Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade ACA-Py Agents #18

Open
20 of 27 tasks
WadeBarnes opened this issue Nov 17, 2022 · 19 comments
Open
20 of 27 tasks

Upgrade ACA-Py Agents #18

WadeBarnes opened this issue Nov 17, 2022 · 19 comments
Assignees
@esune @WadeBarnes
Labels
upgrade Upgrade task

Comments

@WadeBarnes
Copy link
Member

WadeBarnes commented Nov 17, 2022
edited
Loading

These upgrades should be performed in combination with #83

The DITP Inventory of Deployments contains a list of our deployed ACA-Py agents. Review the list and upgrade the agents to the latest ACA-Py version. Endorser agents running 1.0.0-rcx versions may need special attention, as they were deployed before full support for the endorser protocols were officially released with ACA-Py.

Where possible the spreadsheet contains links to the agent's deployment within OCP.

The data in the spreadsheet is generated in part by an automated audit script that scans the OCP environments for agent instances and collects data including agent version, secure storage type, and endorser role; docs. getDids.sh

Note: - ACA-Py 0.12.0rc0 resolves the issues with routing of REVOC_REG_ENTRYs through an Endorser. Test results here; hyperledger/aries-cloudagent-python#2441 (comment)

Next Steps:

  • Now that we have a solution for the REVOC_REG_ENTRY routing issue. Start breaking down the issuer-kit based agents and outline what's involved with upgrading each. Expected to be involved are indy to askar migrations, wallet database upgrades (to Postgres v14 as that is the easiest target), and migration to askar only images. This work should be performed in separate tickets, one top level one to better identify the affected agents, and possibly additional tickets for each of the more involved upgrades. Priority should be given to active issuers that are affected by the REVOC_REG_ENTRY routing issues.

Below is a list of repositories containing references to ACA-Py images:
@WadeBarnes WadeBarnes added the upgrade Upgrade task label Nov 17, 2022
@WadeBarnes
Copy link
Member Author

We'd like to automate the detection and upgrade process, @jleach do you have any thoughts and references we could use? My first thoughts are something like the bcgov/repomountie bot.

@jleach
Copy link
Member

jleach commented Nov 23, 2022
edited
Loading

Could take the API work from repomountie and make a cron job. The bots a mostly event driven so not awesome at looking through repos for outdated data.

Could troll repos and create a PR for the update.

@WadeBarnes
Copy link
Member Author

There is an issue with revocation notifications that has been identified and confirmed in aca-py v0.7.5 so it's no longer in the upgrade path. We'll have to upgrade to a newer release. The only other available at the moment is v1.0.0-rc0 which is being used for LSBC.

@WadeBarnes WadeBarnes changed the title Upgrade aca-py agents to v0.7.5 Upgrade aca-py agents to v1.0.0-rc0 or above Feb 1, 2023
@WadeBarnes WadeBarnes changed the title Upgrade aca-py agents to v1.0.0-rc0 or above Upgrade aca-py agents to v1.0.0-rc1 or above (>v0.7.5) Feb 1, 2023
@WadeBarnes
Copy link
Member Author

The NR FSA team uses Dependabot and Renovate to keep their various dependencies up to date. We should look further into these tools as well.

@swcurran
Copy link
Contributor

Renovate is a new one to me — https://github.com/renovatebot/renovate. What is the difference between it and dependabot? And aren’t we already using dependabot everywhere?

@WadeBarnes
Copy link
Member Author

I don't know how they compare yet, but how they are used is different than simply using dependabot to get updates for security vulnerabilities. They are using them to get updates to their dependencies when new versions are released, regardless of whether the release is associated with a security vulnerability.

@swcurran
Copy link
Contributor

Got it. That’s good. Especially if the PRs get automatically run through the unit/integration tests. Would that be enough for merges? Where does the dev judgement (and time…the harder part) come in.

@WadeBarnes
Copy link
Member Author

I'd think we'd want the devs to review the related release's changes to determine if it contains anything problematic for the given implementation. Some of the projects in the list above are marked for archiving so the list will get smaller, but I doubt all of the remaining projects have tests running against their aca-py integration, so it's going to require a project by project call.

It's more of a matter of automating the detection and updates, since we typically update all of our projects at once, once we've done some preliminary testing with one of them.

@WadeBarnes
Copy link
Member Author

First step to a new official release; https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.8.0-rc0

@WadeBarnes
Copy link
Member Author

Official release; https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.8.1

@WadeBarnes
Copy link
Member Author

Official release; https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.8.2

@WadeBarnes WadeBarnes changed the title Upgrade aca-py agents to v1.0.0-rc1 or above (>v0.7.5) Upgrade ACA-Py Agents Jul 12, 2023
This was referenced Jul 12, 2023
Closed
Open
Open
Open
Open
@esune esune self-assigned this Nov 2, 2023
@esune
Copy link
Member

esune commented Dec 19, 2023

@WadeBarnes I think we should re-assess which agents we want to update vs. which agents should be "frozen" since the projects they belong to are either archived/frozen or unmaintained at this point.

@WadeBarnes
Copy link
Member Author

@esune, Updated the list in the description. Please review and see if you agree with the ones I've marked freeze and/or archive. Not sure what we should do with the moh and health gateway ones.

@esune
Copy link
Member

esune commented Jan 11, 2024

@esune, Updated the list in the description. Please review and see if you agree with the ones I've marked freeze and/or archive. Not sure what we should do with the moh and health gateway ones.

What you are proposing makes sense to me. I am wondering if we should open issues to remove references for moh and health-gateway (or a PR doing so, potentially?) and leave it to the code owners to take action in their repositories?

@WadeBarnes
Copy link
Member Author

I am wondering if we should open issues to remove references for moh and health-gateway (or a PR doing so, potentially?) and leave it to the code owners to take action in their repositories?

That seems appropriate.

@WadeBarnes
Copy link
Member Author

Updated and reorganized the list of updates to be made in the description.

@WadeBarnes
Copy link
Member Author

Updated the DITP Inventory of Deployments spreadsheet with a new tab labeled 2024.01.19.

@esune
Copy link
Member

esune commented Jan 23, 2024

Updated the DITP Inventory of Deployments spreadsheet with a new tab labeled 2024.01.19.

Thanks @WadeBarnes . I noticed there are remnants of an old (decommissioned) endorser deployment, logged #156 to take care of that.

@esune
Copy link
Member

esune commented Jan 30, 2024

We also might need to track https://github.com/bcgov/aries-vcr-issuer-controller for updates, since some of the deployed OrgBook integrations use it for their source code.

@WadeBarnes WadeBarnes mentioned this issue Feb 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@esune esune

@WadeBarnes WadeBarnes

Labels
upgrade Upgrade task
Projects
DITP Enterprise Apps
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jleach @swcurran @esune @WadeBarnes @rajpalc7