diff --git a/CHANGELOG.md b/CHANGELOG.md index 6935e5cb..521d3955 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Maintenance * Upgrade AWS SDK * Upgrade build dependencies +* Partially automate release process ## 1.15.1 -- 2021-02-12 Fixes released jar files to ensure JDK 8 compatibility. diff --git a/buildspec.yml b/buildspec.yml index 365eb003..1fc7d652 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -23,3 +23,8 @@ batch: env: env: image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: static_analysis + buildspec: codebuild/static-analysis.yml + env: + env: + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml new file mode 100644 index 00000000..bc25225b --- /dev/null +++ b/codebuild/release/release-prod.yml @@ -0,0 +1,86 @@ +version: 0.2 +# 'release-prod' is an AWS::CodeBuild::BuildSpec that Releases to Sonatype and then validates the release with 'validate-prod' +# Command to trigger this codebuild from an authorized command line. +# aws codebuild start-build-batch \ +# --region us-west-2 \ +# --project-name java-ddb-ec-release \ +# --environment-variables-override name=VERSION,value=,type=PLAINTEXT name=COMMIT_ID,value=,type=PLAINTEXT" + +env: + secrets-manager: + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase + SONA_USERNAME: Sonatype-Team-Account:Username + SONA_PASSWORD: Sonatype-Team-Account:Password + +phases: + install: + runtime-versions: + java: openjdk8 + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(grep version sdk1/pom.xml | head -n 2 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ + build: + commands: + - | + mvn deploy \ + -Ppublishing \ + -DperformRelease \ + -Dgpg.homedir="$HOME/mvn_gpg" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dsonatype.username="$SONA_USERNAME" \ + -Dsonatype.password="$SONA_PASSWORD" \ + -s $SETTINGS_FILE + + +batch: + fast-fail: false + build-graph: + - identifier: release_to_prod + - identifier: validate_prod_release_openjdk8 + depend-on: + - release_to_prod + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + - identifier: validate_prod_release_openjdk11 + depend-on: + - release_to_prod + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + - identifier: validate_prod_release_corretto8 + depend-on: + - release_to_prod + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: validate_prod_release_corretto11 + depend-on: + - release_to_prod + buildspec: codebuild/release/validate-prod.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml new file mode 100644 index 00000000..be1f68e2 --- /dev/null +++ b/codebuild/release/release-staging.yml @@ -0,0 +1,91 @@ +version: 0.2 +# 'release-staging' is an AWS::CodeBuild::BuildSpec that Stages a release on CodeArtifact and validates the staging using 'validate-staging' +# Command to trigger this codebuild from an authorized command line. +# aws codebuild start-build-batch \ +# --region us-west-2 \ +# --project-name java-ddb-ec-test-release \ +# --environment-variables-override name=VERSION,value=,type=PLAINTEXT name=COMMIT_ID,value=,type=PLAINTEXT + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-ddbec-staging + parameter-store: + ACCOUNT: /CodeBuild/AccountId + secrets-manager: + GPG_KEY: Maven-GPG-Keys-Credentials:Keyname + GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase + +phases: + install: + runtime-versions: + java: openjdk8 + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(grep version sdk1/pom.xml | head -n 2 | sed -n 's/[ \t]*\(.*\)<\/version>/\1/p') + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "pom.xml version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz + - tar -xvf ~/mvn_gpg.tgz -C ~ + build: + commands: + - | + mvn deploy \ + -PpublishingCodeArtifact \ + -DperformRelease \ + -Dgpg.homedir="$HOME/mvn_gpg" \ + -DautoReleaseAfterClose=true \ + -Dgpg.keyname="$GPG_KEY" \ + -Dgpg.passphrase="$GPG_PASS" \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -DaltDeploymentRepository=codeartifact::default::$CODEARTIFACT_REPO_URL \ + -s $SETTINGS_FILE + +batch: + fast-fail: false + build-graph: + - identifier: release_to_staging + - identifier: validate_staging_release_openjdk8 + depend-on: + - release_to_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/standard:3.0 + - identifier: validate_staging_release_openjdk11 + depend-on: + - release_to_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: openjdk11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/standard:3.0 + - identifier: validate_staging_release_corretto8 + depend-on: + - release_to_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto8 + JAVA_NUMERIC_VERSION: 8 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 + - identifier: validate_staging_release_corretto11 + depend-on: + - release_to_staging + buildspec: codebuild/release/validate-staging.yml + env: + variables: + JAVA_ENV_VERSION: corretto11 + JAVA_NUMERIC_VERSION: 11 + image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 diff --git a/codebuild/release/settings.xml b/codebuild/release/settings.xml new file mode 100644 index 00000000..19587de0 --- /dev/null +++ b/codebuild/release/settings.xml @@ -0,0 +1,31 @@ + + + + codeartifact + aws + ${codeartifact.token} + + + sonatype-nexus-staging + ${sonatype.username} + ${sonatype.password} + + + + + + codeartifact + + + codeartifact + codeartifact + ${codeartifact.url} + + + + + + diff --git a/codebuild/release/validate-prod.yml b/codebuild/release/validate-prod.yml new file mode 100644 index 00000000..b43a2638 --- /dev/null +++ b/codebuild/release/validate-prod.yml @@ -0,0 +1,18 @@ +version: 0.2 +# 'validate-prod' is an AWS::CodeBuild::BuildSpec that validates a Sonatype release against the examples + +phases: + install: + runtime-versions: + java: $JAVA_ENV_VERSION + pre_build: + commands: + - cd examples + build: + commands: + - | + mvn verify \ + -Dcheckstyle.skip \ + -Dddbec.version=$VERSION \ + -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION diff --git a/codebuild/release/validate-staging.yml b/codebuild/release/validate-staging.yml new file mode 100644 index 00000000..f967acf5 --- /dev/null +++ b/codebuild/release/validate-staging.yml @@ -0,0 +1,35 @@ +version: 0.2 +# 'validate-staging' is an AWS::CodeBuild::BuildSpec that validates artifacts from CodeArtifact against the examples + +env: + variables: + REGION: us-east-1 + DOMAIN: crypto-tools-internal + REPOSITORY: java-ddbec-staging + parameter-store: + ACCOUNT: /CodeBuild/AccountId + +phases: + install: + commands: + - pip install awscli + runtime-versions: + java: $JAVA_ENV_VERSION + pre_build: + commands: + - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml + - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION}) + - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY} + - cd examples + build: + commands: + - | + mvn verify \ + -Pcodeartifact \ + -Dcheckstyle.skip \ + -Dddbec.version=$VERSION \ + -Dmaven.compiler.target=$JAVA_NUMERIC_VERSION \ + -Dmaven.compiler.source=$JAVA_NUMERIC_VERSION \ + -Dcodeartifact.token=$CODEARTIFACT_TOKEN \ + -Dcodeartifact.url=$CODEARTIFACT_REPO_URL \ + -s $SETTINGS_FILE diff --git a/codebuild/static-analysis.yml b/codebuild/static-analysis.yml new file mode 100644 index 00000000..3c3b2f38 --- /dev/null +++ b/codebuild/static-analysis.yml @@ -0,0 +1,9 @@ +version: 0.2 + +phases: + install: + runtime-versions: + java: corretto11 + build: + commands: + - mvn com.coveo:fmt-maven-plugin:check