codebuild/ci/release-ci.yml

version: 0.2

env:
  variables:
    REGION: us-east-1
    DOMAIN: crypto-tools-internal
    REPOSITORY: java-esdk-ci
    NAMESPACE: com.amazonaws
    PACKAGE: aws-encryption-sdk-java
  parameter-store:
    ACCOUNT: /CodeBuild/AccountIdentity
  secrets-manager:
    GPG_KEY: Maven-GPG-Keys-CI-Credentials:Keyname
    GPG_PASS: Maven-GPG-Keys-CI-Credentials:Passphrase

phases:
  install:
    runtime-versions:
      java: openjdk11
    commands:
      - git submodule update --init submodules/MaterialProviders
      # Get Dafny
      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
      - unzip -qq dafny.zip && rm dafny.zip
      - export PATH="$PWD/dafny:$PATH"
      # Get Gradle 7.6
      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
      - unzip -qq gradle.zip && rm gradle.zip
      - export PATH="$PWD/gradle-7.6/bin:$PATH"
  pre_build:
    commands:
      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
      - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
      - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-CI --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
      - tar -xvf ~/mvn_gpg.tgz -C ~

      # Build and deploy to maven local
      - cd submodules/MaterialProviders
      - git checkout $BRANCH
      - cd TestVectorsAwsCryptographicMaterialProviders/
      # This works because `node` is installed by default on GHA runners
      - CORES=$(node -e 'console.log(os.cpus().length)')
      - make build_java CORES=$CORES
      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
      - cd $CODEBUILD_SRC_DIR

  build:
    commands:
      - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION-$GITHUB_EVENT_NAME"

      # Remove any old artifacts with the same commit ID. This allows CI to run more than once for the same commit
      - |
        aws codeartifact delete-package-versions --domain $DOMAIN \
          --repository $REPOSITORY \
          --format maven \
          --namespace $NAMESPACE \
          --package $PACKAGE \
          --versions $VERSION_HASH \
          --region $REGION;

      # See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
      - echo "Setting version in POM to $VERSION_HASH"
      - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress
      - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')"
      - |
        mvn deploy \
          -PpublishingCodeArtifact \
          -Dmaven.test.skip=true \
          -DperformRelease \
          -Dgpg.homedir="$HOME/mvn_gpg" \
          -DautoReleaseAfterClose=true \
          -Dgpg.keyname="$GPG_KEY" \
          -Dgpg.passphrase="$GPG_PASS" \
          -Dcodeartifact.token=$CODEARTIFACT_TOKEN \
          -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \
          --no-transfer-progress \
          -T 8 \
          -s $SETTINGS_FILE
    finally:
      - |
        if expr ${CODEBUILD_BUILD_SUCCEEDING} != 1; then
          echo "An error occured while building and uploading $REPOSITORY."
          echo "Check logs above for error details."
        fi