ opened, synchronize ]
paths:
- 'Earthfile'
Expand Down Expand Up @@ -61,7 +61,7 @@ jobs:
matrix: ${{fromJson(needs.set-matrix.outputs.matrix)}}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0

Expand Down Expand Up @@ -124,7 +124,12 @@ jobs:

if [ "$TRIGGERING_REF" == "pr" ]
then

# At this point cf-gha-baseline has already checked out the PR input and failed the pipeline, but leaving this here for extra safety in case of future changes
if [[ ! '${{ github.event.pull_request.head.repo.full_name }}' =~ ^[a-zA-Z0-9._/-]+$ ]] || [[ ! '${{ github.event.pull_request.head.ref }}' =~ ^[a-zA-Z0-9._/-]+$ ]];
then
echo "[!] Invalid PR branch or repo name (!= ^[a-zA-Z0-9._/-]+\$). Aborting for security reasons."
exit 1
fi
if [ "$IS_PR_FROM_FORK" == "true" ]; then
echo "External PR detected: fetching branch from $PR_HEAD_REPO"
git fetch https://github.com/${PR_HEAD_REPO}.git "$PR_HEAD_REF"
Expand Down
41 changes: 41 additions & 0 deletions .github/workflows/build-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: build-test

on:
pull_request:
types: [ opened, synchronize ]
push:
branches:
- main
- develop
- release/**

env:
NODE_OPTIONS: "--max_old_space_size=8192"

jobs:
build-test:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v5
with:
submodules: recursive

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"

- name: Install dependencies
run: npm ci

- name: Run ESLint (Core Only)
run: npx eslint src/core --ext .ts,.tsx

- name: Run unit tests

run: npm run test

- name: 🔨 Build project
run: npm run build
54 changes: 54 additions & 0 deletions .github/workflows/dependency-check-google-osv.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: dependency-check-google-osv

on:
push:
paths: &shared-trigger-paths
- 'package.json'
- 'package-lock.json'
- 'ios/**'
- 'android/**'
- '**/*.gradle'
- '**/Podfile*'
- '**/Package*.swift'
- '.github/dependency-check-google-osv.yaml'
branches:
- main
- develop
- 'releases/**'
pull_request:
types: [ opened, synchronize ]
paths: *shared-trigger-paths
workflow_dispatch:

jobs:
set-gitignore-artifact:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
submodules: recursive

- name: Ignore services folder
run: |
echo 'services/*' >> .gitignore

- name: Upload .gitignore artifact
uses: actions/upload-artifact@v4
with:
name: gitignore-artifact
include-hidden-files: true
path: .gitignore

depcheck:
permissions:
actions: read
security-events: write
contents: read
needs: set-gitignore-artifact
uses: "google/osv-scanner-action/.github/workflows/[email protected]"
with:
download-artifact: gitignore-artifact
scan-args: |-
--recursive
./
56 changes: 56 additions & 0 deletions .github/workflows/dependency-check-npm-audit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: dependency-check-npm-audit

on:
pull_request:
paths: &shared-trigger-paths
- 'package.json'
- 'package-lock.json'
- '.github/workflows/dependency-check-npm-audit.yaml'
types: [ opened, synchronize ]
push:
paths: *shared-trigger-paths
branches:
- main
- develop
- release/**

env:
NODE_OPTIONS: "--max_old_space_size=8192"

jobs:
depcheck:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v5
with:
submodules: recursive

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"

- name: Run npm audit
env:
AUDIT_CI_VERSION: latest
run: |
# We always save the report so it's uploaded to the Security tab
npx -y audit-ci@${AUDIT_CI_VERSION} --report --report-type full --config audit-ci.jsonc -o json > audit.json || true
# We run it again in text mode to have a better output in the logs and let it fail if there are vulnerabilities (criticity set in audit-ci.jsonc)
npx -y audit-ci@${AUDIT_CI_VERSION} --report --report-type full --config audit-ci.jsonc

- name: Convert npm audit results to SARIF
if: always()
run: |
npx npm-audit-sarif audit.json > audit.sarif.json
# potentially fix levels that are not recognized by GitHub
jq '(.runs[].results[] | select(.level != "none" and .level != "note" and .level != "warning" and .level != "error") | .level) |= "warning"' audit.sarif.json > fixed-audit.sarif.json
mv fixed-audit.sarif.json audit.sarif.json

- name: Upload SARIF file to GitHub Security tab
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: audit.sarif.json
54 changes: 54 additions & 0 deletions .github/workflows/dependency-check-owasp-android.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: dependency-check-owasp-android

on:
push:
paths: &shared-trigger-paths
- "android/**"
- "**/*.gradle"
- "**/gradle*.properties"
- ".github/workflows/dependency-check-owasp-android.yml"
branches:
- main
- develop
- 'releases/**'
pull_request:
paths: *shared-trigger-paths
types: [ opened, synchronize ]

jobs:
depcheck:
runs-on: ubuntu-latest

permissions:
contents: read
security-events: write

env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}

steps:
- uses: actions/checkout@v5
with:
submodules: recursive

# Run OWASP Dependency-Check via the official Action
- name: Run Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
with:
project: "veridian-wallet-android"
path: "android"
format: "ALL"
out: "reports"
args: "--failOnCVSS 7 --nvdApiKey ${{ env.NVD_API_KEY }} --disableCentral"
continue-on-error: false

- name: Upload HTML report
uses: actions/upload-artifact@v4
with:
name: depcheck-android-report
path: "reports/dependency-check-report.html"

- name: Upload SARIF to code scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "reports/dependency-check-report.sarif"
54 changes: 54 additions & 0 deletions .github/workflows/dependency-check-owasp-ios.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: dependency-check-owasp-ios

on:
push:
paths: &shared-trigger-paths
- "ios/**"
- "**/Podfile*"
- "**/Package*.swift"
- ".github/workflows/dependency-check-owasp-ios.yml"
branches:
- main
- develop
- 'releases/**'
pull_request:
paths: *shared-trigger-paths
types: [ opened, synchronize ]

jobs:
depcheck:
runs-on: ubuntu-latest

permissions:
contents: read
security-events: write

env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}

steps:
- uses: actions/checkout@v5
with:
submodules: recursive

# Run OWASP Dependency-Check via the official Action
- name: Run Dependency-Check
uses: dependency-check/Dependency-Check_Action@main
with:
project: "veridian-wallet-ios"
path: "ios"
format: "ALL"
out: "reports"
args: "--failOnCVSS 7 --nvdApiKey ${{ env.NVD_API_KEY }}"
continue-on-error: false

- name: Upload HTML report
uses: actions/upload-artifact@v4
with:
name: depcheck-ios-report
path: "reports/dependency-check-report.html"

- name: Upload SARIF to code scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "reports/dependency-check-report.sarif"
6 changes: 4 additions & 2 deletions .github/workflows/e2e_mobile_tests.yaml → .github/workflows/e2e-mobile-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: e2e mobile tests
name: e2e-mobile-tests
on:
workflow_dispatch:
jobs:
Expand All @@ -7,10 +7,12 @@ jobs:
runs-on: [self-hosted, macOS, ARM64]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: 🦾 Create .env file
run: |
echo APP_PATH=$HOME/Documents/xcode/DerivedData/Build/Products/Debug-iphonesimulator/App.app > .env

- name: Setup node
uses: actions/setup-node@v4
with:
Expand Down
46 changes: 0 additions & 46 deletions .github/workflows/gh-verify-branch.yaml
View file
Open in desktop

This file was deleted.

Loading
Loading