ci: update client generator workflow and scripts

.github/workflows/build.yml

@@ -71,11 +71,11 @@ jobs:
           COMMIT_HASH="${GITHUB_SHA::7}"
           BUILD_NUMBER="${GITHUB_RUN_NUMBER}"
           VERSION=$(grep -Eo 'version := "[^"]+"' version.sbt | sed 's/version := "//; s/"//; s/-SNAPSHOT//')
-          REVISION_VERSION=${VERSION}-$COMMIT_HASH # Revision version is used for the OAS file name and client libraries
-          BUILD_VERSION=${VERSION}-$BUILD_NUMBER-$COMMIT_HASH # Build version is used for the Docker image tag
+          REVISION_VERSION=${VERSION}-${COMMIT_HASH} # Revision version is used for the OAS file name and client libraries
+          BUILD_VERSION=${VERSION}-${BUILD_NUMBER}-${COMMIT_HASH} # Build version is used for the Docker image tag
 
-          echo "REVISION_VERSION=$REVISION_VERSION" >> "$GITHUB_OUTPUT"
-          echo "BUILD_VERSION=$BUILD_VERSION" >> "$GITHUB_OUTPUT"
+          echo "REVISION_VERSION=${REVISION_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "BUILD_VERSION=${BUILD_VERSION}" >> "$GITHUB_OUTPUT"
 
       - name: Build Docker Image
         run: |
@@ -111,17 +111,17 @@ jobs:
       - name: Build Cloud-Agent Open API Specification
         id: build-oas
         run: |
-          sbt "cloudAgentServer/test:runMain org.hyperledger.identus.api.util.Tapir2StaticOAS ../../../cloud-agent-openapi-spec-${{ steps.revision.outputs.REVISION_VERSION}}.yaml revision"
-          checksum=$(sha256sum ./cloud-agent-openapi-spec-${{ steps.revision.outputs.REVISION_VERSION }}.yaml | awk '{ print $1 }')
+          sbt "cloudAgentServer/test:runMain org.hyperledger.identus.api.util.Tapir2StaticOAS $(pwd)/cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml ${{ steps.revision.outputs.REVISION_VERSION }}"
+          checksum=$(sha256sum $(pwd)/cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml | awk '{ print $1 }')
           OAS_CHECKSUM=${checksum:0:8}
-          echo "OAS_CHECKSUM=OAS_CHECKSUM" >> "$GITHUB_OUTPUT"
+          echo "OAS_CHECKSUM=${OAS_CHECKSUM}" >> "$GITHUB_OUTPUT"
 
       - name: Publish Cloud-Agent Open API Specification
         id: upload-oas
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cloud-agent-openapi-spec-${{ steps.build-oas.outputs.OAS_CHECKSUM}}
-          path: ./cloud-agent-openapi-spec-${{ steps.revision.outputs.REVISION_VERSION}}.yaml
+          path: ./cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml
           overwrite: true
           compression-level: 0
 
@@ -143,11 +143,15 @@ jobs:
     needs: build
     permissions:
       contents: read
-      packages: write
       id-token: write
-    if: needs.build.outputs.OAS_PUBLISHED
+    if: needs.build.outputs.OAS_PUBLISHED == 'true'
     uses: ./.github/workflows/release-clients.yml
-    secrets: inherit
+    secrets:
+      HYP_BOT_GPG_PRIVATE: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+      HYP_BOT_GPG_PASSWORD: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
+      OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+      OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
     with:
+      release: false
       revision: ${{ needs.build.outputs.REVISION_VERSION }}
       check_sum: ${{ needs.build.outputs.OAS_CHECKSUM }}

.github/workflows/release-clients.yml

@@ -5,31 +5,53 @@ run-name: Build and publish Identus Cloud Agent clients from from ${{ github.hea
 on:
   workflow_call:
     inputs:
+      release:
+        description: "Release to build and publish clients"
+        required: true
+        type: boolean
+        default: false
       revision:
-        description: "Revision to build and publish clients (e.g. 1.33.0-a3j4456-1)"
+        description: "Revision to build and publish clients"
         required: true
         type: string
       check_sum:
         description: "Checksum of the OAS specification"
-        required: true
+        required: false
         type: string
+    secrets:
+      HYP_BOT_GPG_PRIVATE:
+        required: true
+      HYP_BOT_GPG_PASSWORD:
+        required: true
+      OSSRH_USERNAME:
+        required: true
+      OSSRH_PASSWORD:
+        required: true
   workflow_dispatch:
     inputs:
-      releaseTag:
-        description: "Tag to release clients (e.g. cloud-agent-v1.33.0)"
-        required: false
-        type: string
+      release:
+        description: 'Is a release publication?'
+        required: true
+        type: boolean
+        default: false
       revision:
-        description: "Revision to build and publish clients (e.g. 1.33.0-a3j4456-1)"
-        required: false
+        description: "Revision to build and publish clients"
+        required: true
         type: string
+      kotlin:
+        description: 'Publish kotlin client'
+        required: false
+        type: boolean
+        default: false
+      ts:
+        description: 'Publish ts client'
+        required: false
+        type: boolean
+        default: false
       check_sum:
         description: "Checksum of the OAS specification"
         required: false
         type: string
-  push:
-    tags:
-      - "v*"
 
 permissions:
   contents: read
@@ -68,11 +90,13 @@ jobs:
       - name: Setup Gradle
         uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
 
-      - name: Delete existing Open API specification
-        if: ${{ !inputs.releaseTag }}
+      - name: Download release OAS
+        if: ${{ inputs.release }}
+        env:
+          REVISION: ${{ inputs.revision }}
         run: |
-          echo "Current directory: $(pwd)"
-          rm -f ./cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml
+          curl -fSL "https://raw.githubusercontent.com/hyperledger-identus/cloud-agent/refs/tags/v${REVISION}/cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml" \
+            -o ./cloud-agent/service/api/http/cloud-agent-openapi-spec.yaml
 
       - name: Download OpenAPI specification
         if: ${{ !inputs.releaseTag }}
@@ -81,43 +105,23 @@ jobs:
           name: cloud-agent-openapi-spec-${{ inputs.check_sum }}
           path: ./cloud-agent/service/api/http
 
-      - name: Rename OpenAPI specification
-        if: ${{ !inputs.releaseTag }}
-        working-directory: cloud-agent/service/api/http
-        run: |
-          mv cloud-agent-openapi-spec-${{ inputs.revision }}.yaml cloud-agent-openapi-spec.yaml
-
-      - name: Set revision version
-        if: ${{ !inputs.releaseTag }}
-        working-directory: cloud-agent/client/generator
-        run: yarn version --new-version ${{ inputs.revision }} --no-git-tag-version
-
-      - name: Install generator dependencies
+      - name: Generator
         working-directory: cloud-agent/client/generator
-        run: yarn install
-
-      - name: Generate clients
-        working-directory: cloud-agent/client/generator
-        run: yarn generate:all
-
-      - name: Set version for clients
         run: |
-          if [ -z "${{ github.event.inputs.releaseTag }}" ]; then
-              echo "VERSION_TAG=cloud-agent-v${{ inputs.revision }}" >> $GITHUB_ENV
-          else
-              echo "VERSION_TAG=${{ github.event.inputs.releaseTag }}" >> $GITHUB_ENV
-          fi
+          yarn install
+          yarn generate:all
 
       # The npm publish step uses Trusted Publisher via OIDC
       - name: Publish clients (npm Trusted Publisher)
         working-directory: cloud-agent/client/generator
         env:
-          VERSION_TAG: ${{ env.VERSION_TAG }}
-          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          GPG_PRIVATE: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
-          GPG_PASSWORD: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          VERSION_TAG: ${{ inputs.revision }}
+          PUBLISH_KOTLIN: ${{ inputs.kotlin }}
+          PUBLISH_TS: ${{ inputs.ts }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
+          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.OSSRH_USERNAME }}
+          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.OSSRH_PASSWORD }}
         run: |
           echo "Using npm version $(npm -v)"
           npm audit signatures

.github/workflows/release.yml

@@ -23,6 +23,8 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+    outputs:
+      RELEASE_VERSION: ${{ steps.version.outputs.RELEASE_VERSION }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
@@ -90,3 +92,18 @@ jobs:
           repository: hyperledger-identus/integration
           event-type: integration
           client-payload: '{"component": "cloud-agent", "version": "${{ steps.version.outputs.RELEASE_VERSION }}"}'
+
+  build-and-publish-clients:
+    needs: release
+    permissions:
+      contents: read
+      id-token: write
+    uses: ./.github/workflows/release-clients.yml
+    secrets:
+      HYP_BOT_GPG_PRIVATE: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+      HYP_BOT_GPG_PASSWORD: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
+      OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+      OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+    with:
+      release: true
+      revision: ${{ needs.release.outputs.RELEASE_VERSION }}

cloud-agent/client/.gitignore

@@ -1,45 +1,2 @@
-.gradle
-build/
-!gradle/wrapper/gradle-wrapper.jar
-!**/src/main/**/build/
-!**/src/test/**/build/
-target
-node_modules/
-
-### IntelliJ IDEA ###
-.idea/modules.xml
-.idea/jarRepositories.xml
-.idea/compiler.xml
-.idea/libraries/
-*.iws
-*.iml
-*.ipr
-out/
-!**/src/main/**/out/
-!**/src/test/**/out/
-.idea
-
-### Eclipse ###
-.apt_generated
-.classpath
-.factorypath
-.project
-.settings
-.springBeans
-.sts4-cache
-bin/
-!**/src/main/**/bin/
-!**/src/test/**/bin/
-
-### NetBeans ###
-/nbproject/private/
-/nbbuild/
-/dist/
-/nbdist/
-/.nb-gradle/
-
-### VS Code ###
-.vscode/
-
-### Mac OS ###
-.DS_Store
+kotlin/
+typescript/

cloud-agent/client/generator/.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

cloud-agent/client/generator/generate-clients.sh

@@ -15,6 +15,3 @@ yarn openapi-generator-cli generate \
 	-i ../../service/api/http/cloud-agent-openapi-spec.yaml \
 	-o ../typescript \
 	--ignore-file-override ../typescript/.openapi-generator-ignore
-
-# generate python models
-# yarn openapi-generator-cli generate -g python -i oas.yml --skip-validate-spec -o ../python --ignore-file-override ../python/.openapi-generator-ignore

cloud-agent/client/generator/package.json

@@ -13,7 +13,7 @@
     "publish:clients": "./publish-clients.sh"
   },
   "dependencies": {
-    "@openapitools/openapi-generator-cli": "2.13.13",
+    "@openapitools/openapi-generator-cli": "2.30.0",
     "npm-run-all": "^4.1.5"
   }
 }

cloud-agent/client/generator/publish-clients.sh

@@ -1,46 +1,40 @@
 #!/bin/bash
 set -e
 
-# Parse the version from the revision, beta or tag (everything that comes after 'v' in the VERSION_TAG)
-AGENT_VERSION=$(echo "$VERSION_TAG" | sed -E 's/.*v([0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9\.]+)?).*/\1/')
-echo version=${AGENT_VERSION}
+echo "Publishing ${VERSION_TAG}"
 
-# install dependencies
+PUBLISH_KOTLIN="${PUBLISH_KOTLIN:-true}"
+PUBLISH_TS="${PUBLISH_TS:-true}"
+
+# install generator dependencies
 yarn -s
 
 # Determine if the version is a snapshot or a release
-if [[ "$AGENT_VERSION" == *-* ]]; then
-	echo "Publishing snapshot version"
-
-	# kotlin
-	gradle -p ../kotlin -Pversion=${AGENT_VERSION}-SNAPSHOT publish --info
-
-	# typescript
-	cd ../typescript
-	echo "Publishing TypeScript client snapshot"
-	# Ensure dependencies are installed for the package before publishing
-	npm install
-	npm version "${AGENT_VERSION}" --no-git-tag-version
-	npm publish --provenance --tag snapshot
+if [[ "$VERSION_TAG" == *-* ]]; then
+  echo "Publishing snapshot version"
+  if [[ "$PUBLISH_KOTLIN" == "true" ]]; then
+    echo "Publishing Kotlin client snapshot"
+    gradle -p ../kotlin -Pversion=${VERSION_TAG}-SNAPSHOT publishToMavenCentral
+  fi
+
+  if [[ "$PUBLISH_TS" == "true" ]]; then
+    echo "Publishing TypeScript client snapshot"
+    npm --prefix ../typescript install
+    npm --prefix ../typescript version "${VERSION_TAG}" --no-git-tag-version
+    npm --prefix ../typescript publish --provenance --access public --tag snapshot
+  fi
 else
-	echo "Publishing release version"
-
-	# kotlin
-	PACKAGE_URL="https://repo1.maven.org/maven2/org/hyperledger/identus/cloud-agent-client/${AGENT_VERSION}/cloud-agent-client-${AGENT_VERSION}.pom"
-	HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$PACKAGE_URL")
-
-	if [ "$HTTP_CODE" -eq 200 ]; then
-		echo "Package version ${AGENT_VERSION} already exists. Skipping publication."
-	else
-		echo "Package version ${AGENT_VERSION} does not exist. Proceeding with publication."
-		gradle -p ../kotlin -Pversion=${AGENT_VERSION} publish closeAndReleaseSonatypeStagingRepository --info
-	fi
-
-	# typescript
-		cd ../typescript
-  	echo "Publishing TypeScript client release"
-  	# Ensure dependencies are installed for the package before publishing
-  	npm install
-  	npm version "${AGENT_VERSION}" --no-git-tag-version
-  	npm publish --provenance --tag latest
+  echo "Publishing release version"
+
+  if [[ "$PUBLISH_KOTLIN" == "true" ]]; then
+    echo "Publishing Kotlin client release"
+    gradle -p ../kotlin -Pversion=${VERSION_TAG} publishToMavenCentral
+  fi
+
+  if [[ "$PUBLISH_TS" == "true" ]]; then
+    echo "Publishing TypeScript client release"
+    npm --prefix ../typescript install
+    npm --prefix ../typescript version "${VERSION_TAG}" --no-git-tag-version
+    npm --prefix ../typescript publish --provenance --access public --tag latest
+  fi
 fi