buildspecs/release-to-maven.yml - platform/external/aws-sdk-java-v2 - Git at Google

 version: 0.2

 phases:
   install:
     commands:
       - pip install awscli --upgrade --user

   pre_build:
     commands:
       - ROOT=`pwd`
       - SETTINGS_XML_TEMPLATE=buildspecs/resources/release-settings.xml
       - SETTINGS_XML=release-settings-final.xml
       - SDK_SIGNING_GPG_SECRING=secring.gpg
       - SDK_SIGNING_GPG_SECRING_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-secret-ring-9d0YXc"
       - SDK_SIGNING_GPG_KEYNAME_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-keyname-wFsOOg"
       - SDK_SIGNING_GPG_PASSPHRASE_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-passphrase-A0H1Kq"
       - SONATYPE_PASSWORD_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sonatype-password-I2V6Y0"

   build:
     commands:
       - RELEASE_VERSION=`mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec`
       - SONATYPE_URL="https://aws.oss.sonatype.org/service/local/repositories/releases/content/software/amazon/awssdk/aws-sdk-java/$RELEASE_VERSION/"
       - |
         if ! curl -f --head $SONATYPE_URL; then
           SONATYPE_PASSWORD=`aws secretsmanager get-secret-value --secret-id $SONATYPE_PASSWORD_ARN --query SecretString --output text`
           SDK_SIGNING_GPG_KEYNAME=`aws secretsmanager get-secret-value --secret-id $SDK_SIGNING_GPG_KEYNAME_ARN --query SecretString --output text`
           SDK_SIGNING_GPG_PASSPHRASE=`aws secretsmanager get-secret-value --secret-id $SDK_SIGNING_GPG_PASSPHRASE_ARN --query SecretString --output text`
           aws secretsmanager get-secret-value --secret-id  $SDK_SIGNING_GPG_SECRING_ARN --query SecretBinary --output text | base64 -d > $SDK_SIGNING_GPG_SECRING
           gpg --passphrase $SDK_SIGNING_GPG_PASSPHRASE --batch --import $SDK_SIGNING_GPG_SECRING

           cat $SETTINGS_XML_TEMPLATE | \
             awk 'BEGIN { var=ENVIRON["SONATYPE_PASSWORD"] } { gsub("\\$SONATYPE_PASSWORD", var, $0); print }' | \
             awk 'BEGIN { var=ENVIRON["SDK_SIGNING_GPG_PASSPHRASE"] } { gsub("\\$SDK_SIGNING_GPG_PASSPHRASE", var, $0); print }' | \
             awk 'BEGIN { var=ENVIRON["SDK_SIGNING_GPG_KEYNAME"] } { gsub("\\$SDK_SIGNING_GPG_KEYNAME", var, $0); print }' > \
             $SETTINGS_XML

           mvn clean deploy -B -s $SETTINGS_XML -Ppublishing -DperformRelease -Dspotbugs.skip -DskipTests -Dcheckstyle.skip -Djapicmp.skip -Ddoclint=none -pl !:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:module-path-tests,!:tests-coverage-reporting,!:stability-tests,!:sdk-native-image-test,!:auth-tests,!:s3-benchmarks,!:region-testing,!:old-client-version-compatibility-test -DautoReleaseAfterClose=true -DstagingProgressTimeoutMinutes=30 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true
         else
           echo "This version was already released."
         fi
	version: 0.2

	phases:
	install:
	commands:
	- pip install awscli --upgrade --user

	pre_build:
	commands:
	- ROOT=`pwd`
	- SETTINGS_XML_TEMPLATE=buildspecs/resources/release-settings.xml
	- SETTINGS_XML=release-settings-final.xml
	- SDK_SIGNING_GPG_SECRING=secring.gpg
	- SDK_SIGNING_GPG_SECRING_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-secret-ring-9d0YXc"
	- SDK_SIGNING_GPG_KEYNAME_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-keyname-wFsOOg"
	- SDK_SIGNING_GPG_PASSPHRASE_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sdk-signing-gpg-passphrase-A0H1Kq"
	- SONATYPE_PASSWORD_ARN="arn:aws:secretsmanager:us-east-1:103431983078:secret:sonatype-password-I2V6Y0"

	build:
	commands:
	- RELEASE_VERSION=`mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec`
	- SONATYPE_URL="https://aws.oss.sonatype.org/service/local/repositories/releases/content/software/amazon/awssdk/aws-sdk-java/$RELEASE_VERSION/"
	- \|
	if ! curl -f --head $SONATYPE_URL; then
	SONATYPE_PASSWORD=`aws secretsmanager get-secret-value --secret-id $SONATYPE_PASSWORD_ARN --query SecretString --output text`
	SDK_SIGNING_GPG_KEYNAME=`aws secretsmanager get-secret-value --secret-id $SDK_SIGNING_GPG_KEYNAME_ARN --query SecretString --output text`
	SDK_SIGNING_GPG_PASSPHRASE=`aws secretsmanager get-secret-value --secret-id $SDK_SIGNING_GPG_PASSPHRASE_ARN --query SecretString --output text`
	aws secretsmanager get-secret-value --secret-id $SDK_SIGNING_GPG_SECRING_ARN --query SecretBinary --output text \| base64 -d > $SDK_SIGNING_GPG_SECRING
	gpg --passphrase $SDK_SIGNING_GPG_PASSPHRASE --batch --import $SDK_SIGNING_GPG_SECRING

	cat $SETTINGS_XML_TEMPLATE \| \
	awk 'BEGIN { var=ENVIRON["SONATYPE_PASSWORD"] } { gsub("\\$SONATYPE_PASSWORD", var, $0); print }' \| \
	awk 'BEGIN { var=ENVIRON["SDK_SIGNING_GPG_PASSPHRASE"] } { gsub("\\$SDK_SIGNING_GPG_PASSPHRASE", var, $0); print }' \| \
	awk 'BEGIN { var=ENVIRON["SDK_SIGNING_GPG_KEYNAME"] } { gsub("\\$SDK_SIGNING_GPG_KEYNAME", var, $0); print }' > \
	$SETTINGS_XML

	mvn clean deploy -B -s $SETTINGS_XML -Ppublishing -DperformRelease -Dspotbugs.skip -DskipTests -Dcheckstyle.skip -Djapicmp.skip -Ddoclint=none -pl !:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:module-path-tests,!:tests-coverage-reporting,!:stability-tests,!:sdk-native-image-test,!:auth-tests,!:s3-benchmarks,!:region-testing,!:old-client-version-compatibility-test -DautoReleaseAfterClose=true -DstagingProgressTimeoutMinutes=30 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true
	else
	echo "This version was already released."
	fi