From 4cc26d7b6fd0c3aeef8e44733b17f06600455219 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Thu, 25 Mar 2021 11:30:39 -0600
Subject: [PATCH 1/4] chore: Add validation to test release codebuild spec

Now the test release validation does the same checks as the prod release
(running the sample application against the new version). To support this
I've also refactored out the validation steps into a dedicated spec so both
the prod and test specs can depend on it.
---
 codebuild/release/prod-release.yml | 30 +++++++++++++++++++++---------
 codebuild/release/test-release.yml | 26 ++++++++++++++++++++++----
 codebuild/release/validate.yml     | 16 ++++++++++++++++
 3 files changed, 59 insertions(+), 13 deletions(-)
 create mode 100644 codebuild/release/validate.yml

diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 63db04621..8cd906909 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -9,21 +9,33 @@ env:
 
 phases:
   install:
+    commands:
+      - pip install tox
+      - pip install --upgrade pip
     runtime-versions:
       python: latest
-  build:
+  pre_build:
     commands:
-      - pip install tox
       - git checkout $BRANCH
+      - CURRENT_COMMIT=$(git rev-parse --short HEAD)
+      - |
+        if expr "${CURRENT_COMMIT}" != ${COMMIT_ID}; then
+          echo "HEAD of repository commit (${CURRENT_COMMIT}) did not match expected commit (${COMMIT_ID}), stopping"
+          exit 1;
+        fi
+  build:
+    commands:
       - tox -e park
       - tox -e release
-      - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git
-      - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete
-      - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt
-      - tox -e test
-
 
 batch:
-  fast-fail: false
-  build-list:
+  fast-fail: true 
+  build-graph:
     - identifier: prod_release
+    - identifier: validate_release
+      depend-on:
+        - prod_release
+      buildspec: codebuild/release/validate.yml
+      env:
+        variables:
+          PIP_INDEX_URL: https://pypi.python.org/simple/
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
index 8189050b2..f1653b939 100644
--- a/codebuild/release/test-release.yml
+++ b/codebuild/release/test-release.yml
@@ -9,17 +9,35 @@ env:
 
 phases:
   install:
+    commands:
+      - pip install tox
+      - pip install --upgrade pip
     runtime-versions:
       python: latest
-  build:
+  pre_build:
     commands:
-      - pip install tox
       - git checkout $BRANCH
+      - CURRENT_COMMIT=$(git rev-parse --short HEAD)
+      - |
+        if expr "${CURRENT_COMMIT}" != ${COMMIT_ID}; then
+          echo "HEAD of repository commit (${CURRENT_COMMIT}) did not match expected commit (${COMMIT_ID}), stopping"
+          exit 1;
+        fi
+  build:
+    commands:
       - tox -e park
       - tox -e test-release
 
 
 batch:
-  fast-fail: false
-  build-list:
+  fast-fail: true
+  build-graph:
     - identifier: test_release
+    - identifier: validate_test_release
+      depend-on:
+        - test_release
+      buildspec: codebuild/release/validate.yml
+      env:
+        variables:
+          PIP_INDEX_URL: https://test.pypi.org/simple/
+          PIP_EXTRA_INDEX_URL: https://pypi.python.org/simple/
diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml
new file mode 100644
index 000000000..1f65c0631
--- /dev/null
+++ b/codebuild/release/validate.yml
@@ -0,0 +1,16 @@
+version: 0.2
+
+phases:
+  install:
+    commands:
+      - pip install tox
+    runtime-versions:
+      python: latest
+  pre_build:
+    commands:
+      - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git
+      - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete
+      - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt
+  build:
+    commands:
+      - tox -e test

From 5021ea489551aeba366a1de2c69775bcae4441c2 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Thu, 25 Mar 2021 15:31:08 -0600
Subject: [PATCH 2/4] Validate the source code has the expected version

---
 codebuild/release/prod-release.yml | 8 ++++----
 codebuild/release/test-release.yml | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 8cd906909..78da548f3 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -16,11 +16,11 @@ phases:
       python: latest
   pre_build:
     commands:
-      - git checkout $BRANCH
-      - CURRENT_COMMIT=$(git rev-parse --short HEAD)
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py)
       - |
-        if expr "${CURRENT_COMMIT}" != ${COMMIT_ID}; then
-          echo "HEAD of repository commit (${CURRENT_COMMIT}) did not match expected commit (${COMMIT_ID}), stopping"
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "identifiers.py does not contain expected version string ${VERSION}, stopping"
           exit 1;
         fi
   build:
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
index f1653b939..3f3d4cdef 100644
--- a/codebuild/release/test-release.yml
+++ b/codebuild/release/test-release.yml
@@ -16,11 +16,11 @@ phases:
       python: latest
   pre_build:
     commands:
-      - git checkout $BRANCH
-      - CURRENT_COMMIT=$(git rev-parse --short HEAD)
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py)
       - |
-        if expr "${CURRENT_COMMIT}" != ${COMMIT_ID}; then
-          echo "HEAD of repository commit (${CURRENT_COMMIT}) did not match expected commit (${COMMIT_ID}), stopping"
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "identifiers.py does not contain expected version string ${VERSION}, stopping"
           exit 1;
         fi
   build:

From 39fc2f40abbe9b486ca87401cb6cd4ab87de8743 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Fri, 26 Mar 2021 13:13:17 -0600
Subject: [PATCH 3/4] More clear identifiers of steps

---
 codebuild/release/prod-release.yml | 6 +++---
 codebuild/release/test-release.yml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 78da548f3..83d8037eb 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -20,7 +20,7 @@ phases:
       - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py)
       - |
         if expr ${FOUND_VERSION} != ${VERSION}; then
-          echo "identifiers.py does not contain expected version string ${VERSION}, stopping"
+          echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
           exit 1;
         fi
   build:
@@ -31,8 +31,8 @@ phases:
 batch:
   fast-fail: true 
   build-graph:
-    - identifier: prod_release
-    - identifier: validate_release
+    - identifier: release_to_prod
+    - identifier: validate_prod_release
       depend-on:
         - prod_release
       buildspec: codebuild/release/validate.yml
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
index 3f3d4cdef..38abd35b7 100644
--- a/codebuild/release/test-release.yml
+++ b/codebuild/release/test-release.yml
@@ -20,7 +20,7 @@ phases:
       - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py)
       - |
         if expr ${FOUND_VERSION} != ${VERSION}; then
-          echo "identifiers.py does not contain expected version string ${VERSION}, stopping"
+          echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
           exit 1;
         fi
   build:
@@ -32,8 +32,8 @@ phases:
 batch:
   fast-fail: true
   build-graph:
-    - identifier: test_release
-    - identifier: validate_test_release
+    - identifier: release_to_staging
+    - identifier: validate_staging_release
       depend-on:
         - test_release
       buildspec: codebuild/release/validate.yml

From bfeaf99570a69f1579a766360abda42c8752a47a Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Fri, 26 Mar 2021 13:33:40 -0600
Subject: [PATCH 4/4] Update depends-on

---
 codebuild/release/prod-release.yml | 2 +-
 codebuild/release/test-release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 83d8037eb..aa985e361 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -34,7 +34,7 @@ batch:
     - identifier: release_to_prod
     - identifier: validate_prod_release
       depend-on:
-        - prod_release
+        - release_to_prod
       buildspec: codebuild/release/validate.yml
       env:
         variables:
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
index 38abd35b7..6c0ce85c9 100644
--- a/codebuild/release/test-release.yml
+++ b/codebuild/release/test-release.yml
@@ -35,7 +35,7 @@ batch:
     - identifier: release_to_staging
     - identifier: validate_staging_release
       depend-on:
-        - test_release
+        - release_to_staging
       buildspec: codebuild/release/validate.yml
       env:
         variables: