diff --git a/.gitignore b/.gitignore index 1da07539c..a6544fca6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,11 @@ target/ .classpath /bin/ .idea/ -*.iml \ No newline at end of file +*.iml + +##semantic-release +package-lock.json +package.json +node_modules/ +pom.xml.versionsBackup + diff --git a/.releaserc b/.releaserc new file mode 100644 index 000000000..eaff720af --- /dev/null +++ b/.releaserc @@ -0,0 +1,64 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +{ + "branches": ["master", "mainline-1.x"], + "plugins": [ + ["@semantic-release/commit-analyzer", { + "preset": "conventionalcommits", + "parserOpts": { + "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] + }, + "presetConfig": { + "types": [ + {"type": "feat", "section": "Features"}, + {"type": "fix", "section": "Fixes"}, + {"type": "chore", "section": "Maintenance"}, + {"type": "docs", "section": "Maintenance"}, + {"type": "revert", "section": "Fixes"}, + {"type": "style", "hidden": true}, + {"type": "refactor", "hidden": true}, + {"type": "perf", "hidden": true}, + {"type": "test", "hidden": true} + ] + }, + "releaseRules": [ + {"type": "docs", "release": "patch"}, + {"type": "revert", "release": "patch"}, + {"type": "chore", "release": "patch"} + ] + }], + ["@semantic-release/release-notes-generator", { + "preset": "conventionalcommits", + "parserOpts": { + "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] + }, + "presetConfig": { + "types": [ + {"type": "feat", "section": "Features"}, + {"type": "fix", "section": "Fixes"}, + {"type": "chore", "section": "Maintenance"}, + {"type": "docs", "section": "Maintenance"}, + {"type": "revert", "section": "Fixes"}, + {"type": "style", "hidden": true}, + {"type": "refactor", "hidden": true}, + {"type": "perf", "hidden": true}, + {"type": "test", "hidden": true} + ] + } + }], + ["@semantic-release/changelog", { + "changelogFile": "./CHANGELOG.md", + "changelogTitle": "# Changelog" + }], + ["@semantic-release/exec", { + "prepareCmd": "mvn versions:set -DnewVersion=${nextRelease.version} \ + -DautoVersionSubmodules=true && find README.md -type f \ + -exec sed -i '' 's/.*<\\/version>/${nextRelease.version}<\\/version>/g' {} \\;" + }], + ["@semantic-release/git", { + "assets": ["./CHANGELOG.md", "./pom.xml", "./README.md"], + "message": "AWS Encryption SDK ${nextRelease.version} Release \n\n${nextRelease.notes}" + }], + ], + "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java", +} diff --git a/codebuild/ci/ci.yml b/codebuild/ci/ci.yml new file mode 100644 index 000000000..ff2536f69 --- /dev/null +++ b/codebuild/ci/ci.yml @@ -0,0 +1,91 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +# TODO: Replace/Augment build-graph with build-matrix +# Note: It's possible that 9 builds will be running concurrently with the current arrangement + +batch: + fast-fail: false + build-graph: + #- identifier: static_analysis + # buildspec: codebuild/ci/static-analysis.yml + # env: + # compute-type: BUILD_GENERAL1_MEDIUM + # image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### Start Vector tests ######### + - identifier: vectors_ci_openjdk8 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: openjdk8 + image: aws/codebuild/standard:3.0 + - identifier: vectors_ci_openjdk11 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: openjdk11 + image: aws/codebuild/standard:3.0 + - identifier: vectors_ci_corretto8 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: corretto8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: vectors_ci_corretto11 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: corretto11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### End Vector tests ######### + - identifier: release_ci + buildspec: codebuild/ci/release-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + image: aws/codebuild/standard:3.0 + ######### Start JAR Smoke tests ######### + - identifier: validate_ci_openjdk8 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + - identifier: validate_ci_openjdk11 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + - identifier: validate_ci_corretto8 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: validate_ci_corretto11 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### End JAR Smoke tests ######### diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml new file mode 100644 index 000000000..2e41ffd91 --- /dev/null +++ b/codebuild/ci/release-ci.yml @@ -0,0 +1,64 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-esdk-ci + NAMESPACE: com.amazonaws + PACKAGE: aws-encryption-sdk-java + parameter-store: + ACCOUNT: /CodeBuild/AccountIdentity + secrets-manager: + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase + +phases: + install: + runtime-versions: + java: openjdk11 + pre_build: + commands: + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ + build: + commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" +# See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html + - echo "Setting version in POM to $VERSION_HASH" + - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress + - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p')" + - | + mvn deploy \ + -PpublishingCodeArtifact \ + -Dmaven.test.skip=true \ + -DperformRelease \ + -Dgpg.homedir="$HOME/mvn_gpg" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 8 \ + -s $SETTINGS_FILE + finally: + - | + if expr ${CODEBUILD_BUILD_SUCCEEDING} != 1; then + echo "An error occured while building and uploading $REPOSITORY." + echo "Did a previous build already upload $VERSION_HASH to $REPOSITORY?" + echo "Try deleting $VERSION_HASH from $REPOSITORY and restart" + echo "Delete Package Version Command \n + aws codeartifact delete-package-versions --domain $DOMAIN \ + --repository $REPOSITORY \ + --format maven \ + --namespace $NAMESPACE \ + --package $PACKAGE \ + --versions $VERSION_HASH \ + --region $REGION"; + fi diff --git a/codebuild/ci/settings.xml b/codebuild/ci/settings.xml new file mode 100644 index 000000000..ee4922938 --- /dev/null +++ b/codebuild/ci/settings.xml @@ -0,0 +1,25 @@ + + + + codeartifact + aws + ${codeartifact.token} + + + + + + codeartifact + + + codeartifact + codeartifact + ${codeartifact.url} + + + + + diff --git a/codebuild/ci/static-analysis.yml b/codebuild/ci/static-analysis.yml new file mode 100644 index 000000000..9fe37ad4c --- /dev/null +++ b/codebuild/ci/static-analysis.yml @@ -0,0 +1,13 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +phases: + install: + runtime-versions: + nodejs: 12 + java: corretto11 + build: + commands: + - mvn -T 4 -ntp com.coveo:fmt-maven-plugin:check + - ./util/test-conditions.sh diff --git a/codebuild/ci/validate-ci.yml b/codebuild/ci/validate-ci.yml new file mode 100644 index 000000000..228783194 --- /dev/null +++ b/codebuild/ci/validate-ci.yml @@ -0,0 +1,40 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-esdk-ci + parameter-store: + ACCOUNT: /CodeBuild/AccountId + +phases: + install: + commands: + - pip install awscli + runtime-versions: + java: $JAVA_ENV_VERSION + pre_build: + commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" + - export SETTINGS_FILE=$(pwd)/codebuild/ci/settings.xml + - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git + - cd busy-engineers-document-bucket/exercises/java/encryption-context-complete + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + build: + commands: + - | + mvn verify \ + -Pcodeartifact \ + -Dcheckstyle.skip \ + -Desdk.version=$VERSION_HASH \ + -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 4 \ + -s $SETTINGS_FILE diff --git a/codebuild/ci/vectors-ci.yml b/codebuild/ci/vectors-ci.yml new file mode 100644 index 000000000..55be3e29b --- /dev/null +++ b/codebuild/ci/vectors-ci.yml @@ -0,0 +1,11 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +phases: + install: + runtime-versions: + java: $JAVA_ENV_VERSION + build: + commands: + - mvn install -T 8 -Dgpg.skip=true -ntp "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/corretto11.yml b/codebuild/corretto11.yml deleted file mode 100644 index e065929cf..000000000 --- a/codebuild/corretto11.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: corretto11 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/corretto8.yml b/codebuild/corretto8.yml deleted file mode 100644 index 71e236f59..000000000 --- a/codebuild/corretto8.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: corretto8 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/openjdk11.yml b/codebuild/openjdk11.yml deleted file mode 100644 index 208f52a28..000000000 --- a/codebuild/openjdk11.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: openjdk11 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/openjdk8.yml b/codebuild/openjdk8.yml deleted file mode 100644 index e80b43dd5..000000000 --- a/codebuild/openjdk8.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: openjdk8 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 0e1c06437..43697106c 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -1,6 +1,11 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: + variables: + BRANCH: "mainline-1.x" secrets-manager: GPG_KEY: Maven-GPG-Keys-Credentials:Keyname GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase @@ -13,15 +18,10 @@ phases: java: openjdk11 pre_build: commands: - - git checkout $COMMIT_ID - - FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - - | - if expr ${FOUND_VERSION} != ${VERSION}; then - echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" - exit 1; - fi + - git checkout $BRANCH + - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_pg.tgz - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: @@ -36,46 +36,6 @@ phases: -Dgpg.passphrase="$GPG_PASS" \ -Dsonatype.username="$SONA_USERNAME" \ -Dsonatype.password="$SONA_PASSWORD" \ + --no-transfer-progress \ -s $SETTINGS_FILE - - -batch: - fast-fail: false - build-graph: - - identifier: release_to_prod - - identifier: validate_prod_release_openjdk8 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: openjdk8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/standard:3.0 - - identifier: validate_prod_release_openjdk11 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: openjdk11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/standard:3.0 - - identifier: validate_prod_release_corretto8 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: corretto8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 - - identifier: validate_prod_release_corretto11 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: corretto11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - ./look_4_version.sh $VERSION diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 218b2ba68..08951c3f5 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: @@ -5,6 +8,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging + BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -14,16 +18,10 @@ env: phases: install: runtime-versions: - java: openjdk11 + java: corretto11 pre_build: commands: - - git checkout $COMMIT_ID - - FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - - | - if expr ${FOUND_VERSION} != ${VERSION}; then - echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" - exit 1; - fi + - git checkout $BRANCH - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} @@ -31,6 +29,11 @@ phases: - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" +# See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html + - echo "Setting version in POM to $VERSION_HASH" + - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress + - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p')" - | mvn deploy \ -PpublishingCodeArtifact \ @@ -42,45 +45,5 @@ phases: -Dgpg.passphrase="$GPG_PASS" \ -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ -s $SETTINGS_FILE - -batch: - fast-fail: false - build-graph: - - identifier: release_to_staging - - identifier: validate_staging_release_openjdk8 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: openjdk8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/standard:3.0 - - identifier: validate_staging_release_openjdk11 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: openjdk11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/standard:3.0 - - identifier: validate_staging_release_corretto8 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: corretto8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 - - identifier: validate_staging_release_corretto11 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: corretto11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 diff --git a/codebuild/release/release.yml b/codebuild/release/release.yml new file mode 100644 index 000000000..3f6dbc252 --- /dev/null +++ b/codebuild/release/release.yml @@ -0,0 +1,125 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +batch: + fast-fail: true + build-graph: + +# Release to CodeArtifact + - identifier: release_staging + buildspec: codebuild/release/release-staging.yml + +# Validate CodeArtifact with supported JDK and Corretto + - identifier: validate_staging_release_openjdk8 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + + - identifier: validate_staging_release_openjdk11 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + + - identifier: validate_staging_release_corretto8 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + + - identifier: validate_staging_release_corretto11 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + +# Version Project + - identifier: version + depend-on: + - release_staging + - validate_staging_release_openjdk8 + - validate_staging_release_openjdk11 + - validate_staging_release_corretto8 + - validate_staging_release_corretto11 + buildspec: codebuild/release/version.yml + env: + image: aws/codebuild/standard:5.0 + +# Publish to Maven Central + - identifier: publish + depend-on: + - version + buildspec: codebuild/release/release-prod.yml + +# Validate Maven Central with supported JDK and Corretto + - identifier: validate_prod_release_openjdk8 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + + - identifier: validate_prod_release_openjdk11 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + + - identifier: validate_prod_release_corretto8 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + + - identifier: validate_prod_release_corretto11 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + +# Upload Artifacts + - identifier: upload_artifacts + depend-on: + - validate_prod_release_openjdk8 + - validate_prod_release_openjdk11 + - validate_prod_release_corretto8 + - validate_prod_release_corretto11 + buildspec: codebuild/release/upload_artifacts.yml + env: + # Changing to standard:5.0 because we are able to install gh cli on ubuntu but + # not on AmazonLinux + image: aws/codebuild/standard:5.0 diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml new file mode 100644 index 000000000..ce3261bbf --- /dev/null +++ b/codebuild/release/upload_artifacts.yml @@ -0,0 +1,40 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +env: + variables: + BRANCH: "mainline-1.x" + git-credential-helper: yes + secrets-manager: + GH_TOKEN: Github/aws-crypto-tools-ci-bot:personal\ access\ token + +phases: + pre_build: + commands: + - git checkout $BRANCH + # get new project version + - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') + # install gh cli in order to upload artifacts + - curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg + - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null + - apt update + - apt install gh + build: + commands: + - gh version + - gh auth login --with-token < $GH_TOKEN + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:sources + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc + - gh release upload v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar diff --git a/codebuild/release/validate-prod.yml b/codebuild/release/validate-prod.yml index 6d8e8f164..b283b2411 100644 --- a/codebuild/release/validate-prod.yml +++ b/codebuild/release/validate-prod.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 phases: @@ -15,4 +18,6 @@ phases: -Dcheckstyle.skip \ -Desdk.version=$VERSION \ -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ - -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ + --no-transfer-progress + diff --git a/codebuild/release/validate-staging.yml b/codebuild/release/validate-staging.yml index 55bf2ac1f..ed0e1622a 100644 --- a/codebuild/release/validate-staging.yml +++ b/codebuild/release/validate-staging.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: @@ -16,6 +19,7 @@ phases: java: $JAVA_ENV_VERSION pre_build: commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git - cd busy-engineers-document-bucket/exercises/java/encryption-context-complete @@ -27,10 +31,11 @@ phases: mvn verify \ -Pcodeartifact \ -Dcheckstyle.skip \ - -Desdk.version=$VERSION \ + -Desdk.version=$VERSION_HASH \ -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 4 \ -s $SETTINGS_FILE - diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml new file mode 100644 index 000000000..79b1bab41 --- /dev/null +++ b/codebuild/release/version.yml @@ -0,0 +1,30 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +env: + variables: + NODE_OPTIONS: "--max-old-space-size=4096" + BRANCH: "mainline-1.x" + git-credential-helper: "yes" + +phases: + install: + commands: + - npm install --save-dev semantic-release + - npm install @semantic-release/changelog -d + - npm install @semantic-release/exec -d + - npm install @semantic-release/git -d + - npm install --save conventional-changelog + runtime-versions: + nodejs: 14 + pre_build: + commands: + - git config --global user.name "aws-crypto-tools-ci-bot" + - git config --global user.email "no-reply@noemail.local" + - git checkout $BRANCH + build: + commands: + - npx semantic-release --branches $BRANCH --no-ci + diff --git a/look_4_version.sh b/look_4_version.sh new file mode 100644 index 000000000..dfdbc489c --- /dev/null +++ b/look_4_version.sh @@ -0,0 +1,29 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +#!bin/bash + +VERSION=$1 +COUNTER=0 +STATUS=1 + +echo "Looking for version $VERSION" + +while [ $STATUS -ne 0 ]; do + mvn org.apache.maven.plugins:maven-dependency-plugin:3.0.1:get \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:$VERSION:jar -U + + STATUS=$? + if [ $STATUS -eq 0 ]; then + echo "Found version $VERSION in Maven Central :)" + break + fi + + if [ $((COUNTER+=1)) -eq 15 ]; then + echo "It has been an awfully long time, you should check Maven Central for issues" + exit 1 + fi + + echo "Could not find version $VERSION. Trying again." + sleep 60 +done diff --git a/pom.xml b/pom.xml index 5ccb449df..3d6360524 100644 --- a/pom.xml +++ b/pom.xml @@ -138,6 +138,16 @@ + + + com.coveo + fmt-maven-plugin + 2.10 + + + + + diff --git a/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java b/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java index ddc648915..40875aa9a 100644 --- a/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java +++ b/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java @@ -18,6 +18,12 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; +import com.amazonaws.encryptionsdk.AwsCrypto; +import com.amazonaws.encryptionsdk.CryptoResult; +import com.amazonaws.encryptionsdk.MasterKeyProvider; +import com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException; +import com.amazonaws.encryptionsdk.CommitmentPolicy; +import com.amazonaws.encryptionsdk.multi.MultipleProviderFactory; import java.io.IOException; import java.math.BigInteger; import java.security.GeneralSecurityException; @@ -32,22 +38,9 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.Date; - import javax.crypto.spec.SecretKeySpec; - import org.junit.Before; import org.junit.Test; - -import com.amazonaws.encryptionsdk.AwsCrypto; -import com.amazonaws.encryptionsdk.CryptoResult; -import com.amazonaws.encryptionsdk.MasterKeyProvider; -import com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException; -import com.amazonaws.encryptionsdk.CommitmentPolicy; -import com.amazonaws.encryptionsdk.multi.MultipleProviderFactory; - -/* These internal sun classes are included solely for test purposes as - this test cannot use BouncyCastle cert generation, as there are incompatibilities - between how standard BC and FIPS BC perform cert generation. */ import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateAlgorithmId; import sun.security.x509.CertificateSerialNumber; @@ -57,6 +50,10 @@ import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; +/* These internal sun classes are included solely for test purposes as + this test cannot use BouncyCastle cert generation, as there are incompatibilities + between how standard BC and FIPS BC perform cert generation. */ + public class KeyStoreProviderTest { private static final SecureRandom RND = new SecureRandom(); private static final KeyPairGenerator KG; diff --git a/util/test-conditions.sh b/util/test-conditions.sh new file mode 100644 index 000000000..f1d2a260b --- /dev/null +++ b/util/test-conditions.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +./aws-encryption-sdk-specification/util/test_conditions \ + -s '-r src/main/ --include *.java' \ + -t '-r src/test/ --include *.java' \ + -s 'compliance_exceptions/*.java'