chore: Automate staging and production release using CodeBuild as well

codebuild/release/release-prod.yml

@@ -2,13 +2,15 @@ version: 0.2
 
 env:
   secrets-manager:
+    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
     SONA_USERNAME: Sonatype-Team-Account:Username 
-    SONA_PASS: Sonatype-Team-Account:Password
+    SONA_PASSWORD: Sonatype-Team-Account:Password
 
 phases:
   install:
     runtime-versions:
-      java: openjdk8
+      java: openjdk11
   pre_build:
     commands:
       - git checkout $COMMIT_ID
@@ -18,9 +20,23 @@ phases:
           echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
           exit 1;
         fi
+      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - tar -xvf ~/mvn_gpg.tgz -C ~
   build:
     commands:
-      - echo "Doing nothing, release step is currently a no-op"
+      - |
+        mvn deploy \
+          -Ppublishing \
+          -Pfast-tests-only \
+          -DperformRelease \
+          -Dgpg.homedir="$HOME/mvn_gpg" \
+          -DautoReleaseAfterClose=true \
+          -Dgpg.keyname="$GPG_KEY" \
+          -Dgpg.passphrase="$GPG_PASS" \
+          -Dsonatype.username="$SONA_USERNAME" \
+          -Dsonatype.password="$SONA_PASSWORD" \
+          -s $SETTINGS_FILE
 
 
 batch:

codebuild/release/release-staging.yml

@@ -1,14 +1,20 @@
 version: 0.2
 
 env:
+  variables:
+    REGION: us-east-1
+    DOMAIN: crypto-tools-internal
+    REPOSITORY: java-esdk-staging
+  parameter-store:
+    ACCOUNT: /CodeBuild/AccountId
   secrets-manager:
-    SONA_USERNAME: Sonatype-Team-Account:Username 
-    SONA_PASS: Sonatype-Team-Account:Password
+    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
 
 phases:
   install:
     runtime-versions:
-      java: openjdk8
+      java: openjdk11
   pre_build:
     commands:
       - git checkout $COMMIT_ID
@@ -18,10 +24,25 @@ phases:
           echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
           exit 1;
         fi
+      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
+      - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
+      - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - tar -xvf ~/mvn_gpg.tgz -C ~
   build:
     commands:
-      - echo "Doing nothing, release step is currently a no-op"
-
+      - |
+        mvn deploy \
+          -PpublishingCodeArtifact \
+          -Pfast-tests-only \
+          -DperformRelease \
+          -Dgpg.homedir="$HOME/mvn_gpg" \
+          -DautoReleaseAfterClose=true \
+          -Dgpg.keyname="$GPG_KEY" \
+          -Dgpg.passphrase="$GPG_PASS" \
+          -Dcodeartifact.token=$CODEARTIFACT_TOKEN \
+          -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \
+          -s $SETTINGS_FILE
 
 batch:
   fast-fail: false

codebuild/release/settings.xml

@@ -8,6 +8,11 @@
       <username>aws</username>
       <password>${codeartifact.token}</password>
     </server>
+    <server>
+      <id>sonatype-nexus-staging</id>
+      <username>${sonatype.username}</username>
+      <password>${sonatype.password}</password>
+    </server>
   </servers>
 
   <profiles>