From 14a8b4b06c64fd4f43379356fa952772ffb34b43 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 11:09:05 -0700 Subject: [PATCH 01/24] chore: Add commands to actually release to staging --- codebuild/release/release-staging.yml | 28 +++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 5b37395fa..770af11a5 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -1,9 +1,17 @@ version: 0.2 env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-esdk-staging + JAVA_HOME: /usr/lib/jvm/default-java + MVN_GPG: ~/mvn_gpg + parameter-store: + ACCOUNT: /CodeBuild/AccountId secrets-manager: - SONA_USERNAME: Sonatype-Team-Account:Username - SONA_PASS: Sonatype-Team-Account:Password + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase phases: install: @@ -18,10 +26,22 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: - - echo "Doing nothing, release step is currently a no-op" - + - | + mvn deploy \ + -PpublishingCodeArtifact \ + -DperformRelease \ + -Dgpg.homedir="$MVN_GPG" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL batch: fast-fail: false From ab570ef3a0e228c4311f891b483de8824a6ce88f Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 11:46:27 -0700 Subject: [PATCH 02/24] JAVA_HOME needs to be a JDK, not a JRE --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 770af11a5..12fab7796 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,7 +5,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging - JAVA_HOME: /usr/lib/jvm/default-java + JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 MVN_GPG: ~/mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId From cae324905ba576cbb536a814ce5baa6436c4e36a Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 12:11:55 -0700 Subject: [PATCH 03/24] Fast tests only --- codebuild/release/release-staging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 12fab7796..4aa665558 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -35,6 +35,7 @@ phases: - | mvn deploy \ -PpublishingCodeArtifact \ + -Pfast-tests-only \ -DperformRelease \ -Dgpg.homedir="$MVN_GPG" \ -DautoReleaseAfterClose=true \ From 5d26b57cbdff5620042b3eb23056f6be03ac1dfa Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 12:23:10 -0700 Subject: [PATCH 04/24] Avoid relying on ~ expansion --- codebuild/release/release-staging.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 4aa665558..3b5597836 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -6,7 +6,7 @@ env: DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 - MVN_GPG: ~/mvn_gpg + MVN_GPG: mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -28,8 +28,8 @@ phases: fi - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz - - tar -xvf ~/mvn_gpg.tgz -C ~ + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz + - tar -xvf mvn_gpg.tgz build: commands: - | @@ -37,7 +37,7 @@ phases: -PpublishingCodeArtifact \ -Pfast-tests-only \ -DperformRelease \ - -Dgpg.homedir="$MVN_GPG" \ + -Dgpg.homedir="$CODEBUILD_SRC_DIR/$MVN_GPG" \ -DautoReleaseAfterClose=true \ -Dgpg.keyname="$GPG_KEY" \ -Dgpg.passphrase="$GPG_PASS" \ From 4ff3374687c9cf1784c2f86af41fd67320a4a656 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 14:19:39 -0700 Subject: [PATCH 05/24] Try explicit install of gpg --- codebuild/release/release-staging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 3b5597836..28246a12a 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -26,6 +26,7 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi + - sudo apt-get install gnupg - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 9583269ae08c9e7322513cf7fb4f86b11ab8d3af Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 14:25:36 -0700 Subject: [PATCH 06/24] No sudo --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 28246a12a..b48e80293 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -26,7 +26,7 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi - - sudo apt-get install gnupg + - apt-get install gnupg - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 56859a6aa990f1c45b670df4270de4a15e9329ff Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 19:19:17 -0700 Subject: [PATCH 07/24] Try without JAVA_HOME on 4.0 image --- codebuild/release/release-staging.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index b48e80293..33bc29ecc 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,7 +5,6 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging - JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 MVN_GPG: mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId From 7579a7cadd9d41926b4c1113ecb1f39c8fa570af Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sat, 8 May 2021 19:25:48 -0700 Subject: [PATCH 08/24] Fix runtime --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 33bc29ecc..e90e021fb 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -15,7 +15,7 @@ env: phases: install: runtime-versions: - java: openjdk8 + java: corretto11 pre_build: commands: - git checkout $COMMIT_ID From ed9278f38de97ff6b5fb19fee24530d91380e60b Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:16:52 -0700 Subject: [PATCH 09/24] Another attempt to fix gpg --- codebuild/release/release-staging.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index e90e021fb..1fc9e92d6 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -25,7 +25,8 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi - - apt-get install gnupg + - apt remove gpg + - apt install gnupg1 - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 4c3344ae40ffb51b7d5d2334e2b5e46a99a925a6 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:20:02 -0700 Subject: [PATCH 10/24] Yes! Yes! Yes! --- codebuild/release/release-staging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 1fc9e92d6..b5e5e2c35 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -25,8 +25,8 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi - - apt remove gpg - - apt install gnupg1 + - apt remove gpg -y + - apt install gnupg1 -y - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 3440f3de6c9b3cf3d14e1d438b8cd27d884de7fb Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:23:42 -0700 Subject: [PATCH 11/24] Maybe? --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index b5e5e2c35..f70b19684 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -26,7 +26,7 @@ phases: exit 1; fi - apt remove gpg -y - - apt install gnupg1 -y + - apt install gnupg -y - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 01096724a503b7fdb3d67016daa7d050592ce00b Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:28:48 -0700 Subject: [PATCH 12/24] Perhaps? --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index f70b19684..d3e2d53c9 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -26,7 +26,7 @@ phases: exit 1; fi - apt remove gpg -y - - apt install gnupg -y + - apt install gpg -y - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 26a8dd13648a983c7f267be11111e12ce6185500 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:38:29 -0700 Subject: [PATCH 13/24] Revert for now --- codebuild/release/release-staging.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index d3e2d53c9..70d37f9fd 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -25,8 +25,9 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi - - apt remove gpg -y - - apt install gpg -y + # - apt remove gpg -y + # - apt install gpg -y + - gpg --version - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 52c8a306378369aa511e403293bc074208fa42e8 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 08:46:01 -0700 Subject: [PATCH 14/24] Aha! (?) --- codebuild/release/release-staging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 70d37f9fd..eb5f24268 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -28,6 +28,7 @@ phases: # - apt remove gpg -y # - apt install gpg -y - gpg --version + - gpg-agent --daemon - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 2918863fb4bd44fcea7899de75005f56df913bb9 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 09:57:43 -0700 Subject: [PATCH 15/24] =?UTF-8?q?=E2=80=94homedir=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index eb5f24268..5836bc13e 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -28,7 +28,7 @@ phases: # - apt remove gpg -y # - apt install gpg -y - gpg --version - - gpg-agent --daemon + - gpg-agent --homedir "$CODEBUILD_SRC_DIR/$MVN_GPG" --daemon - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz From 0b9dc714c34e97e4e52ae3c1305cc1df417a155c Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 10:16:44 -0700 Subject: [PATCH 16/24] Move GPG key material under $HOME --- codebuild/release/release-staging.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 5836bc13e..e85d67288 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,7 +5,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging - MVN_GPG: mvn_gpg + MVN_GPG: $HOME/mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -25,10 +25,6 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi - # - apt remove gpg -y - # - apt install gpg -y - - gpg --version - - gpg-agent --homedir "$CODEBUILD_SRC_DIR/$MVN_GPG" --daemon - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz @@ -40,7 +36,7 @@ phases: -PpublishingCodeArtifact \ -Pfast-tests-only \ -DperformRelease \ - -Dgpg.homedir="$CODEBUILD_SRC_DIR/$MVN_GPG" \ + -Dgpg.homedir="$MVN_GPG" \ -DautoReleaseAfterClose=true \ -Dgpg.keyname="$GPG_KEY" \ -Dgpg.passphrase="$GPG_PASS" \ From bf4fefe2e82d63386a2006ab2b0a757f2c1f65d1 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 10:22:13 -0700 Subject: [PATCH 17/24] Try again --- codebuild/release/release-staging.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index e85d67288..dfe75283d 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,7 +5,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging - MVN_GPG: $HOME/mvn_gpg + MVN_GPG: mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -27,8 +27,8 @@ phases: fi - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > mvn_gpg.tgz - - tar -xvf mvn_gpg.tgz + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz build: commands: - | @@ -36,7 +36,7 @@ phases: -PpublishingCodeArtifact \ -Pfast-tests-only \ -DperformRelease \ - -Dgpg.homedir="$MVN_GPG" \ + -Dgpg.homedir="$HOME/$MVN_GPG" \ -DautoReleaseAfterClose=true \ -Dgpg.keyname="$GPG_KEY" \ -Dgpg.passphrase="$GPG_PASS" \ From 08dd07feb0cc83ad95c941ee746062518959dbf3 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 10:27:43 -0700 Subject: [PATCH 18/24] Missing argument --- codebuild/release/release-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index dfe75283d..d50c24cfb 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -28,7 +28,7 @@ phases: - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz - - tar -xvf ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: - | From 520b079143d8d0c506a32861eebe3934316d9483 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 10:40:41 -0700 Subject: [PATCH 19/24] Add missing role --- codebuild/release/release-staging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index d50c24cfb..96792b715 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,6 +5,7 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging + ROLE: Admin MVN_GPG: mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId From fdbee84f1df515cf3470966b7e51a0ca9f57014d Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 11:43:15 -0700 Subject: [PATCH 20/24] Hook up settings file --- codebuild/release/release-staging.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index 96792b715..a0d73ef85 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -26,6 +26,7 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz @@ -42,7 +43,8 @@ phases: -Dgpg.keyname="$GPG_KEY" \ -Dgpg.passphrase="$GPG_PASS" \ -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ - -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL + -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + -s $SETTINGS_FILE batch: fast-fail: false From a6773e55c71b0519fcd6164838a6045e2ac4d1d8 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 17:11:19 -0700 Subject: [PATCH 21/24] Add prod release command too, clean up env --- codebuild/release/release-prod.yml | 20 ++++++++++++++++++-- codebuild/release/release-staging.yml | 6 ++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 794516fd8..19868b2e7 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -2,13 +2,15 @@ version: 0.2 env: secrets-manager: + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase SONA_USERNAME: Sonatype-Team-Account:Username SONA_PASS: Sonatype-Team-Account:Password phases: install: runtime-versions: - java: openjdk8 + java: openjdk11 pre_build: commands: - git checkout $COMMIT_ID @@ -18,9 +20,23 @@ phases: echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" exit 1; fi + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ build: commands: - - echo "Doing nothing, release step is currently a no-op" + - | + mvn deploy \ + -PpublishingCodeArtifact \ + -Pfast-tests-only \ + -DperformRelease \ + -Dgpg.homedir="$HOME/mvn_gpg" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dsonatype.username="$SONA_USERNAME" \ + -Dsonatype.password="$SONA_PASSWORD" \ + -s $SETTINGS_FILE batch: diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml index a0d73ef85..218b2ba68 100644 --- a/codebuild/release/release-staging.yml +++ b/codebuild/release/release-staging.yml @@ -5,8 +5,6 @@ env: REGION: us-east-1 DOMAIN: crypto-tools-internal REPOSITORY: java-esdk-staging - ROLE: Admin - MVN_GPG: mvn_gpg parameter-store: ACCOUNT: /CodeBuild/AccountId secrets-manager: @@ -16,7 +14,7 @@ env: phases: install: runtime-versions: - java: corretto11 + java: openjdk11 pre_build: commands: - git checkout $COMMIT_ID @@ -38,7 +36,7 @@ phases: -PpublishingCodeArtifact \ -Pfast-tests-only \ -DperformRelease \ - -Dgpg.homedir="$HOME/$MVN_GPG" \ + -Dgpg.homedir="$HOME/mvn_gpg" \ -DautoReleaseAfterClose=true \ -Dgpg.keyname="$GPG_KEY" \ -Dgpg.passphrase="$GPG_PASS" \ From 73c1d5647c730f1b9446ba04227e825b7f7b61a2 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 17:26:11 -0700 Subject: [PATCH 22/24] Fix profile --- codebuild/release/release-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 19868b2e7..7e51df1ea 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -27,7 +27,7 @@ phases: commands: - | mvn deploy \ - -PpublishingCodeArtifact \ + -Ppublishing \ -Pfast-tests-only \ -DperformRelease \ -Dgpg.homedir="$HOME/mvn_gpg" \ From 69812c4c81efec218fbe260dfb0738134014f8aa Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 17:38:12 -0700 Subject: [PATCH 23/24] Missing definition --- codebuild/release/settings.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/codebuild/release/settings.xml b/codebuild/release/settings.xml index 009202717..19587de0e 100644 --- a/codebuild/release/settings.xml +++ b/codebuild/release/settings.xml @@ -8,6 +8,11 @@ aws ${codeartifact.token} + + sonatype-nexus-staging + ${sonatype.username} + ${sonatype.password} + From e68f8f810a84c5f9dd77a5300733c087bee7cd72 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Sun, 9 May 2021 17:44:11 -0700 Subject: [PATCH 24/24] Typo --- codebuild/release/release-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml index 7e51df1ea..0e1c06437 100644 --- a/codebuild/release/release-prod.yml +++ b/codebuild/release/release-prod.yml @@ -5,7 +5,7 @@ env: GPG_KEY: Maven-GPG-Keys-Credentials:Keyname GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase SONA_USERNAME: Sonatype-Team-Account:Username - SONA_PASS: Sonatype-Team-Account:Password + SONA_PASSWORD: Sonatype-Team-Account:Password phases: install: