From 05466a476804a78aa9ef66ab3d246bd5a6674079 Mon Sep 17 00:00:00 2001
From: Darwin Chowdary <darchow@amazon.com>
Date: Wed, 6 Dec 2023 11:30:03 -0800
Subject: [PATCH 1/3] chore: update release role to fetch git submodules

---
 cfn/ci_cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cfn/ci_cd.yml b/cfn/ci_cd.yml
index abef2108..bee48fc6 100644
--- a/cfn/ci_cd.yml
+++ b/cfn/ci_cd.yml
@@ -91,7 +91,7 @@ Resources:
         ## If this value is 0, greater than 25, or not provided then the full history is downloaded with each build project.
         GitCloneDepth: 0
         GitSubmodulesConfig:
-          FetchSubmodules: false
+          FetchSubmodules: true
         InsecureSsl: false
         ReportBuildStatus: false
         Type: GITHUB

From ca70b9a9202d57ea134e6f54609abf0b9dbaeccc Mon Sep 17 00:00:00 2001
From: Darwin Chowdary <darchow@amazon.com>
Date: Wed, 6 Dec 2023 12:21:18 -0800
Subject: [PATCH 2/3] chore: update release process

---
 codebuild/ci/release-ci.yml           | 10 ++++++++--
 codebuild/release/release-prod.yml    |  7 +++++++
 codebuild/release/release-staging.yml |  8 ++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml
index d6b89a23..0b4fd35b 100644
--- a/codebuild/ci/release-ci.yml
+++ b/codebuild/ci/release-ci.yml
@@ -58,7 +58,13 @@ phases:
           --package $PACKAGE \
           --versions $VERSION_HASH \
           --region $REGION;
-
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
       # See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
       - echo "Setting version in POM to $VERSION_HASH"
       - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress
@@ -66,7 +72,7 @@ phases:
       - |
         mvn deploy \
           -PpublishingCodeArtifact \
-          -Dmaven.test.skip=true \
+          -Pfast-tests-only \
           -DperformRelease \
           -Dgpg.homedir="$HOME/mvn_gpg" \
           -DautoReleaseAfterClose=true \
diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml
index 05c98ce9..0989e64f 100644
--- a/codebuild/release/release-prod.yml
+++ b/codebuild/release/release-prod.yml
@@ -43,6 +43,13 @@ phases:
       - cd $CODEBUILD_SRC_DIR
   build:
     commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
       - |
         mvn deploy \
           -Ppublishing \
diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml
index c53cf1b6..f2246a2e 100644
--- a/codebuild/release/release-staging.yml
+++ b/codebuild/release/release-staging.yml
@@ -46,6 +46,14 @@ phases:
       - cd $CODEBUILD_SRC_DIR
   build:
     commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
+
       - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION"
 #      See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
       - echo "Setting version in POM to $VERSION_HASH"

From b6a173cd94a25bd33a15dace667360f4c81768c1 Mon Sep 17 00:00:00 2001
From: Darwin Chowdary <darchow@amazon.com>
Date: Wed, 6 Dec 2023 12:54:09 -0800
Subject: [PATCH 3/3] chore: update instruction coverage ratio

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 01d41440..f829299e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -239,7 +239,7 @@
                                         <limit>
                                             <counter>INSTRUCTION</counter>
                                             <value>COVEREDRATIO</value>
-                                            <minimum>0.88</minimum>
+                                            <minimum>0.87</minimum>
                                         </limit>
                                         <limit>
                                             <counter>BRANCH</counter>