Container Images and Github Actions¶
ACA-Py is most frequently deployed using containers. From
the first release of ACA-Py up through 0.7.4, much of the community has built
their deployments using the container images graciously provided by BC Gov and
hosted through their bcgovimages
docker hub account. These images have been
critical to the adoption of not only ACA-Py but also decentralized trust/SSI
more generally.
Recognizing how critical these images are to the success of ACA-Py and consistent with the OpenWallet Foundation's commitment to open collaboration, container images are now built and published directly from the Aries Cloud Agent - Python project repository and made available through the Github Packages Container Registry.
Image¶
This project builds and publishes the ghcr.io/openwallet-foundation/acapy-agent
image.
Multiple variants are available; see Tags.
Tags¶
ACA-Py is a foundation for building decentralized identity applications; to this end, there are multiple variants of ACA-Py built to suit the needs of a variety of environments and workflows. The following variants exist:
- "Standard" - The default configuration of ACA-Py, including:
- Aries Askar for secure storage
- Indy VDR for Indy ledger communication
- AnonCreds Rust for AnonCreds
In the past, two image variants were published. These two variants are largely distinguished by providers for Indy Network and AnonCreds support. The Standard variant is recommended for new projects. Migration from an Indy based image (whether the new Indy image variant or the original BC Gov images) to the Standard image is outside of the scope of this document.
The ACA-Py images built by this project are tagged to indicate which of the above variants it is. Other tags may also be generated for use by developers.
Click here to see a current list of the tagged images available for ACA-Py in.
The following is the ACA-Py comntainer images tagging format. In each of the following, pyV.vv
is the base Python image being used (e.g. py3.12
):
- Regular Releases:
pyV.vv-X.Y.Z
whereX.Y.Z
is the ACA-Py release. TheZ
component may have anrcN
appended when the tag is for a Release Candidate. - Nightlies:
pyV-vv-nightly-YYYY-MM-DD
andpyV-vv-nightly
- LTS (Long Term Support):
pyV-vv-X.Y-lts
, where theX.Y
are the major and minor components of the LTS (e.g.0.12
,1.2
). This tag moves to always be on latest release of each line of LTS releases (e.g. from0.12.4
to0.12.5
when the latter is released).
Image Comparison¶
There are several key differences that should be noted between the two image variants and between the BC Gov ACA-Py images.
- Standard Image
- Based on slim variant of Debian
- Does NOT include
libindy
- Default user is
aries
- Uses container's system python environment rather than
pyenv
- Askar and Indy Shared libraries are installed as dependencies of ACA-Py through pip from pre-compiled binaries included in the python wrappers
- Built from repo contents
- Indy Image (no longer produced but included here for clarity)
- Based on slim variant of Debian
- Built from multi-stage build step (
indy-base
in the Dockerfile) which includes Indy dependencies; this could be replaced with an explicitindy-python
image from the Indy SDK repo - Includes
libindy
but does NOT include the Indy CLI - Default user is
indy
- Uses container's system python environment rather than
pyenv
- Askar and Indy Shared libraries are installed as dependencies of ACA-Py through pip from pre-compiled binaries included in the python wrappers
- Built from repo contents
- Includes Indy postgres storage plugin
Github Actions¶
- Tests (
.github/workflows/tests.yml
) - A reusable workflow that runs tests for the Standard ACA-Py variant for a given python version. - PR Tests (
.github/workflows/pr-tests.yml
) - Run on pull requests; runs tests for the Standard ACA-Py variant for a "default" python version. Check this workflow for the current default python version in use. - Nightly Tests (
.github/workflows/nightly-tests.yml
) - Run nightly; runs tests for the Standard ACA-Py variant for all currently supported python versions. Check this workflow for the set of currently supported versions in use. - Publish (
.github/workflows/publish.yml
) - Run on new release published or when manually triggered; builds and pushes the Standard ACA-Py variant to the Github Container Registry. - BDD Integration Tests (
.github/workflows/BDDTests.yml
) - Run on pull requests (to the openwallet-foundation fork only); runs BDD integration tests. - Format (
.github/workflows/format.yml
) - Run on pull requests; checks formatting of files modified by the PR. - CodeQL (
.github/workflows/codeql.yml
) - Run on pull requests; performs CodeQL analysis. - Python Publish (
.github/workflows/pythonpublish.yml
) - Run on release created; publishes ACA-Py python package to PyPI. - PIP Audit (
.github/workflows/pipaudit.yml
) - Run when manually triggered; performs pip audit.