Skip to content

chore: Add initial codebuild specs for automating release #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 6, 2021
Merged

chore: Add initial codebuild specs for automating release #243

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions codebuild/release/release-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
version: 0.2

env:
secrets-manager:
SONA_USERNAME: Sonatype-Team-Account:Username
SONA_PASS: Sonatype-Team-Account:Password
Comment on lines +5 to +6
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These aren't actually used since the release steps themselves are no-ops, correct? I'm fine with leaving these here for now but worth a comment.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, I've left them in with the expectation that we'll shortly be making use of them.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, and I haven't found a good way to add comments in codebuild specs :(

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Darn. I can live without them.


phases:
install:
runtime-versions:
java: openjdk8
pre_build:
commands:
- git checkout $COMMIT_ID
- FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
- |
if expr ${FOUND_VERSION} != ${VERSION}; then
echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
exit 1;
fi
build:
commands:
- echo "Doing nothing, release step is currently a no-op"


batch:
fast-fail: false
build-graph:
- identifier: release_to_prod
- identifier: validate_prod_release_openjdk8
depend-on:
- release_to_prod
buildspec: codebuild/release/validate-prod.yml
env:
variables:
JAVA_ENV_VERSION: openjdk8
JAVA_NUMERIC_VERSION: 8
image: aws/codebuild/standard:3.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.0 is deprecated now: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html Does 4.0 work?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interestingly, it does not, because 3.0 is the only one that supports openjdk: https://docs.aws.amazon.com/codebuild/latest/userguide/available-runtimes.html

Given that 3.0 is deprecated, we'll need to think about what our long term support plan is for openjdk.

- identifier: validate_prod_release_openjdk11
depend-on:
- release_to_prod
buildspec: codebuild/release/validate-prod.yml
env:
variables:
JAVA_ENV_VERSION: openjdk11
JAVA_NUMERIC_VERSION: 11
image: aws/codebuild/standard:3.0
- identifier: validate_prod_release_corretto8
depend-on:
- release_to_prod
buildspec: codebuild/release/validate-prod.yml
env:
variables:
JAVA_ENV_VERSION: corretto8
JAVA_NUMERIC_VERSION: 8
image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
- identifier: validate_prod_release_corretto11
depend-on:
- release_to_prod
buildspec: codebuild/release/validate-prod.yml
env:
variables:
JAVA_ENV_VERSION: corretto11
JAVA_NUMERIC_VERSION: 11
image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
65 changes: 65 additions & 0 deletions codebuild/release/release-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
version: 0.2

env:
secrets-manager:
SONA_USERNAME: Sonatype-Team-Account:Username
SONA_PASS: Sonatype-Team-Account:Password

phases:
install:
runtime-versions:
java: openjdk8
pre_build:
commands:
- git checkout $COMMIT_ID
- FOUND_VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
- |
if expr ${FOUND_VERSION} != ${VERSION}; then
echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
exit 1;
fi
build:
commands:
- echo "Doing nothing, release step is currently a no-op"


batch:
fast-fail: false
build-graph:
- identifier: release_to_staging
- identifier: validate_staging_release_openjdk8
depend-on:
- release_to_staging
buildspec: codebuild/release/validate-staging.yml
env:
variables:
JAVA_ENV_VERSION: openjdk8
JAVA_NUMERIC_VERSION: 8
image: aws/codebuild/standard:3.0
- identifier: validate_staging_release_openjdk11
depend-on:
- release_to_staging
buildspec: codebuild/release/validate-staging.yml
env:
variables:
JAVA_ENV_VERSION: openjdk11
JAVA_NUMERIC_VERSION: 11
image: aws/codebuild/standard:3.0
- identifier: validate_staging_release_corretto8
depend-on:
- release_to_staging
buildspec: codebuild/release/validate-staging.yml
env:
variables:
JAVA_ENV_VERSION: corretto8
JAVA_NUMERIC_VERSION: 8
image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
- identifier: validate_staging_release_corretto11
depend-on:
- release_to_staging
buildspec: codebuild/release/validate-staging.yml
env:
variables:
JAVA_ENV_VERSION: corretto11
JAVA_NUMERIC_VERSION: 11
image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
26 changes: 26 additions & 0 deletions codebuild/release/settings.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>codeartifact</id>
<username>aws</username>
<password>${codeartifact.token}</password>
</server>
</servers>

<profiles>
<profile>
<id>codeartifact</id>
<repositories>
<repository>
<id>codeartifact</id>
<name>codeartifact</name>
<url>${codeartifact.url}</url> <!-- passed via command line to avoid hardcoding it here -->
</repository>
</repositories>
</profile>
</profiles>

</settings>
18 changes: 18 additions & 0 deletions codebuild/release/validate-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: 0.2

phases:
install:
runtime-versions:
java: $JAVA_ENV_VERSION
pre_build:
commands:
- git clone https://github.com/aws-samples/busy-engineers-document-bucket.git
- cd busy-engineers-document-bucket/exercises/java/encryption-context-complete
build:
commands:
- |
mvn verify \
-Dcheckstyle.skip \
-Desdk.version=$VERSION \
-Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \
-Dmaven.compiler.source=$JAVA_NUMERIC_VERSION
Comment on lines +17 to +18
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these two properties necessary? Given you're running on either 8 or 11 based on the runtime version config, wouldn't it better represent the common customer experience to stick to the default?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They actually are necessary, because the pom currently defaults these to 11. So if you're running in the Java 8 environment but this project is trying to compile to Java 11, it gets unhappy.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah okay, it's another consequence of using a single consumer to test both version then.

36 changes: 36 additions & 0 deletions codebuild/release/validate-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
version: 0.2

env:
variables:
REGION: us-east-1
DOMAIN: crypto-tools-internal
REPOSITORY: java-esdk-staging
parameter-store:
ACCOUNT: /CodeBuild/AccountId

phases:
install:
commands:
- pip install awscli
runtime-versions:
java: $JAVA_ENV_VERSION
pre_build:
commands:
- export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
- git clone https://github.com/aws-samples/busy-engineers-document-bucket.git
- cd busy-engineers-document-bucket/exercises/java/encryption-context-complete
- export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
- export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
build:
commands:
- |
mvn verify \
-Pcodeartifact \
-Dcheckstyle.skip \
-Desdk.version=$VERSION \
-Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \
-Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \
-Dcodeartifact.token=$CODEARTIFACT_TOKEN \
-Dcodeartifact.url=$CODEARTIFACT_REPO_URL \
-s $SETTINGS_FILE