Merge branch 'main' into feature/keylist-webhooks

Author: dbluhm

.github/workflows/codeql.yml

@@ -10,6 +10,7 @@ jobs:
   CodeQL-Build:
     # CodeQL runs on ubuntu-latest and windows-latest
     runs-on: ubuntu-latest
+    if: (github.event_name == 'pull_request' && github.repository == 'hyperledger/aries-cloudagent-python') || (github.event_name != 'pull_request')
 
     steps:
       - name: Checkout repository

.github/workflows/pip-audit.yml

@@ -0,0 +1,23 @@
+name: pip-audit
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  selftest:
+    runs-on: ubuntu-latest
+    if: (github.event_name == 'pull_request' && github.repository == 'hyperledger/aries-cloudagent-python') || (github.event_name != 'pull_request')
+    steps:
+      - uses: actions/checkout@v3
+      - name: install
+        run: |
+          python -m venv env/
+          source env/bin/activate
+          python -m pip install .
+      - uses: trailofbits/gh-action-pip-audit@v0.0.4
+        with:
+          virtual-environment: env/
+          local: true

CHANGELOG.md

@@ -1,40 +1,34 @@
-# 0.7.4-RC4
+# 0.7.4
 
-## June 21, 2022
+## June 30, 2022
 
-**NOTE:** 0.7.4-rc4 contains a fix for a revocation-related issue introduced in
-0.7.4-rc3. We recommend updating to 0.7.4-rc4 immediately if you have been using
-0.7.4-rc3.
+0.7.4 is a significant release focused on stability and production deployments.
+As the "patch" release number indicates, there were no breaking changes in the
+Admin API, but a huge volume of updates and improvements.  Highlights of this
+release include:
 
-- See issue: [\#1823](https://github.com/hyperledger/aries-cloudagent-python/issues/1823)
-- See Pull Request: [\#1827](https://github.com/hyperledger/aries-cloudagent-python/pull/1827)
+- A major performance and stability improvement resulting from the now
+recommended use of [Aries Askar](https://github.com/bcgov/aries-askar) instead
+of the Indy-SDK.
+- There are significant improvements and tools for dealing with
+revocation-related issues.
+- A lot of work has been on the handling of Hyperledger Indy transaction
+endorsements.
+- ACA-Py now has a pluggable persistent queues mechanism in place, with Redis
+and Kafka support available (albeit with work still to come on documentation).
 
-The 0.7.4 release consists largely of internal fixes to ACA-Py, big increases in
-performance resulting from the now recommended use of [Aries
-Askar](https://github.com/bcgov/aries-askar) instead of the Indy-SDK, tools for
-dealing with revocation-related issues, plus a number of enhancements. There have been
-a lot of groups exercising ACA-Py and the updates made in this release are a
-reflection of those efforts. We have PRs that have been contributed by 20
-different people, which is likely a record for a single ACA-Py release.
+In addition, there are a significant number of general enhancements, bug fixes,
+documentation updates and code management improvements.
 
-The largest enhancement is in the area of the Hyperledger Indy endorser,
-enabling an instance of ACA-Py to act as an Endorser for Indy authors needed
-endorsing to write objects to an Indy ledger. We're hoping to see an
-"aries-endorser-service" come from that work, an Endorser to be easily operated
-by an organization, ideally with a controller starter kit to allow an approvals
-business flow.
+This release is a reflection of the many groups stressing ACA-Py in production
+environments, reporting issues and the resulting solutions. We also have a very
+large number of contributors to ACA-Py, with this release having PRs from 22
+different individuals. A big thank you to all of those using ACA-Py, raising
+issues and providing solutions.
 
-A focus towards the end of the 0.7.4 development and release cycle was on the
-handling of AnonCreds revocation in ACA-Py. Most important, a production issue
-was uncovered where by an ACA-Py issuer's local Revocation Registry data could
-get out of sync with what was published on an Indy ledger, resulting in an
-inability to publish new RevRegEntry transactions -- making new revocations
-impossible. As a result, we have added some new endpoints to enable an update to
-the RevReg storage such that RevRegEntry transactions can again be published to
-the ledger. Other changes were added related to revocation in general
-and in the handling of tails files in particular.
+### Major Enhancements
 
-A lot of work has been put in for this release related to performance and load
+A lot of work has been put into this release related to performance and load
 testing, with significant updates being made to the key "shared component"
 ACA-Py dependencies ([Aries Askar](https://github.com/bcgov/aries-askar), [Indy
 VDR](https://github.comyperledger/indy-vdr)) and [Indy Shared RS (including
@@ -48,15 +42,36 @@ especially the team at LISSI for creating the
 to make load testing so easy! And of course to the core ACA-Py team for
 addressing the findings.
 
+The largest enhancement is in the area of the endorsing of Hyperledger Indy
+ledger transactions, enabling an instance of ACA-Py to act as an Endorser for
+Indy authors needing endorsements to write objects to an Indy ledger. We're
+working on an [Aries Endorser
+Service](https://github.com/bcgov/aries-endorser-service) based on the new
+capabilities in ACA-Py, an Endorser to be easily operated by an organization,
+ideally with a controller starter kit supporting a basic human and automated
+approvals business workflow. Contributions welcome!
+
+A focus towards the end of the 0.7.4 development and release cycle was on the
+handling of AnonCreds revocation in ACA-Py. Most important, a production issue
+was uncovered where by an ACA-Py issuer's local Revocation Registry data could
+get out of sync with what was published on an Indy ledger, resulting in an
+inability to publish new RevRegEntry transactions -- making new revocations
+impossible. As a result, we have added some new endpoints to enable an update to
+the RevReg storage such that RevRegEntry transactions can again be published to
+the ledger. Other changes were added related to revocation in general
+and in the handling of tails files in particular.
+
 The team has worked a lot on evolving the persistent queue (PQ) approach
-available in ACA-Py. We have landed on a design whereby the ability to use
-queues for inbound and outbound messages is within ACA-Py, with a default
-in-memory implementation, and the implementations of external persistent queues
-solutions is handled by referencing a plugin from a separate repository. There
-will shortly be two concrete, out-of-the-box solutions available, one for Kafka
-and one for Redis, and anyone else can implement their own PQ plugin as long as
-it uses the same ACA-Py queuing interface. Look for the new PQ repos shortly
-within Hyperledger Aries.
+available in ACA-Py. We have landed on a design for the queues for inbound and
+outbound messages using a default in-memory implementation, and the ability to
+replace the default method with implementations created via an ACA-Py plugin.
+There are two concrete, out-of-the-box external persistent queuing solutions
+available for [Redis](https://github.com/bcgov/aries-acapy-plugin-redis-events)
+and [Kafka](https://github.com/sicpa-dlab/aries-acapy-plugin-kafka-events).
+Those ACA-Py persistent queue implementation repositories will soon be migrated
+to the Aries project within the Hyperledger Foundation's GitHub organization.
+Anyone else can implement their own queuing plugin as long as it uses the same
+interface.
 
 Several new ways to control ACA-Py configurations were added, including new
 startup parameters, Admin API parameters to control instances of protocols, and
@@ -68,7 +83,9 @@ there no changes in the APIs.
 
 As well there were a number of internal fixes, dependency updates, documentation
 and demo changes, developer tools and release management updates. All the usual
-stuff needed for a growing codebase.
+stuff needed for a healthy, growing codebase.
+
+### Categorized List of Pull Requests
 
 - Hyperledger Indy Endorser related updates:
   - Fix order of operations connecting faber to endorser [\#1716](https://github.com/hyperledger/aries-cloudagent-python/pull/1716) ([ianco](https://github.com/ianco))
@@ -82,6 +99,7 @@ stuff needed for a growing codebase.
   - Use provided connection_id if provided [\#1726](https://github.com/hyperledger/aries-cloudagent-python/pull/1726) ([ianco](https://github.com/ianco))
 
 - Additions to the startup parameters, Admin API and Web Hooks
+  - Improve typing of settings and add plugin settings object [\#1833](https://github.com/hyperledger/aries-cloudagent-python/pull/1833) ([dbluhm](https://github.com/dbluhm))
   - feat: accept taa using startup parameter --accept-taa [\#1643](https://github.com/hyperledger/aries-cloudagent-python/pull/1643) ([TimoGlastra](https://github.com/TimoGlastra))
   - Add auto_verify flag in present-proof protocol [\#1702](https://github.com/hyperledger/aries-cloudagent-python/pull/1702) ([DaevMithran](https://github.com/DaevMithran))
   - feat: query connections by their_public_did [\#1637](https://github.com/hyperledger/aries-cloudagent-python/pull/1637) ([TimoGlastra](https://github.com/TimoGlastra))
@@ -96,6 +114,7 @@ stuff needed for a growing codebase.
   - Redis PQ Cleanup in preparation for enabling the uses of plugin PQ implementations \[Issue\#1659\] [\#1659](https://github.com/hyperledger/aries-cloudagent-python/pull/1690) ([shaangill025](https://github.com/shaangill025))
 
 - Credential Revocation and Tails File Handling
+  - Fix handling of non-revocable credential when timestamp is specified \(askar/credx\) [\#1847](https://github.com/hyperledger/aries-cloudagent-python/pull/1847) ([andrewwhitehead](https://github.com/andrewwhitehead))
   - Additional endpoints to get revocation details and fix "published" status [\#1783](https://github.com/hyperledger/aries-cloudagent-python/pull/1783) ([ianco](https://github.com/ianco))
   - Fix IssuerCredRevRecord state update on revocation publish [\#1827](https://github.com/hyperledger/aries-cloudagent-python/pull/1827) ([andrewwhitehead](https://github.com/andrewwhitehead))
   - Fix put_file when the server returns a redirect [\#1808](https://github.com/hyperledger/aries-cloudagent-python/pull/1808) ([andrewwhitehead](https://github.com/andrewwhitehead))
@@ -133,6 +152,7 @@ stuff needed for a growing codebase.
 
 - Multitenacy updates and fixes
   - feat: create new JWT tokens and invalidate older for multitenancy [\#1725](https://github.com/hyperledger/aries-cloudagent-python/pull/1725) ([TimoGlastra](https://github.com/TimoGlastra))
+  - Multi-tenancy stale wallet clean up [\#1692](https://github.com/hyperledger/aries-cloudagent-python/pull/1692) ([dbluhm](https://github.com/dbluhm))
 
 - Dependencies and internal code updates/fixes
   - Update pyjwt to 2.4 [\#1829](https://github.com/hyperledger/aries-cloudagent-python/pull/1829) ([andrewwhitehead](https://github.com/andrewwhitehead))
@@ -152,13 +172,9 @@ stuff needed for a growing codebase.
   - Replace async workaround within document loader [\#1774](https://github.com/hyperledger/aries-cloudagent-python/pull/1774) ([frostyfrog](https://github.com/frostyfrog))
 
 - Documentation and Demo Updates
-  - Changelog, version and ReadTheDocs updates for 0.7.4-rc3 release [\#1817](https://github.com/hyperledger/aries-cloudagent-python/pull/1817) ([swcurran](https://github.com/swcurran))
-  - 0.7.4-rc2 update [\#1771](https://github.com/hyperledger/aries-cloudagent-python/pull/1771) ([swcurran](https://github.com/swcurran))
-  - Some ReadTheDocs File updates [\#1770](https://github.com/hyperledger/aries-cloudagent-python/pull/1770) ([swcurran](https://github.com/swcurran))
-  - 0.7.4-RC1 Changelog intro paragraph - fix copy/paste error [\#1753](https://github.com/hyperledger/aries-cloudagent-python/pull/1753) ([swcurran](https://github.com/swcurran))
-  - Fixing the intro paragraph and heading in the changelog of this 0.7.4RC1 [\#1752](https://github.com/hyperledger/aries-cloudagent-python/pull/1752) ([swcurran](https://github.com/swcurran))
-  - Updates to Changelog for 0.7.4. RC1 release [\#1747](https://github.com/hyperledger/aries-cloudagent-python/pull/1747) ([swcurran](https://github.com/swcurran))
-  - Prep for adding the 0.7.4-rc0 tag [\#1722](https://github.com/hyperledger/aries-cloudagent-python/pull/1722) ([swcurran](https://github.com/swcurran))
+  - Use default wallet type askar for alice/faber demo and bdd tests [\#1761](https://github.com/hyperledger/aries-cloudagent-python/pull/1761) ([ianco](https://github.com/ianco))
+  - Update the Supported RFCs document for 0.7.4 release [\#1846](https://github.com/hyperledger/aries-cloudagent-python/pull/1846) ([swcurran](https://github.com/swcurran))
+  - Fix a typo in DevReadMe.md [\#1844](https://github.com/hyperledger/aries-cloudagent-python/pull/1844) ([feknall](https://github.com/feknall))
   - Add troubleshooting document, include initial examples - ledger connection, out-of-sync RevReg [\#1818](https://github.com/hyperledger/aries-cloudagent-python/pull/1818) ([swcurran](https://github.com/swcurran))
   - Update POST /present-proof/send-request to POST /present-proof-2.0/send-request [\#1824](https://github.com/hyperledger/aries-cloudagent-python/pull/1824) ([lineko](https://github.com/lineko))
   - Fetch from --genesis-url likely to fail in composed container [\#1746](https://github.com/hyperledger/aries-cloudagent-python/pull/1739) ([tdiesler](https://github.com/tdiesler))
@@ -171,13 +187,19 @@ stuff needed for a growing codebase.
   - Document impact of multi-ledger on TAA acceptance [\#1778](https://github.com/hyperledger/aries-cloudagent-python/pull/1778) ([ianco](https://github.com/ianco))
 
 - Code management and contributor/developer support updates
+  - Set prefix for integration test demo agents; some code cleanup [\#1840](https://github.com/hyperledger/aries-cloudagent-python/pull/1840) ([andrewwhitehead](https://github.com/andrewwhitehead))
   - Pin markupsafe at version 2.0.1 [\#1642](https://github.com/hyperledger/aries-cloudagent-python/pull/1642) ([andrewwhitehead](https://github.com/andrewwhitehead))
   - style: format with stable black release [\#1615](https://github.com/hyperledger/aries-cloudagent-python/pull/1615) ([TimoGlastra](https://github.com/TimoGlastra))
   - Remove references to play with von [\#1688](https://github.com/hyperledger/aries-cloudagent-python/pull/1688) ([ianco](https://github.com/ianco))
   - Add pre-commit as optional developer tool [\#1671](https://github.com/hyperledger/aries-cloudagent-python/pull/1671) ([dbluhm](https://github.com/dbluhm))
   - run_docker start - pass environment variables [\#1715](https://github.com/hyperledger/aries-cloudagent-python/pull/1715) ([shaangill025](https://github.com/shaangill025))
+  - Use local deps only [\#1834](https://github.com/hyperledger/aries-cloudagent-python/pull/1834) ([ryjones](https://github.com/ryjones))
+  - Enable pip-audit [\#1831](https://github.com/hyperledger/aries-cloudagent-python/pull/1831) ([ryjones](https://github.com/ryjones))
+  - Only run pip-audit on main repo [\#1845](https://github.com/hyperledger/aries-cloudagent-python/pull/1845) ([ryjones](https://github.com/ryjones))
 
 - Release management pull requests
+  - 0.7.4 Release Changelog and version update [\#1849](https://github.com/hyperledger/aries-cloudagent-python/pull/1849) ([swcurran](https://github.com/swcurran))
+  - 0.7.4-rc5 changelog, version and ReadTheDocs updates [\#1838](https://github.com/hyperledger/aries-cloudagent-python/pull/1838) ([swcurran](https://github.com/swcurran))
   - Update changelog and version for 0.7.4-rc4 [\#1830](https://github.com/hyperledger/aries-cloudagent-python/pull/1830) ([swcurran](https://github.com/swcurran))
   - Changelog, version and ReadTheDocs updates for 0.7.4-rc3 release [\#1817](https://github.com/hyperledger/aries-cloudagent-python/pull/1817) ([swcurran](https://github.com/swcurran))
   - 0.7.4-rc2 update [\#1771](https://github.com/hyperledger/aries-cloudagent-python/pull/1771) ([swcurran](https://github.com/swcurran))

DevReadMe.md

@@ -149,7 +149,7 @@ To enable the [ptvsd](https://github.com/Microsoft/ptvsd) Python debugger for Vi
 Any ports you will be using from the docker container should be published using the `PORTS` environment variable. For example:
 
 ```bash
-PORTS="5000:5000 8000:8000 1000:1000" ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --debug --log-level DEBUG
+PORTS="5000:5000 8000:8000 10000:10000" ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --debug --log-level DEBUG
 ```
 
 Refer to [the previous section](#Running) for instructions on how to run the software.

PUBLISHING.md

@@ -8,7 +8,7 @@ Once ready to do a release, create a local branch that includes the following up
 
 1. Create a PR branch from an updated `main` branch.
 
-2. Update the CHANGELOG.md to add the new release.  If transitioning for a Release Candidate to the final release for the tag, do not create a new section -- just drop the "RC" designation. Check the date of the new release.
+2. Update the CHANGELOG.md to add the new release.  Only create a new section when working on the first release candidate for a new release. When transitioning from one release candidate to the next, or to an official release, just update the title and date of the change log section.
 
 3. Include details of the merged PRs included in this release. General process to follow: