From da79f756cb957999d649db98a8808fbd01a9e83c Mon Sep 17 00:00:00 2001
From: Jose Corella <jocorell@amazon.com>
Date: Fri, 22 Oct 2021 13:26:53 -0700
Subject: [PATCH 1/4] chore: add upload artifact build

---
 codebuild/release/release.yml          | 11 ++++++++++-
 codebuild/release/upload_artifacts.yml | 23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 codebuild/release/upload_artifacts.yml

diff --git a/codebuild/release/release.yml b/codebuild/release/release.yml
index 768a63cf8..47645d182 100644
--- a/codebuild/release/release.yml
+++ b/codebuild/release/release.yml
@@ -111,12 +111,21 @@ batch:
         JAVA_NUMERIC_VERSION: 11
       image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
 
-  - identifier: update_javadoc
+# Upload Artifacts
+  - identifier: upload_artifacts
     depend-on:
       - validate_prod_release_openjdk8
       - validate_prod_release_openjdk11
       - validate_prod_release_corretto8
       - validate_prod_release_corretto11
+    buildspec: codebuild/release/upload_artifacts.yml
+    env:
+      image: aws/codebuild/standard:5.0
+
+# Generate and update new javadocs
+  - identifier: update_javadoc
+    depend-on:
+      - upload_artifacts
     buildspec: codebuild/release/javadoc.yml
     env:
       variables:
diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml
new file mode 100644
index 000000000..4de7888ad
--- /dev/null
+++ b/codebuild/release/upload_artifacts.yml
@@ -0,0 +1,23 @@
+## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+## SPDX-License-Identifier: Apache-2.0
+
+version: 0.2
+
+env:
+  variables:
+    BRANCH: "master"
+  git-credential-helper: yes
+
+phases:
+  pre_build:
+    commands:
+      - curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
+      - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+      - apt update
+      - apt install gh
+      - git config --global user.name "aws-crypto-tools-ci-bot"
+      - git config --global user.email "no-reply@noemail.local"
+      - git checkout $BRANCH
+  build:
+    commands:
+      - gh version

From a852aa06b2a4aff332be0828cdf5f8f7f51d8edf Mon Sep 17 00:00:00 2001
From: Jose Corella <jocorell@amazon.com>
Date: Fri, 22 Oct 2021 14:23:00 -0700
Subject: [PATCH 2/4] chore: add secrets manager in order to access token

---
 codebuild/release/release.yml          |  2 ++
 codebuild/release/upload_artifacts.yml | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/codebuild/release/release.yml b/codebuild/release/release.yml
index 47645d182..4044673b6 100644
--- a/codebuild/release/release.yml
+++ b/codebuild/release/release.yml
@@ -120,6 +120,8 @@ batch:
       - validate_prod_release_corretto11
     buildspec: codebuild/release/upload_artifacts.yml
     env:
+      # Changing to standard:5.0 because we are able to install gh cli on ubuntu but
+      # not on AmazonLinux
       image: aws/codebuild/standard:5.0
 
 # Generate and update new javadocs
diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml
index 4de7888ad..49b39e6e0 100644
--- a/codebuild/release/upload_artifacts.yml
+++ b/codebuild/release/upload_artifacts.yml
@@ -7,17 +7,38 @@ env:
   variables:
     BRANCH: "master"
   git-credential-helper: yes
+  secrets-manager:
+    GH_TOKEN: Github/aws-crypto-tools-ci-bot:personal\ access\ token
 
 phases:
   pre_build:
     commands:
+        # get new project version
+      - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
+        # install gh cli in order to upload artifacts
       - curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
       - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
       - apt update
       - apt install gh
+        # add bot's creds
       - git config --global user.name "aws-crypto-tools-ci-bot"
       - git config --global user.email "no-reply@noemail.local"
       - git checkout $BRANCH
   build:
     commands:
       - gh version
+      - gh auth login --with-token < GH_TOKEN
+      - |
+        mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
+          -DrepoUrl=https://aws.oss.sonatype.org \
+          -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar
+      - |
+        mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
+          -DrepoUrl=https://aws.oss.sonatype.org \
+          -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:sources
+      - |
+        mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
+          -DrepoUrl=https://aws.oss.sonatype.org \
+          -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc
+      - ls ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar
+      - gh release upload v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar

From f1e4c25885fca93928bd445abdd84e43277906f6 Mon Sep 17 00:00:00 2001
From: Jose Corella <jocorell@amazon.com>
Date: Fri, 22 Oct 2021 14:31:00 -0700
Subject: [PATCH 3/4] chore: evaluate env var

---
 codebuild/release/upload_artifacts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml
index 49b39e6e0..f8fcf140e 100644
--- a/codebuild/release/upload_artifacts.yml
+++ b/codebuild/release/upload_artifacts.yml
@@ -27,7 +27,7 @@ phases:
   build:
     commands:
       - gh version
-      - gh auth login --with-token < GH_TOKEN
+      - gh auth login --with-token < $GH_TOKEN
       - |
         mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
           -DrepoUrl=https://aws.oss.sonatype.org \

From 3426a555e999e3e19ec1a0186a59a9c2ede4f147 Mon Sep 17 00:00:00 2001
From: Jose Corella <jocorell@amazon.com>
Date: Mon, 25 Oct 2021 15:44:25 -0700
Subject: [PATCH 4/4] chore: remove test commits

---
 codebuild/release/upload_artifacts.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml
index f8fcf140e..8122e09e8 100644
--- a/codebuild/release/upload_artifacts.yml
+++ b/codebuild/release/upload_artifacts.yml
@@ -20,9 +20,6 @@ phases:
       - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
       - apt update
       - apt install gh
-        # add bot's creds
-      - git config --global user.name "aws-crypto-tools-ci-bot"
-      - git config --global user.email "no-reply@noemail.local"
       - git checkout $BRANCH
   build:
     commands:
@@ -40,5 +37,4 @@ phases:
         mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
           -DrepoUrl=https://aws.oss.sonatype.org \
           -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc
-      - ls ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar
       - gh release upload v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar