serverlessworkflow
diff --git a/‎.github/workflows/schema-check.yaml
Lines changed: 0 additions & 4 deletions b/‎.github/workflows/schema-check.yaml
Lines changed: 0 additions & 4 deletions
diff --git a/‎README.md
Lines changed: 3 additions & 0 deletions b/‎README.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎ctk/features/call.feature
Lines changed: 2 additions & 2 deletions b/‎ctk/features/call.feature
Lines changed: 2 additions & 2 deletions
diff --git a/‎ctk/features/raise.feature
Lines changed: 1 addition & 1 deletion b/‎ctk/features/raise.feature
Lines changed: 1 addition & 1 deletion
diff --git a/‎ctk/features/try.feature
Lines changed: 1 addition & 1 deletion b/‎ctk/features/try.feature
Lines changed: 1 addition & 1 deletion
diff --git a/‎dsl-reference.md
Lines changed: 103 additions & 10 deletions b/‎dsl-reference.md
Lines changed: 103 additions & 10 deletions
diff --git a/‎dsl.md
Lines changed: 19 additions & 0 deletions b/‎dsl.md
Lines changed: 19 additions & 0 deletions
diff --git a/‎examples/README.md
Lines changed: 11 additions & 0 deletions b/‎examples/README.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎examples/bearer-auth.yaml renamed to ‎examples/authentication-bearer-uri-format.yaml b/‎examples/bearer-auth.yaml renamed to ‎examples/authentication-bearer-uri-format.yaml
diff --git a/‎examples/bearer-auth-uri-format.yaml renamed to ‎examples/authentication-bearer.yaml
Lines changed: 1 addition & 1 deletion b/‎examples/bearer-auth-uri-format.yaml renamed to ‎examples/authentication-bearer.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/authentication-oauth2.yaml
Lines changed: 22 additions & 0 deletions b/‎examples/authentication-oauth2.yaml
Lines changed: 22 additions & 0 deletions
diff --git a/‎examples/authentication-oidc.yaml
Lines changed: 19 additions & 0 deletions b/‎examples/authentication-oidc.yaml
Lines changed: 19 additions & 0 deletions
diff --git a/‎examples/use-authentication.yaml renamed to ‎examples/authentication-reusable.yaml b/‎examples/use-authentication.yaml renamed to ‎examples/authentication-reusable.yaml
diff --git a/‎examples/asyncapi.yaml renamed to ‎examples/call-asyncapi.yaml b/‎examples/asyncapi.yaml renamed to ‎examples/call-asyncapi.yaml
diff --git a/‎examples/call-custom-function-cataloged.yaml
Lines changed: 13 additions & 0 deletions b/‎examples/call-custom-function-cataloged.yaml
Lines changed: 13 additions & 0 deletions
diff --git a/‎examples/call-custom-function-inline.yaml
Lines changed: 25 additions & 0 deletions b/‎examples/call-custom-function-inline.yaml
Lines changed: 25 additions & 0 deletions
diff --git a/‎examples/call-grpc.yaml
Lines changed: 18 additions & 0 deletions b/‎examples/call-grpc.yaml
Lines changed: 18 additions & 0 deletions
diff --git a/‎examples/call-http-shorthand-endpoint.yaml renamed to ‎examples/call-http-endpoint-interpolation-shorthand.yaml b/‎examples/call-http-shorthand-endpoint.yaml renamed to ‎examples/call-http-endpoint-interpolation-shorthand.yaml
diff --git a/‎examples/call-http-endpoint-interpolation.yaml
Lines changed: 11 additions & 0 deletions b/‎examples/call-http-endpoint-interpolation.yaml
Lines changed: 11 additions & 0 deletions
diff --git a/‎examples/http-query-params.yaml renamed to ‎examples/call-http-query-parameters.yaml b/‎examples/http-query-params.yaml renamed to ‎examples/call-http-query-parameters.yaml
@@ -29,10 +29,6 @@ on:
       - 'examples/**'
   pull_request:
     branches: [ "main" ]
-    paths:
-      - 'schema/**'
-      - 'examples/**'
-
 jobs:
   build:
     defaults:
 
@@ -109,8 +109,11 @@ It is a member project of the [CNCF Serverless Working Group](https://github.com
 ## Documentation
 
 The documentation for Serverless Workflow includes:
+
 - [**DSL**](dsl.md): Documents the fundamentals aspects and concepts of the Serverless Workflow DSL
 - [**DSL Reference**](dsl-reference.md): References all the definitions used by the Serverless Workflow DSL
+- [**Examples**](./examples/README.md): A collection of practical examples demonstrating specific features and functionalities of Serverless Workflow.
+- [**Use Cases**](./use-cases/README.md): Detailed use cases illustrating how Serverless Workflow can be applied in various real-world scenarios.
 
 ## Community
 
 
@@ -104,7 +104,7 @@ Feature: Call Task
           with:
             document:
               endpoint: "https://petstore.swagger.io/v2/swagger.json"
-            operation: findPetsByStatus
+            operationId: findPetsByStatus
             parameters:
               status: ${ .status }
           output:
@@ -132,7 +132,7 @@ Feature: Call Task
           with:
             document:
               endpoint: "https://petstore.swagger.io/v2/swagger.json"
-            operation: getPetById
+            operationId: getPetById
             parameters:
               petId: ${ .petId }
             output: response
 
@@ -24,5 +24,5 @@ Feature: Raise Task
     status: 400
     type: https://serverlessworkflow.io/errors/types/compliance
     title: Compliance Error
-    instance: /do/raiseComplianceError
+    instance: /do/0/raiseError
     """
@@ -43,7 +43,7 @@ Feature: Try Task
     And the workflow output should have properties 'error', 'error.type', 'error.status', 'error.title'
     And the workflow output should have a 'error.instance' property with value:
     """yaml
-    /do/tryGetPet/try
+    /do/0/tryGetPet/try/0/getPet
     """
 
   # Tests that try tasks fault when an uncaught error is raised
 
@@ -37,6 +37,7 @@
     - [Certificate](#certificate-authentication)
     - [Digest](#digest-authentication)
     - [OAUTH2](#oauth2-authentication)
+    - [OpenIdConnect](#openidconnect-authentication)
   + [Extension](#extension)
   + [Error](#error)
     - [Standard Error Types](#standard-error-types)
@@ -148,7 +149,7 @@ use:
     petStoreOAuth2:
       oauth2: 
         authority: https://petstore.swagger.io/.well-known/openid-configuration
-        grant: client-credentials
+        grant: client_credentials
         client:
           id: workflow-runtime
           secret: "**********"
@@ -1111,6 +1112,7 @@ Defines the mechanism used to authenticate users and workflows attempting to acc
 | certificate | [`certificateAuthentication`](#certificate-authentication) | `no` | The `certificate` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
 | digest | [`digestAuthentication`](#digest-authentication) | `no` | The `digest` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
 | oauth2 | [`oauth2`](#oauth2-authentication) | `no` | The `oauth2` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
+| oidc | [`oidc`](#openidconnect-authentication) | `no` | The `oidc` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
 
 ##### Examples
 
@@ -1209,19 +1211,59 @@ do:
 
 #### Digest Authentication
 
+Defines the fundamentals of a 'digest' authentication.
+
+##### Properties
+
+| Property | Type | Required | Description |
+|----------|:----:|:--------:|-------------|
+| username | `string` | `yes` | The username to use. |
+| password | `string` | `yes` | The password to use. |
+
+##### Examples
+
+```yaml
+document:
+  dsl: '1.0.0-alpha1'
+  namespace: test
+  name: digest-authentication-example
+  version: '0.1.0'
+use:
+  authentications:
+    sampleDigest:
+      digest:
+        username: admin
+        password: password123
+do:
+  - sampleTask:
+      call: http
+      with:
+        method: get
+        endpoint: 
+          uri: https://secured.fake.com/sample
+          authentication: 
+            use: sampleDigest
+```
 
 #### OAUTH2 Authentication
 
-Defines the fundamentals of an 'oauth2' authentication
+Defines the fundamentals of an 'oauth2' authentication.
 
 ##### Properties
 
-| Property | Type | Required | Description |
-|----------|:----:|:--------:|-------------|
-| authority | [`uri-template`](#uri-template) | `yes` | The URI that references the OAuth2 authority to use. |
-| grant | `string` | `yes` | The grant type to use. |
-| client.id | `string` | `yes` | The client id to use. |
+| Name | Type | Required | Description |
+|:-----|:----:|:--------:|:------------|
+| authority | `uri-template` | `yes` | The URI that references the authority to use when making OAuth2 calls. |
+| endpoints.token | `uri-template` | `no` | The relative path to the endpoint for OAuth2 token requests.<br>Defaults to `/oauth2/token`. |
+| endpoints.revocation | `uri-template` | `no` | The relative path to the endpoint used to invalidate tokens.<br>Defaults to `/oauth2/revoke`. |
+| endpoints.introspection | `uri-template` | `no` | The relative path to the endpoint used to validate and obtain information about a token, typically to check its validity and associated metadata.<br>Defaults to `/oauth2/introspect`. | 
+| grant | `string` | `yes` | The grant type to use.<br>Supported values are `authorization_code`, `client_credentials`, `password`, `refresh_token` and `urn:ietf:params:oauth:grant-type:token-exchange`. |
+| client.id | `string` | `no` | The client id to use.<br>Required if the `client.authentication` method has **not** been set to `none`. |
 | client.secret | `string` | `no` | The client secret to use, if any. |
+| client.assertion | `string` | `no` | A JWT containing a signed assertion with your application credentials.<br>Required when `client.authentication` has been set to `private_key_jwt`. |
+| client.authentication | `string` | `no` | The client authentication method to use.<br>Supported values are `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt` or `none`.<br>Defaults to `client_secret_post`. |
+| request.encoding | `string` | `no` | The encoding of the token request.<br>Supported values are `application/x-www-form-urlencoded` and `application/json`.<br>Defaults to application/x-www-form-urlencoded. |
+| issuers | `uri-template[]` | `no` | A list that contains that contains valid issuers that will be used to check against the issuer of generated tokens. |
 | scopes | `string[]` | `no` | The scopes, if any, to request the token for. |
 | audiences | `string[]` | `no` | The audiences, if any, to request the token for. |
 | username | `string` | `no` | The username to use. Used only if the grant type is `Password`. |
@@ -1246,8 +1288,10 @@ do:
           uri: https://secured.fake.com/sample
           authentication:
             oauth2:
-              authority: http://keycloak/realms/fake-authority/.well-known/openid-configuration
-              grant: client-credentials
+              authority: http://keycloak/realms/fake-authority
+              endpoints:
+                token: /oauth2/token
+              grant: client_credentials
               client:
                 id: workflow-runtime
                 secret: "**********"
@@ -1266,6 +1310,55 @@ Represents the definition of an OAUTH2 token
 | token | `string` | `yes` | The security token to use to use. |
 | type | `string` | `yes` | The type of security token to use. |
 
+#### OpenIdConnect Authentication
+
+Defines the fundamentals of an 'oidc' authentication.
+
+##### Properties
+
+| Name | Type | Required | Description |
+|:-----|:----:|:--------:|:------------|
+| authority | `uri-template` | `yes` | The URI that references the authority to use when making OpenIdConnect calls. |
+| grant | `string` | `yes` | The grant type to use.<br>Supported values are `authorization_code`, `client_credentials`, `password`, `refresh_token` and `urn:ietf:params:oauth:grant-type:token-exchange`. |
+| client.id | `string` | `no` | The client id to use.<br>Required if the `client.authentication` method has **not** been set to `none`. |
+| client.secret | `string` | `no` | The client secret to use, if any. |
+| client.assertion | `string` | `no` | A JWT containing a signed assertion with your application credentials.<br>Required when `client.authentication` has been set to `private_key_jwt`. |
+| client.authentication | `string` | `no` | The client authentication method to use.<br>Supported values are `client_secret_basic`, `client_secret_post`, `client_secret_jwt`, `private_key_jwt` or `none`.<br>Defaults to `client_secret_post`. |
+| request.encoding | `string` | `no` | The encoding of the token request.<br>Supported values are `application/x-www-form-urlencoded` and `application/json`.<br>Defaults to application/x-www-form-urlencoded. |
+| issuers | `uri-template[]` | `no` | A list that contains that contains valid issuers that will be used to check against the issuer of generated tokens. |
+| scopes | `string[]` | `no` | The scopes, if any, to request the token for. |
+| audiences | `string[]` | `no` | The audiences, if any, to request the token for. |
+| username | `string` | `no` | The username to use. Used only if the grant type is `Password`. |
+| password | `string` | `no` | The password to use. Used only if the grant type is `Password`. |
+| subject | [`oauth2Token`](#oauth2-token) | `no` | The security token that represents the identity of the party on behalf of whom the request is being made. |
+| actor | [`oauth2Token`](#oauth2-token) | `no` | The security token that represents the identity of the acting party. |
+
+##### Examples
+
+```yaml
+document:
+  dsl: '1.0.0-alpha1'
+  namespace: test
+  name: oidc-authentication-example
+  version: '0.1.0'
+do:
+  - sampleTask:
+      call: http
+      with:
+        method: get
+        endpoint: 
+          uri: https://secured.fake.com/sample
+          authentication:
+            oidc:
+              authority: http://keycloak/realms/fake-authority/.well-known/openid-configuration
+              grant: client_credentials
+              client:
+                id: workflow-runtime
+                secret: "**********"
+              scopes: [ api ]
+              audiences: [ runtime ]
+```
+
 ### Extension
 
 Holds the definition for extending functionality, providing configuration options for how an extension extends and interacts with other components.
@@ -1358,7 +1451,7 @@ Defines the [Problem Details RFC](https://datatracker.ietf.org/doc/html/rfc7807)
 |----------|:----:|:--------:|-------------|
 | type | [`uri-template`](#uri-template) | `yes` | A URI reference that identifies the [`error`](#error) type. <br><u>For cross-compatibility concerns, it is strongly recommended to use [Standard Error Types](#standard-error-types) whenever possible.<u><br><u>Runtimes **MUST** ensure that the property has been set when raising or escalating the [`error`](#error).<u> |
 | status | `integer` | `yes` | The status code generated by the origin for this occurrence of the [`error`](#error).<br><u>For cross-compatibility concerns, it is strongly recommended to use [HTTP Status Codes](https://datatracker.ietf.org/doc/html/rfc7231#section-6) whenever possible.<u><br><u>Runtimes **MUST** ensure that the property has been set when raising or escalating the [`error`](#error).<u> |
-| instance | `string` | `yes` | A [JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901) used to reference the component the [`error`](#error) originates from.<br><u>Runtimes **MUST** set the property when raising or escalating the [`error`](#error). Otherwise ignore.<u> |
+| instance | `string` | `no` | A [JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901) used to reference the component the [`error`](#error) originates from.<br><u>Runtimes **MUST** set the property when raising or escalating the [`error`](#error). Otherwise ignore.<u> |
 | title | `string` | `no` | A short, human-readable summary of the [`error`](#error). |
 | detail | `string` | `no` | A human-readable explanation specific to this occurrence of the [`error`](#error). |
 
 
@@ -12,6 +12,7 @@
     - [Components](#components)
       + [Task](#task)
     - [Scheduling](#scheduling)
+      + [Event-Driven Scheduling](#event-driven-scheduling)
   + [Task Flow](#task-flow)
   + [Data Flow](#data-flow)
   + [Runtime Expressions](#runtime-expressions)
@@ -150,6 +151,24 @@ Workflow scheduling in ServerlessWorkflow allows developers to specify when and
 
 See the [DSL reference](dsl-reference.md#schedule) for more details about workflow scheduling.
 
+##### Event-driven scheduling
+
+###### Input of event-driven scheduled workflows
+
+In event-driven scheduled workflows, the input is structured as an array containing the events that trigger the execution of the workflow. This array serves as a vital resource, providing workflow authors access to all relevant data associated with each triggering event. When an event activates the workflow, it populates this array with one or more occurrences, allowing authors to process multiple events simultaneously as needed.
+
+Authors can reference individual events within the array using syntax such as $workflow.input[index], where index indicates the event's position, starting from 0. For instance, $workflow.input[0] refers to the first event, while $workflow.input[1] refers to the second. This structure allows for easy access to specific event details, and if multiple events are received at once, authors can iterate through the array to handle each one appropriately. This flexibility ensures that workflows can respond effectively to various conditions and triggers, enhancing their overall responsiveness and functionality.
+
+###### Distinguishing event-driven scheduling from start `listen` Tasks
+
+While both `schedule.on` and a start listener task enable event-driven execution of workflows, they serve distinct purposes and have different implications:
+
+- **`schedule.on`**: This property defines when a new workflow instance should be created based on an external event. When an event matches the criteria specified in `schedule.on`, a new workflow instance is initiated. The critical point here is that `schedule.on` solely manages the creation of new workflow instances. Any faults or timeouts related to the scheduling process are typically invisible to the user and do not impact the workflow instance.
+
+- **Start `listen` task**: A start listener task defines a task that must be undertaken after a new workflow instance has been created. This task listens for specific events and begins processing once the instance is active. The critical difference is that a start listener task operates within an already instantiated workflow. If a start listener task experiences a timeout or fault, it can cause the entire workflow instance to fail or behave unexpectedly, directly impacting the flow's execution and outcome.
+
+While `schedule.on` is concerned with *when* a new workflow instance should be initiated, a start listener task deals with *what* should happen once the instance is active. This distinction is crucial because it influences how errors and timeouts are handled—`schedule.on` faults are typically invisible and do not affect the workflow, whereas start listener task failures can directly and potentially severely impact the workflow instance they belong to.
+
 ### Task Flow
 
 A workflow begins with the first task defined.
 
@@ -0,0 +1,11 @@
+# Examples
+
+Welcome to the Serverless Workflow Examples directory! This section contains a collection of brief YAML files, each representing a single workflow definition. 
+
+These examples are designed to demonstrate specific features and functionalities of the Serverless Workflow DSL. They serve as a practical reference to help you understand and implement different aspects of Serverless Workflows in your projects.
+
+## Contributing
+
+We welcome contributions! If you have an example demonstrating a unique feature or use case of Serverless Workflow, feel free to submit a pull request.
+
+For more detailed information on contributing, including guidelines and best practices, please refer to our [Contributing Guide](./CONTRIBUTING.md).
@@ -12,4 +12,4 @@ do:
           uri: https://petstore.swagger.io/v2/pet/1
           authentication:
             bearer:
-              token: ${ .token }
+              token: ${ .token }
@@ -0,0 +1,22 @@
+document:
+  dsl: 1.0.0-alpha1
+  namespace: examples
+  name: oauth2-authentication
+  version: 1.0.0-alpha1
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: https://petstore.swagger.io/v2/pet/{petId}
+          authentication:
+            oauth2:
+              authority: http://keycloak/realms/fake-authority
+              endpoints: #optional
+                token: /auth/token #defaults to /oauth2/token
+                introspection: /auth/introspect #defaults to /oauth2/introspect
+              grant: client_credentials
+              client:
+                id: workflow-runtime-id
+                secret: workflow-runtime-secret
@@ -0,0 +1,19 @@
+document:
+  dsl: 1.0.0-alpha1
+  namespace: examples
+  name: oidc-authentication
+  version: 1.0.0-alpha1
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: https://petstore.swagger.io/v2/pet/{petId}
+          authentication:
+            oidc:
+              authority: http://keycloak/realms/fake-authority #endpoints are resolved using the OIDC configuration located at '/.well-known/openid-configuration'
+              grant: client_credentials
+              client:
+                id: workflow-runtime-id
+                secret: workflow-runtime-secret
@@ -0,0 +1,13 @@
+document:
+  dsl: '1.0.0'
+  namespace: samples
+  name: call-custom-function-cataloged
+  version: '1.0.0'
+do:
+  - log:
+      call: https://raw.githubusercontent.com/serverlessworkflow/catalog/main/functions/log/1.0.0/function.yaml
+      with:
+        message: Hello, world!
+        level: information
+        timestamp: true
+        format: '{TIMESTAMP} [{LEVEL}] ({CONTEXT}): {MESSAGE}'
@@ -0,0 +1,25 @@
+document:
+  dsl: '1.0.0'
+  namespace: samples
+  name: call-custom-function-inline
+  version: '1.0.0'
+use:
+  functions:
+    getPetById:
+      input:
+        schema:
+          document:
+            type: object
+            properties:
+              petId:
+                type: string
+            required: [ petId ]
+      call: http
+      with:
+        method: get
+        endpoint: https://petstore.swagger.io/v2/pet/{petId}
+do:
+  - getPet:
+      call: getPetById
+      with:
+        petId: 69
@@ -0,0 +1,18 @@
+document:
+  dsl: '1.0.0-alpha1'
+  namespace: test
+  name: grpc-example
+  version: '0.1.0'
+do:
+  - greet:
+      call: grpc
+      with:
+        proto: 
+          endpoint: file://app/greet.proto
+        service:
+          name: GreeterApi.Greeter
+          host: localhost
+          port: 5011
+        method: SayHello
+        arguments:
+          name: ${ .user.preferredDisplayName }
@@ -0,0 +1,11 @@
+document:
+  dsl: 1.0.0-alpha1
+  namespace: examples
+  name: call-http-shorthand-endpoint
+  version: 1.0.0-alpha1
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint: ${ "https://petstore.swagger.io/v2/pet/\(.petId)" }