aws · texastony · Jul 26, 2021 · Jun 30, 2021 · Jun 30, 2021 · Jun 30, 2021
@@ -0,0 +1,86 @@
+version: 0.2
+# 'release-prod' is an AWS::CodeBuild::BuildSpec that Releases to Sonatype and then validates the release with 'validate-prod'
+# Command to trigger this codebuild from an authorized command line.
+#  aws codebuild start-build-batch \
+#  --region us-west-2 \
+#  --project-name java-ddb-ec-release \
+#  --environment-variables-override name=VERSION,value=<INSERT_VERSION>,type=PLAINTEXT name=COMMIT_ID,value=<INSERT_COMMIT_ID>,type=PLAINTEXT"
+
+env:
+  secrets-manager:
+    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
+    SONA_USERNAME: Sonatype-Team-Account:Username 
+    SONA_PASSWORD: Sonatype-Team-Account:Password
+
+phases:
+  install:
+    runtime-versions:
+      java: openjdk8
+  pre_build:
+    commands:
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(grep version sdk1/pom.xml | head -n 2 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
+      - |
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
+          exit 1;
+        fi
+      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - tar -xvf ~/mvn_gpg.tgz -C ~
+  build:
+    commands:
+      - |
+        mvn deploy \
+          -Ppublishing \
+          -DperformRelease \
+          -Dgpg.homedir="$HOME/mvn_gpg" \
+          -DautoReleaseAfterClose=true \
+          -Dgpg.keyname="$GPG_KEY" \
+          -Dgpg.passphrase="$GPG_PASS" \
+          -Dsonatype.username="$SONA_USERNAME" \
+          -Dsonatype.password="$SONA_PASSWORD" \
+          -s $SETTINGS_FILE
+
+
+batch:
+  fast-fail: false
+  build-graph:
+    - identifier: release_to_prod
+    - identifier: validate_prod_release_openjdk8
+      depend-on:
+        - release_to_prod
+      buildspec: codebuild/release/validate-prod.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: openjdk8
+          JAVA_NUMERIC_VERSION: 8
+        image: aws/codebuild/standard:3.0
+    - identifier: validate_prod_release_openjdk11
+      depend-on:
+        - release_to_prod
+      buildspec: codebuild/release/validate-prod.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: openjdk11
+          JAVA_NUMERIC_VERSION: 11
+        image: aws/codebuild/standard:3.0
+    - identifier: validate_prod_release_corretto8
+      depend-on:
+        - release_to_prod
+      buildspec: codebuild/release/validate-prod.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: corretto8
+          JAVA_NUMERIC_VERSION: 8
+        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
+    - identifier: validate_prod_release_corretto11
+      depend-on:
+        - release_to_prod
+      buildspec: codebuild/release/validate-prod.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: corretto11
+          JAVA_NUMERIC_VERSION: 11
+        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
@@ -0,0 +1,91 @@
+version: 0.2
+# 'release-staging' is an AWS::CodeBuild::BuildSpec that Stages a release on CodeArtifact and validates the staging using 'validate-staging'
+# Command to trigger this codebuild from an authorized command line.
+# aws codebuild start-build-batch \
+#         --region us-west-2 \
+#         --project-name java-ddb-ec-test-release \
+#         --environment-variables-override name=VERSION,value=<INSERT_VERSION>,type=PLAINTEXT name=COMMIT_ID,value=<INSERT_COMMIT_ID>,type=PLAINTEXT
+
+env:
+  variables:
+    REGION: us-east-1
+    DOMAIN: crypto-tools-internal
+    REPOSITORY: java-ddbec-staging
+  parameter-store:
+    ACCOUNT: /CodeBuild/AccountId
+  secrets-manager:
+    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
+
+phases:
+  install:
+    runtime-versions:
+      java: openjdk8
+  pre_build:
+    commands:
+      - git checkout $COMMIT_ID
+      - FOUND_VERSION=$(grep version sdk1/pom.xml | head -n 2 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
+      - |
+        if expr ${FOUND_VERSION} != ${VERSION}; then
+          echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping"
+          exit 1;
+        fi
+      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
+      - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
+      - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - tar -xvf ~/mvn_gpg.tgz -C ~
+  build:
+    commands:
+      - |
+        mvn deploy \
+          -PpublishingCodeArtifact \
+          -DperformRelease \
+          -Dgpg.homedir="$HOME/mvn_gpg" \
+          -DautoReleaseAfterClose=true \
+          -Dgpg.keyname="$GPG_KEY" \
+          -Dgpg.passphrase="$GPG_PASS" \
+          -Dcodeartifact.token=$CODEARTIFACT_TOKEN \
+          -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \
+          -s $SETTINGS_FILE
+
+batch:
+  fast-fail: false
+  build-graph:
+    - identifier: release_to_staging
+    - identifier: validate_staging_release_openjdk8
+      depend-on:
+        - release_to_staging
+      buildspec: codebuild/release/validate-staging.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: openjdk8
+          JAVA_NUMERIC_VERSION: 8
+        image: aws/codebuild/standard:3.0
+    - identifier: validate_staging_release_openjdk11
+      depend-on:
+        - release_to_staging
+      buildspec: codebuild/release/validate-staging.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: openjdk11
+          JAVA_NUMERIC_VERSION: 11
+        image: aws/codebuild/standard:3.0
+    - identifier: validate_staging_release_corretto8
+      depend-on:
+        - release_to_staging
+      buildspec: codebuild/release/validate-staging.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: corretto8
+          JAVA_NUMERIC_VERSION: 8
+        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
+    - identifier: validate_staging_release_corretto11
+      depend-on:
+        - release_to_staging
+      buildspec: codebuild/release/validate-staging.yml
+      env:
+        variables:
+          JAVA_ENV_VERSION: corretto11
+          JAVA_NUMERIC_VERSION: 11
+        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
@@ -0,0 +1,31 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                                  http://maven.apache.org/xsd/settings-1.0.0.xsd">
+  <servers>
+    <server>
+      <id>codeartifact</id>
+      <username>aws</username>
+      <password>${codeartifact.token}</password>
+    </server>
+    <server>
+      <id>sonatype-nexus-staging</id>
+      <username>${sonatype.username}</username>
+      <password>${sonatype.password}</password>
+    </server>
+  </servers>
+
+  <profiles>
+    <profile>
+      <id>codeartifact</id>
+      <repositories>
+        <repository>
+          <id>codeartifact</id>
+          <name>codeartifact</name>
+          <url>${codeartifact.url}</url> <!-- passed via command line to avoid hardcoding it here -->
+        </repository>
+      </repositories>
+    </profile>
+  </profiles>
+
+</settings>
@@ -0,0 +1,18 @@
+version: 0.2
+# 'validate-prod' is an AWS::CodeBuild::BuildSpec that validates a Sonatype release against the examples
+
+phases:
+  install:
+    runtime-versions:
+      java: $JAVA_ENV_VERSION
+  pre_build:
+    commands:
+      - cd examples
+  build:
+    commands:
+      - |
+        mvn verify \
+          -Dcheckstyle.skip \
+          -Dddbec.version=$VERSION \
+          -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \
+          -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION
@@ -0,0 +1,32 @@
+version: 0.2
+# 'validate-staging' is an AWS::CodeBuild::BuildSpec that validates artifacts from CodeArtifact against the examples
+
+env:
+  variables:
+    REGION: us-east-1
+    DOMAIN: crypto-tools-internal
+    REPOSITORY: java-ddbec-staging
+  parameter-store:
+    ACCOUNT: /CodeBuild/AccountId
+
+phases:
+    runtime-versions:
+      java: $JAVA_ENV_VERSION
+  pre_build:
+    commands:
+      - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
+      - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
+      - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
+      - cd examples
+  build:
+    commands:
+      - |
+        mvn verify \
+          -Pcodeartifact \
+          -Dcheckstyle.skip \
+          -Dddbec.version=$VERSION \
+          -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \
+          -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \
+          -Dcodeartifact.token=$CODEARTIFACT_TOKEN \
+          -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \
+          -s $SETTINGS_FILE
@@ -21,13 +21,16 @@
         <sqlite4java.version>1.0.392</sqlite4java.version>
         <maven-failsafe-plugin.version>3.0.0-M3</maven-failsafe-plugin.version>
         <maven-surefire-plugin.version>3.0.0-M3</maven-surefire-plugin.version>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+        <ddbec.version>2.0.1</ddbec.version>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-dynamodb-encryption-java</artifactId>
-            <version>2.0.1</version>
+            <version>${ddbec.version}</version>
         </dependency>
 
         <dependency>
@@ -91,10 +94,6 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.8.0</version>
-                <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
-                </configuration>
             </plugin>
 
             <plugin>