From db23fa87f043a39c5609ad3c65698dcb7e774a72 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 26 Oct 2021 22:32:35 -0700 Subject: [PATCH 01/11] chore: add updated release to mainline --- .releaserc | 64 +++++++++++++ codebuild/release/release-prod.yml | 58 ++---------- codebuild/release/release-staging.yml | 59 ++---------- codebuild/release/release.yml | 125 +++++++++++++++++++++++++ codebuild/release/upload_artifacts.yml | 40 ++++++++ codebuild/release/validate-prod.yml | 7 +- codebuild/release/validate-staging.yml | 9 +- codebuild/release/version.yml | 30 ++++++ look_4_version.sh | 29 ++++++ 9 files changed, 319 insertions(+), 102 deletions(-) create mode 100644 .releaserc create mode 100644 codebuild/release/release.yml create mode 100644 codebuild/release/upload_artifacts.yml create mode 100644 codebuild/release/version.yml create mode 100644 look_4_version.sh diff --git a/.releaserc b/.releaserc new file mode 100644 index 000000000..216c517f5 --- /dev/null +++ b/.releaserc @@ -0,0 +1,64 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +{ + "branches": ["master", "mainline-1.x"], + "plugins": [ + ["@semantic-release/commit-analyzer", { + "preset": "conventionalcommits", + "parserOpts": { + "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] + }, + "presetConfig": { + "types": [ + {"type": "feat", "section": "Features"}, + {"type": "fix", "section": "Fixes"}, + {"type": "chore", "section": "Maintenance"}, + {"type": "docs", "section": "Maintenance"}, + {"type": "revert", "section": "Fixes"}, + {"type": "style", "hidden": true}, + {"type": "refactor", "hidden": true}, + {"type": "perf", "hidden": true}, + {"type": "test", "hidden": true} + ] + }, + "releaseRules": [ + {"type": "docs", "release": "patch"}, + {"type": "revert", "release": "patch"}, + {"type": "chore", "release": "patch"} + ] + }], + ["@semantic-release/release-notes-generator", { + "preset": "conventionalcommits", + "parserOpts": { + "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] + }, + "presetConfig": { + "types": [ + {"type": "feat", "section": "Features"}, + {"type": "fix", "section": "Fixes"}, + {"type": "chore", "section": "Maintenance"}, + {"type": "docs", "section": "Maintenance"}, + {"type": "revert", "section": "Fixes"}, + {"type": "style", "hidden": true}, + {"type": "refactor", "hidden": true}, + {"type": "perf", "hidden": true}, + {"type": "test", "hidden": true} + ] + } + }], + ["@semantic-release/changelog", { + "changelogFile": "./CHANGELOG.md", + "changelogTitle": "# Changelog" + }], + ["@semantic-release/exec", { + "prepareCmd": "mvn versions:set -DnewVersion=${nextRelease.version} \ + -DautoVersionSubmodules=true && find README.md -type f \ + -exec sed -i '' 's/.*<\\/version>/${nextRelease.version}<\\/version>/g' {} \\;" + }], + ["@semantic-release/git", { + "assets": ["./CHANGELOG.md", "./pom.xml", "./README.md"], + "message": "AWS Encryption SDK ${nextRelease.version} Release \n\n${nextRelease.notes}" + }], + ], + "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java/tree/mainline-1.x", +} diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 0e1c06437..b9bf32c6b 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: @@ -13,15 +16,9 @@ phases: java: openjdk11 pre_build: commands: - - git checkout $COMMIT_ID - - FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - - | - if expr ${FOUND_VERSION} != ${VERSION}; then - echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" - exit 1; - fi + - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_pg.tgz - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: @@ -36,46 +33,7 @@ phases: -Dgpg.passphrase="$GPG_PASS" \ -Dsonatype.username="$SONA_USERNAME" \ -Dsonatype.password="$SONA_PASSWORD" \ + --no-transfer-progress \ -s $SETTINGS_FILE - - -batch: - fast-fail: false - build-graph: - - identifier: release_to_prod - - identifier: validate_prod_release_openjdk8 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: openjdk8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/standard:3.0 - - identifier: validate_prod_release_openjdk11 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: openjdk11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/standard:3.0 - - identifier: validate_prod_release_corretto8 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: corretto8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 - - identifier: validate_prod_release_corretto11 - depend-on: - - release_to_prod - buildspec: codebuild/release/validate-prod.yml - env: - variables: - JAVA_ENV_VERSION: corretto11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - ./look_4_version.sh $VERSION +g diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 218b2ba68..f6a00238b 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: @@ -14,16 +17,9 @@ env: phases: install: runtime-versions: - java: openjdk11 + java: corretto11 pre_build: commands: - - git checkout $COMMIT_ID - - FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - - | - if expr ${FOUND_VERSION} != ${VERSION}; then - echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" - exit 1; - fi - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} @@ -31,6 +27,11 @@ phases: - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" +# See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html + - echo "Setting version in POM to $VERSION_HASH" + - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress + - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p')" - | mvn deploy \ -PpublishingCodeArtifact \ @@ -42,45 +43,5 @@ phases: -Dgpg.passphrase="$GPG_PASS" \ -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ -s $SETTINGS_FILE - -batch: - fast-fail: false - build-graph: - - identifier: release_to_staging - - identifier: validate_staging_release_openjdk8 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: openjdk8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/standard:3.0 - - identifier: validate_staging_release_openjdk11 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: openjdk11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/standard:3.0 - - identifier: validate_staging_release_corretto8 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: corretto8 - JAVA_NUMERIC_VERSION: 8 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 - - identifier: validate_staging_release_corretto11 - depend-on: - - release_to_staging - buildspec: codebuild/release/validate-staging.yml - env: - variables: - JAVA_ENV_VERSION: corretto11 - JAVA_NUMERIC_VERSION: 11 - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 diff --git a/codebuild/release/release.yml b/codebuild/release/release.yml new file mode 100644 index 000000000..3f6dbc252 --- /dev/null +++ b/codebuild/release/release.yml @@ -0,0 +1,125 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +batch: + fast-fail: true + build-graph: + +# Release to CodeArtifact + - identifier: release_staging + buildspec: codebuild/release/release-staging.yml + +# Validate CodeArtifact with supported JDK and Corretto + - identifier: validate_staging_release_openjdk8 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + + - identifier: validate_staging_release_openjdk11 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + + - identifier: validate_staging_release_corretto8 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + + - identifier: validate_staging_release_corretto11 + depend-on: + - release_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + +# Version Project + - identifier: version + depend-on: + - release_staging + - validate_staging_release_openjdk8 + - validate_staging_release_openjdk11 + - validate_staging_release_corretto8 + - validate_staging_release_corretto11 + buildspec: codebuild/release/version.yml + env: + image: aws/codebuild/standard:5.0 + +# Publish to Maven Central + - identifier: publish + depend-on: + - version + buildspec: codebuild/release/release-prod.yml + +# Validate Maven Central with supported JDK and Corretto + - identifier: validate_prod_release_openjdk8 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + + - identifier: validate_prod_release_openjdk11 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + + - identifier: validate_prod_release_corretto8 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + + - identifier: validate_prod_release_corretto11 + depend-on: + - publish + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + +# Upload Artifacts + - identifier: upload_artifacts + depend-on: + - validate_prod_release_openjdk8 + - validate_prod_release_openjdk11 + - validate_prod_release_corretto8 + - validate_prod_release_corretto11 + buildspec: codebuild/release/upload_artifacts.yml + env: + # Changing to standard:5.0 because we are able to install gh cli on ubuntu but + # not on AmazonLinux + image: aws/codebuild/standard:5.0 diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml new file mode 100644 index 000000000..8122e09e8 --- /dev/null +++ b/codebuild/release/upload_artifacts.yml @@ -0,0 +1,40 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +env: + variables: + BRANCH: "master" + git-credential-helper: yes + secrets-manager: + GH_TOKEN: Github/aws-crypto-tools-ci-bot:personal\ access\ token + +phases: + pre_build: + commands: + # get new project version + - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') + # install gh cli in order to upload artifacts + - curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg + - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null + - apt update + - apt install gh + - git checkout $BRANCH + build: + commands: + - gh version + - gh auth login --with-token < $GH_TOKEN + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:sources + - | + mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \ + -DrepoUrl=https://aws.oss.sonatype.org \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc + - gh release upload v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar diff --git a/codebuild/release/validate-prod.yml b/codebuild/release/validate-prod.yml index 6d8e8f164..b283b2411 100644 --- a/codebuild/release/validate-prod.yml +++ b/codebuild/release/validate-prod.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 phases: @@ -15,4 +18,6 @@ phases: -Dcheckstyle.skip \ -Desdk.version=$VERSION \ -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ - -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ + --no-transfer-progress + diff --git a/codebuild/release/validate-staging.yml b/codebuild/release/validate-staging.yml index 55bf2ac1f..ed0e1622a 100644 --- a/codebuild/release/validate-staging.yml +++ b/codebuild/release/validate-staging.yml @@ -1,3 +1,6 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + version: 0.2 env: @@ -16,6 +19,7 @@ phases: java: $JAVA_ENV_VERSION pre_build: commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git - cd busy-engineers-document-bucket/exercises/java/encryption-context-complete @@ -27,10 +31,11 @@ phases: mvn verify \ -Pcodeartifact \ -Dcheckstyle.skip \ - -Desdk.version=$VERSION \ + -Desdk.version=$VERSION_HASH \ -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 4 \ -s $SETTINGS_FILE - diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml new file mode 100644 index 000000000..c1494f49b --- /dev/null +++ b/codebuild/release/version.yml @@ -0,0 +1,30 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +env: + variables: + NODE_OPTIONS: "--max-old-space-size=4096" + BRANCH: "master" + git-credential-helper: "yes" + +phases: + install: + commands: + - npm install --save-dev semantic-release + - npm install @semantic-release/changelog -d + - npm install @semantic-release/exec -d + - npm install @semantic-release/git -d + - npm install --save conventional-changelog + runtime-versions: + nodejs: 14 + pre_build: + commands: + - git config --global user.name "aws-crypto-tools-ci-bot" + - git config --global user.email "no-reply@noemail.local" + - git checkout $BRANCH + build: + commands: + - npx semantic-release --branches mainline-1.x --no-ci + diff --git a/look_4_version.sh b/look_4_version.sh new file mode 100644 index 000000000..dfdbc489c --- /dev/null +++ b/look_4_version.sh @@ -0,0 +1,29 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 + +#!bin/bash + +VERSION=$1 +COUNTER=0 +STATUS=1 + +echo "Looking for version $VERSION" + +while [ $STATUS -ne 0 ]; do + mvn org.apache.maven.plugins:maven-dependency-plugin:3.0.1:get \ + -Dartifact=com.amazonaws:aws-encryption-sdk-java:$VERSION:jar -U + + STATUS=$? + if [ $STATUS -eq 0 ]; then + echo "Found version $VERSION in Maven Central :)" + break + fi + + if [ $((COUNTER+=1)) -eq 15 ]; then + echo "It has been an awfully long time, you should check Maven Central for issues" + exit 1 + fi + + echo "Could not find version $VERSION. Trying again." + sleep 60 +done From 5aa0cf1f7d0ae689f9ccc181a837fcabe8d51676 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 26 Oct 2021 22:46:43 -0700 Subject: [PATCH 02/11] chore: update gitignore --- .gitignore | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1da07539c..a6544fca6 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,11 @@ target/ .classpath /bin/ .idea/ -*.iml \ No newline at end of file +*.iml + +##semantic-release +package-lock.json +package.json +node_modules/ +pom.xml.versionsBackup + From f9b0bf7679f239e3580217172ceaf5fcb18dc8a2 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 26 Oct 2021 23:08:07 -0700 Subject: [PATCH 03/11] chore: change branch in versioning step --- codebuild/release/release-prod.yml | 1 - codebuild/release/version.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index b9bf32c6b..49b7b0927 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -36,4 +36,3 @@ phases: --no-transfer-progress \ -s $SETTINGS_FILE - ./look_4_version.sh $VERSION -g diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml index c1494f49b..028f4d6fb 100644 --- a/codebuild/release/version.yml +++ b/codebuild/release/version.yml @@ -6,7 +6,7 @@ version: 0.2 env: variables: NODE_OPTIONS: "--max-old-space-size=4096" - BRANCH: "master" + BRANCH: "mainline-1.x" git-credential-helper: "yes" phases: From 189fc396c10d086e13480ddacbe1a469489106bf Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 26 Oct 2021 23:10:52 -0700 Subject: [PATCH 04/11] chore: changes url --- .releaserc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.releaserc b/.releaserc index 216c517f5..eaff720af 100644 --- a/.releaserc +++ b/.releaserc @@ -60,5 +60,5 @@ "message": "AWS Encryption SDK ${nextRelease.version} Release \n\n${nextRelease.notes}" }], ], - "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java/tree/mainline-1.x", + "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java", } From 06682c8741907c3db780d07f630e36faf21d3185 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 09:49:47 -0700 Subject: [PATCH 05/11] chore: add ci and parameterize branch name --- codebuild/ci/ci.yml | 91 ++++++++++++++++++++++++++++++++ codebuild/ci/release-ci.yml | 64 ++++++++++++++++++++++ codebuild/ci/settings.xml | 25 +++++++++ codebuild/ci/static-analysis.yml | 13 +++++ codebuild/ci/validate-ci.yml | 40 ++++++++++++++ codebuild/ci/vectors-ci.yml | 11 ++++ codebuild/corretto11.yml | 9 ---- codebuild/corretto8.yml | 9 ---- codebuild/openjdk11.yml | 9 ---- codebuild/openjdk8.yml | 9 ---- codebuild/release/version.yml | 2 +- 11 files changed, 245 insertions(+), 37 deletions(-) create mode 100644 codebuild/ci/ci.yml create mode 100644 codebuild/ci/release-ci.yml create mode 100644 codebuild/ci/settings.xml create mode 100644 codebuild/ci/static-analysis.yml create mode 100644 codebuild/ci/validate-ci.yml create mode 100644 codebuild/ci/vectors-ci.yml delete mode 100644 codebuild/corretto11.yml delete mode 100644 codebuild/corretto8.yml delete mode 100644 codebuild/openjdk11.yml delete mode 100644 codebuild/openjdk8.yml diff --git a/codebuild/ci/ci.yml b/codebuild/ci/ci.yml new file mode 100644 index 000000000..0b024011a --- /dev/null +++ b/codebuild/ci/ci.yml @@ -0,0 +1,91 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +# TODO: Replace/Augment build-graph with build-matrix +# Note: It's possible that 9 builds will be running concurrently with the current arrangement + +batch: + fast-fail: false + build-graph: + - identifier: static_analysis + buildspec: codebuild/ci/static-analysis.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### Start Vector tests ######### + - identifier: vectors_ci_openjdk8 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: openjdk8 + image: aws/codebuild/standard:3.0 + - identifier: vectors_ci_openjdk11 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: openjdk11 + image: aws/codebuild/standard:3.0 + - identifier: vectors_ci_corretto8 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: corretto8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: vectors_ci_corretto11 + buildspec: codebuild/ci/vectors-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + variables: + JAVA_ENV_VERSION: corretto11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### End Vector tests ######### + - identifier: release_ci + buildspec: codebuild/ci/release-ci.yml + env: + compute-type: BUILD_GENERAL1_LARGE + image: aws/codebuild/standard:3.0 + ######### Start JAR Smoke tests ######### + - identifier: validate_ci_openjdk8 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + - identifier: validate_ci_openjdk11 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + - identifier: validate_ci_corretto8 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: validate_ci_corretto11 + depend-on: + - release_ci + buildspec: codebuild/ci/validate-ci.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + ######### End JAR Smoke tests ######### diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml new file mode 100644 index 000000000..2e41ffd91 --- /dev/null +++ b/codebuild/ci/release-ci.yml @@ -0,0 +1,64 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-esdk-ci + NAMESPACE: com.amazonaws + PACKAGE: aws-encryption-sdk-java + parameter-store: + ACCOUNT: /CodeBuild/AccountIdentity + secrets-manager: + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase + +phases: + install: + runtime-versions: + java: openjdk11 + pre_build: + commands: + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ + build: + commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" +# See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html + - echo "Setting version in POM to $VERSION_HASH" + - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress + - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p')" + - | + mvn deploy \ + -PpublishingCodeArtifact \ + -Dmaven.test.skip=true \ + -DperformRelease \ + -Dgpg.homedir="$HOME/mvn_gpg" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 8 \ + -s $SETTINGS_FILE + finally: + - | + if expr ${CODEBUILD_BUILD_SUCCEEDING} != 1; then + echo "An error occured while building and uploading $REPOSITORY." + echo "Did a previous build already upload $VERSION_HASH to $REPOSITORY?" + echo "Try deleting $VERSION_HASH from $REPOSITORY and restart" + echo "Delete Package Version Command \n + aws codeartifact delete-package-versions --domain $DOMAIN \ + --repository $REPOSITORY \ + --format maven \ + --namespace $NAMESPACE \ + --package $PACKAGE \ + --versions $VERSION_HASH \ + --region $REGION"; + fi diff --git a/codebuild/ci/settings.xml b/codebuild/ci/settings.xml new file mode 100644 index 000000000..ee4922938 --- /dev/null +++ b/codebuild/ci/settings.xml @@ -0,0 +1,25 @@ + + + + codeartifact + aws + ${codeartifact.token} + + + + + + codeartifact + + + codeartifact + codeartifact + ${codeartifact.url} + + + + + diff --git a/codebuild/ci/static-analysis.yml b/codebuild/ci/static-analysis.yml new file mode 100644 index 000000000..9fe37ad4c --- /dev/null +++ b/codebuild/ci/static-analysis.yml @@ -0,0 +1,13 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +phases: + install: + runtime-versions: + nodejs: 12 + java: corretto11 + build: + commands: + - mvn -T 4 -ntp com.coveo:fmt-maven-plugin:check + - ./util/test-conditions.sh diff --git a/codebuild/ci/validate-ci.yml b/codebuild/ci/validate-ci.yml new file mode 100644 index 000000000..228783194 --- /dev/null +++ b/codebuild/ci/validate-ci.yml @@ -0,0 +1,40 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-esdk-ci + parameter-store: + ACCOUNT: /CodeBuild/AccountId + +phases: + install: + commands: + - pip install awscli + runtime-versions: + java: $JAVA_ENV_VERSION + pre_build: + commands: + - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" + - export SETTINGS_FILE=$(pwd)/codebuild/ci/settings.xml + - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git + - cd busy-engineers-document-bucket/exercises/java/encryption-context-complete + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + build: + commands: + - | + mvn verify \ + -Pcodeartifact \ + -Dcheckstyle.skip \ + -Desdk.version=$VERSION_HASH \ + -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \ + --no-transfer-progress \ + -T 4 \ + -s $SETTINGS_FILE diff --git a/codebuild/ci/vectors-ci.yml b/codebuild/ci/vectors-ci.yml new file mode 100644 index 000000000..26f042745 --- /dev/null +++ b/codebuild/ci/vectors-ci.yml @@ -0,0 +1,11 @@ +## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +## SPDX-License-Identifier: Apache-2.0 +version: 0.2 + +phases: + install: + runtime-versions: + java: $JAVA_ENV_VERSION + build: + commands: + - mvn install -T 8 -Dgpg.skip=true -ntp "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.3.0.zip" diff --git a/codebuild/corretto11.yml b/codebuild/corretto11.yml deleted file mode 100644 index e065929cf..000000000 --- a/codebuild/corretto11.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: corretto11 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/corretto8.yml b/codebuild/corretto8.yml deleted file mode 100644 index 71e236f59..000000000 --- a/codebuild/corretto8.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: corretto8 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/openjdk11.yml b/codebuild/openjdk11.yml deleted file mode 100644 index 208f52a28..000000000 --- a/codebuild/openjdk11.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: openjdk11 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/openjdk8.yml b/codebuild/openjdk8.yml deleted file mode 100644 index e80b43dd5..000000000 --- a/codebuild/openjdk8.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - java: openjdk8 - build: - commands: - - mvn install -Dgpg.skip=true "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml index 028f4d6fb..79b1bab41 100644 --- a/codebuild/release/version.yml +++ b/codebuild/release/version.yml @@ -26,5 +26,5 @@ phases: - git checkout $BRANCH build: commands: - - npx semantic-release --branches mainline-1.x --no-ci + - npx semantic-release --branches $BRANCH --no-ci From d9c56df34d3a74abacac063420d0b07e08378443 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 09:54:15 -0700 Subject: [PATCH 06/11] chore: add test conditions script --- util/test-conditions.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 util/test-conditions.sh diff --git a/util/test-conditions.sh b/util/test-conditions.sh new file mode 100644 index 000000000..f1d2a260b --- /dev/null +++ b/util/test-conditions.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +./aws-encryption-sdk-specification/util/test_conditions \ + -s '-r src/main/ --include *.java' \ + -t '-r src/test/ --include *.java' \ + -s 'compliance_exceptions/*.java' From ef53ffe8310eaad761bfe2985b14d9d39d3b3136 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 11:08:09 -0700 Subject: [PATCH 07/11] chore: add correct test vector file --- codebuild/ci/vectors-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/ci/vectors-ci.yml b/codebuild/ci/vectors-ci.yml index 26f042745..55be3e29b 100644 --- a/codebuild/ci/vectors-ci.yml +++ b/codebuild/ci/vectors-ci.yml @@ -8,4 +8,4 @@ phases: java: $JAVA_ENV_VERSION build: commands: - - mvn install -T 8 -Dgpg.skip=true -ntp "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.3.0.zip" + - mvn install -T 8 -Dgpg.skip=true -ntp "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.2.0.zip" From a341caa50cec70c791b475a172fc5c1273ed4d28 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 12:39:07 -0700 Subject: [PATCH 08/11] chore: add format plugin to pom --- pom.xml | 10 ++++++++ .../jce/KeyStoreProviderTest.java | 23 ++++++++----------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/pom.xml b/pom.xml index 5ccb449df..3d6360524 100644 --- a/pom.xml +++ b/pom.xml @@ -138,6 +138,16 @@ + + + com.coveo + fmt-maven-plugin + 2.10 + + + + + diff --git a/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java b/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java index ddc648915..40875aa9a 100644 --- a/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java +++ b/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java @@ -18,6 +18,12 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; +import com.amazonaws.encryptionsdk.AwsCrypto; +import com.amazonaws.encryptionsdk.CryptoResult; +import com.amazonaws.encryptionsdk.MasterKeyProvider; +import com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException; +import com.amazonaws.encryptionsdk.CommitmentPolicy; +import com.amazonaws.encryptionsdk.multi.MultipleProviderFactory; import java.io.IOException; import java.math.BigInteger; import java.security.GeneralSecurityException; @@ -32,22 +38,9 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.Date; - import javax.crypto.spec.SecretKeySpec; - import org.junit.Before; import org.junit.Test; - -import com.amazonaws.encryptionsdk.AwsCrypto; -import com.amazonaws.encryptionsdk.CryptoResult; -import com.amazonaws.encryptionsdk.MasterKeyProvider; -import com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException; -import com.amazonaws.encryptionsdk.CommitmentPolicy; -import com.amazonaws.encryptionsdk.multi.MultipleProviderFactory; - -/* These internal sun classes are included solely for test purposes as - this test cannot use BouncyCastle cert generation, as there are incompatibilities - between how standard BC and FIPS BC perform cert generation. */ import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateAlgorithmId; import sun.security.x509.CertificateSerialNumber; @@ -57,6 +50,10 @@ import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; +/* These internal sun classes are included solely for test purposes as + this test cannot use BouncyCastle cert generation, as there are incompatibilities + between how standard BC and FIPS BC perform cert generation. */ + public class KeyStoreProviderTest { private static final SecureRandom RND = new SecureRandom(); private static final KeyPairGenerator KG; From 537ff331437cf36accf6cef2f6f560085861e07b Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 13:54:15 -0700 Subject: [PATCH 09/11] chore: turn off static analysis --- codebuild/ci/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/codebuild/ci/ci.yml b/codebuild/ci/ci.yml index 0b024011a..ff2536f69 100644 --- a/codebuild/ci/ci.yml +++ b/codebuild/ci/ci.yml @@ -8,11 +8,11 @@ version: 0.2 batch: fast-fail: false build-graph: - - identifier: static_analysis - buildspec: codebuild/ci/static-analysis.yml - env: - compute-type: BUILD_GENERAL1_MEDIUM - image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + #- identifier: static_analysis + # buildspec: codebuild/ci/static-analysis.yml + # env: + # compute-type: BUILD_GENERAL1_MEDIUM + # image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 ######### Start Vector tests ######### - identifier: vectors_ci_openjdk8 buildspec: codebuild/ci/vectors-ci.yml From 4b7df264df09879ee2977fbc69e6af750e1ee228 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 14:25:37 -0700 Subject: [PATCH 10/11] chore: specifying branch name in specs --- codebuild/ci/release-ci.yml | 2 ++ codebuild/ci/validate-ci.yml | 2 ++ codebuild/release/release-prod.yml | 3 +++ codebuild/release/release-staging.yml | 2 ++ codebuild/release/upload_artifacts.yml | 4 ++-- 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml index 2e41ffd91..88ac92ea9 100644 --- a/codebuild/ci/release-ci.yml +++ b/codebuild/ci/release-ci.yml @@ -9,6 +9,7 @@ env: REPOSITORY: java-esdk-ci NAMESPACE: com.amazonaws PACKAGE: aws-encryption-sdk-java + BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountIdentity secrets-manager: @@ -21,6 +22,7 @@ phases: java: openjdk11 pre_build: commands: + - git checkout $BRANCH - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} diff --git a/codebuild/ci/validate-ci.yml b/codebuild/ci/validate-ci.yml index 228783194..6a0e29310 100644 --- a/codebuild/ci/validate-ci.yml +++ b/codebuild/ci/validate-ci.yml @@ -7,6 +7,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-ci + BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountId @@ -18,6 +19,7 @@ phases: java: $JAVA_ENV_VERSION pre_build: commands: + - git checkout $BRANCH - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" - export SETTINGS_FILE=$(pwd)/codebuild/ci/settings.xml - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 49b7b0927..43697106c 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -4,6 +4,8 @@ version: 0.2 env: + variables: + BRANCH: "mainline-1.x" secrets-manager: GPG_KEY: Maven-GPG-Keys-Credentials:Keyname GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase @@ -16,6 +18,7 @@ phases: java: openjdk11 pre_build: commands: + - git checkout $BRANCH - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_pg.tgz diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index f6a00238b..08951c3f5 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -8,6 +8,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging + BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -20,6 +21,7 @@ phases: java: corretto11 pre_build: commands: + - git checkout $BRANCH - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml index 8122e09e8..ce3261bbf 100644 --- a/codebuild/release/upload_artifacts.yml +++ b/codebuild/release/upload_artifacts.yml @@ -5,7 +5,7 @@ version: 0.2 env: variables: - BRANCH: "master" + BRANCH: "mainline-1.x" git-credential-helper: yes secrets-manager: GH_TOKEN: Github/aws-crypto-tools-ci-bot:personal\ access\ token @@ -13,6 +13,7 @@ env: phases: pre_build: commands: + - git checkout $BRANCH # get new project version - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') # install gh cli in order to upload artifacts @@ -20,7 +21,6 @@ phases: - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null - apt update - apt install gh - - git checkout $BRANCH build: commands: - gh version From 254bf2f4ae9d1160ee7606c9fdbab78be65033d1 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 27 Oct 2021 14:47:30 -0700 Subject: [PATCH 11/11] chore: ci does not need to change branches --- codebuild/ci/release-ci.yml | 2 -- codebuild/ci/validate-ci.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml index 88ac92ea9..2e41ffd91 100644 --- a/codebuild/ci/release-ci.yml +++ b/codebuild/ci/release-ci.yml @@ -9,7 +9,6 @@ env: REPOSITORY: java-esdk-ci NAMESPACE: com.amazonaws PACKAGE: aws-encryption-sdk-java - BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountIdentity secrets-manager: @@ -22,7 +21,6 @@ phases: java: openjdk11 pre_build: commands: - - git checkout $BRANCH - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} diff --git a/codebuild/ci/validate-ci.yml b/codebuild/ci/validate-ci.yml index 6a0e29310..228783194 100644 --- a/codebuild/ci/validate-ci.yml +++ b/codebuild/ci/validate-ci.yml @@ -7,7 +7,6 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-ci - BRANCH: "mainline-1.x" parameter-store: ACCOUNT: /CodeBuild/AccountId @@ -19,7 +18,6 @@ phases: java: $JAVA_ENV_VERSION pre_build: commands: - - git checkout $BRANCH - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION" - export SETTINGS_FILE=$(pwd)/codebuild/ci/settings.xml - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git