Open WadeBarnes opened 1 year ago
WadeBarnes
commented
1 year ago We'd like to automate the detection and upgrade process, @jleach do you have any thoughts and references we could use? My first thoughts are something like the bcgov/repomountie bot.
jleach
commented
1 year ago Could take the API work from repomountie and make a cron job. The bots a mostly event driven so not awesome at looking through repos for outdated data.
Could troll repos and create a PR for the update.
WadeBarnes
commented
1 year ago There is an issue with revocation notifications that has been identified and confirmed in aca-py v0.7.5 so it's no longer in the upgrade path. We'll have to upgrade to a newer release. The only other available at the moment is v1.0.0-rc0 which is being used for LSBC.
WadeBarnes
commented
1 year ago The NR FSA team uses Dependabot and Renovate to keep their various dependencies up to date. We should look further into these tools as well.
swcurran
commented
1 year ago Renovate is a new one to me — https://github.com/renovatebot/renovate. What is the difference between it and dependabot? And aren’t we already using dependabot everywhere?
WadeBarnes
commented
1 year ago I don't know how they compare yet, but how they are used is different than simply using dependabot to get updates for security vulnerabilities. They are using them to get updates to their dependencies when new versions are released, regardless of whether the release is associated with a security vulnerability.
swcurran
commented
1 year ago Got it. That’s good. Especially if the PRs get automatically run through the unit/integration tests. Would that be enough for merges? Where does the dev judgement (and time…the harder part) come in.
WadeBarnes
commented
1 year ago I'd think we'd want the devs to review the related release's changes to determine if it contains anything problematic for the given implementation. Some of the projects in the list above are marked for archiving so the list will get smaller, but I doubt all of the remaining projects have tests running against their aca-py integration, so it's going to require a project by project call.
It's more of a matter of automating the detection and updates, since we typically update all of our projects at once, once we've done some preliminary testing with one of them.
WadeBarnes
commented
1 year ago First step to a new official release; https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.8.0-rc0
WadeBarnes
commented
1 year ago WadeBarnes
commented
1 year ago 
esune
commented
9 months ago @WadeBarnes I think we should re-assess which agents we want to update vs. which agents should be "frozen" since the projects they belong to are either archived/frozen or unmaintained at this point.
WadeBarnes
commented
8 months ago @esune, Updated the list in the description. Please review and see if you agree with the ones I've marked freeze and/or archive. Not sure what we should do with the moh and health gateway ones.
esune
commented
8 months ago @esune, Updated the list in the description. Please review and see if you agree with the ones I've marked
freezeand/orarchive. Not sure what we should do with themohandhealth gatewayones.
What you are proposing makes sense to me. I am wondering if we should open issues to remove references for moh and health-gateway (or a PR doing so, potentially?) and leave it to the code owners to take action in their repositories?
WadeBarnes
commented
8 months ago I am wondering if we should open issues to remove references for
mohandhealth-gateway(or a PR doing so, potentially?) and leave it to the code owners to take action in their repositories?
That seems appropriate.
WadeBarnes
commented
8 months ago Updated and reorganized the list of updates to be made in the description.
WadeBarnes
commented
8 months ago Updated the DITP Inventory of Deployments spreadsheet with a new tab labeled 2024.01.19.
esune
commented
8 months ago Updated the DITP Inventory of Deployments spreadsheet with a new tab labeled
2024.01.19.
Thanks @WadeBarnes . I noticed there are remnants of an old (decommissioned) endorser deployment, logged https://github.com/bcgov/DITP-DevOps/issues/156 to take care of that.
esune
commented
8 months ago We also might need to track https://github.com/bcgov/aries-vcr-issuer-controller for updates, since some of the deployed OrgBook integrations use it for their source code.
esune
commented
3 weeks ago IDIM dev agent to be completed this week. Testing and follow-up upgrade of remaining environments to be planned once change is validated.
WadeBarnes
commented
3 weeks ago IDIM
devagent to be completed this week. Testing and follow-up upgrade of remaining environments to be planned once change is validated.
Complete. IDIM dev has been upgraded to ghcr.io/hyperledger/aries-cloudagent-python:py3.9-0.12.2.
These upgrades should be performed in combination with https://github.com/bcgov/DITP-DevOps/issues/83
The DITP Inventory of Deployments contains a list of our deployed ACA-Py agents. Review the list and upgrade the agents to the latest ACA-Py version. Endorser agents running
1.0.0-rcxversions may need special attention, as they were deployed before full support for the endorser protocols were officially released with ACA-Py.Where possible the spreadsheet contains links to the agent's deployment within OCP.
The data in the spreadsheet is generated in part by an automated audit script that scans the OCP environments for agent instances and collects data including agent version, secure storage type, and endorser role; docs. getDids.sh
Note: - ACA-Py 0.12.0rc0 resolves the issues with routing of
REVOC_REG_ENTRYs through an Endorser. Test results here; https://github.com/hyperledger/aries-cloudagent-python/issues/2441#issuecomment-1921696128Next Steps:
REVOC_REG_ENTRYrouting issue. Start breaking down the issuer-kit based agents and outline what's involved with upgrading each. Expected to be involved areindytoaskarmigrations, wallet database upgrades (to Postgres v14 as that is the easiest target), and migration toaskaronly images. This work should be performed in separate tickets, one top level one to better identify the affected agents, and possibly additional tickets for each of the more involved upgrades. Priority should be given to active issuers that are affected by theREVOC_REG_ENTRYrouting issues.Below is a list of repositories containing references to ACA-Py images:
aca-py v0.7.4toaca-py v0.10.3in the Digital Trust Services Trust Over IP (e79518) environments. They all need to be brought up to the same version. Which requires indy to askar migration in some cases.bcgov/trust-over-ip-configurations. There are a mix of agents fromaca-py v0.7.4toaca-py v0.10.3in the Digital Trust Services Trust Over IP (e79518) environments. They all need to be brought up to the same version.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.aca-py v0.11.0andaca-py v0.10.5. Neither version worked with BC Reg and OrgBook.Dormantlife cycle badge.