codebuild/release/release-prod.yml

## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
## SPDX-License-Identifier: Apache-2.0

version: 0.2

env:
  parameter-store:
    ACCOUNT: /CodeBuild/AccountId
  secrets-manager:
    GPG_KEY: Maven-GPG-Keys-Release-Credentials:Keyname
    GPG_PASS: Maven-GPG-Keys-Release-Credentials:Passphrase
    SONA_USERNAME: Sonatype-User-Token:username
    SONA_PASSWORD: Sonatype-User-Token:password

phases:
  install:
    runtime-versions:
      java: corretto8
    commands:
      - cd ..
      # Get Dafny
      - curl https://github.com/dafny-lang/dafny/releases/download/v4.9.0/dafny-4.9.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
      - unzip -qq dafny.zip && rm dafny.zip
      - export PATH="$PWD/dafny:$PATH"
      # Get Gradle 7.6
      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
      - unzip -qq gradle.zip && rm gradle.zip
      - export PATH="$PWD/gradle-7.6/bin:$PATH"
      - cd  aws-database-encryption-sdk-dynamodb/
  pre_build:
    commands:
      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-Release --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
      - tar -xvf ~/mvn_gpg.tgz -C ~
      # Create default location where GPG looks for creds and keys
      - mkdir /root/.gnupg
      # Add configuration options to GPG Agent
      - printf "use-agent\npinentry-mode loopback" >> ~/mvn_gpg/gpg.conf
      - printf "allow-loopback-pinentry" >> ~/mvn_gpg/gpg-agent.conf
      # Add keys to GPG default location where GPG agent will look
      - mv -v ~/mvn_gpg/* /root/.gnupg/
      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-DDBEC-Dafny-Role-us-west-2" --role-session-name "CB-TestVectorResources")
      - export TMP_ROLE
      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
      - aws sts get-caller-identity
  build:
    commands:
      - cd DynamoDbEncryption/
      # Build and deploy to maven local
      - make transpile_implementation_java
      - make transpile_test_java
      - make mvn_local_deploy
      - make test_java
      # run extensive tests
      - gradle -p runtimes/java clean
      - gradle -p runtimes/java test

      # Publish to Sonatype
      - gradle -p runtimes/java publishMavenPublicationToSonatypeRepository closeSonatypeStagingRepository
      - gradle -p runtimes/java findSonatypeStagingRepository releaseSonatypeStagingRepository