chore: add codebuild release (#232)

Co-authored-by: Valerie Lambert <[email protected]>

Author: josecorella

.github/workflows/ci_examples_java.yml

@@ -38,7 +38,6 @@ jobs:
           macos-latest
         ]
     runs-on: ${{ matrix.os }}
-    environment: "MPL CI"
     permissions:
       id-token: write
       contents: read
@@ -51,18 +50,8 @@ jobs:
           role-session-name: DDBEC-Dafny-Java-Tests
 
       - uses: actions/checkout@v3
-
-      - name: Init Submodules
-        env:
-          # This secret is in the configured environment
-          # Token created on # 05/12/2023
-          # expires in ~30 days 05/22/2023
-          MPL_PAT: ${{ secrets.MPL_PAT }}
-        run: |
-          AUTH="$(echo -n "pat:${MPL_PAT}" | base64 | tr -d '\n')"
-          git config --global http.https://github.com/.extraheader "AUTHORIZATION: basic $AUTH"
-          git config --global --add url.https://github.com/.insteadOf [email protected]:
-          git submodule update --init --recursive submodules/MaterialProviders
+        with:
+          submodules: recursive        
 
       - name: Setup Java ${{ matrix.java-version }}
         uses: actions/setup-java@v3

.github/workflows/ci_test_java.yml

@@ -40,7 +40,6 @@ jobs:
           macos-latest
         ]
     runs-on: ${{ matrix.os }}
-    environment: "MPL CI"
     permissions:
       id-token: write
       contents: read
@@ -53,18 +52,8 @@ jobs:
           role-session-name: DDBEC-Dafny-Java-Tests
 
       - uses: actions/checkout@v3
-
-      - name: Init Submodules
-        env:
-          # This secret is in the configured environment
-          # Token created on # 05/12/2023
-          # expires in ~30 days 05/22/2023
-          MPL_PAT: ${{ secrets.MPL_PAT }}
-        run: |
-          AUTH="$(echo -n "pat:${MPL_PAT}" | base64 | tr -d '\n')"
-          git config --global http.https://github.com/.extraheader "AUTHORIZATION: basic $AUTH"
-          git config --global --add url.https://github.com/.insteadOf [email protected]:
-          git submodule update --init --recursive submodules/MaterialProviders
+        with:
+          submodules: recursive
 
       - name: Setup Dafny
         uses: dafny-lang/[email protected]
@@ -89,4 +78,8 @@ jobs:
       - name: Test ${{ matrix.library }}
         working-directory: ./${{ matrix.library }}
         run: |
+          # Clear MPL from cache
+          # We have to do this because MakeFile does not do this yet. The MakeFile automatically builds and deploys dependencies
+          # instead it should be picking it up from Maven.
+          rm -rf ~/.m2/repository/software/amazon/cryptography/aws-cryptographic-material-providers
           make test_java

.github/workflows/ci_test_net.yml

@@ -40,7 +40,6 @@ jobs:
           macos-latest,
         ]
     runs-on: ${{ matrix.os }}
-    environment: "MPL CI"
     permissions:
       id-token: write
       contents: read
@@ -49,18 +48,8 @@ jobs:
       DOTNET_NOLOGO: 1
     steps:
       - uses: actions/checkout@v3
-
-      - name: Init Submodules
-        env:
-          # This secret is in the configured environment
-          # Token created on # 05/12/2023
-          # expires in ~30 days 05/22/2023
-          MPL_PAT: ${{ secrets.MPL_PAT }}
-        run: |
-          AUTH="$(echo -n "pat:${MPL_PAT}" | base64 | tr -d '\n')"
-          git config --global http.https://github.com/.extraheader "AUTHORIZATION: basic $AUTH"
-          git config --global --add url.https://github.com/.insteadOf [email protected]:
-          git submodule update --init --recursive submodules/MaterialProviders
+        with:
+          submodules: recursive        
 
       - name: Setup .NET Core SDK ${{ matrix.dotnet-version }}
         uses: actions/setup-dotnet@v3

.github/workflows/ci_test_vector_java.yml

@@ -17,7 +17,6 @@ jobs:
           ubuntu-latest
         ]
     runs-on: ${{ matrix.os }}
-    environment: "MPL CI"
     permissions:
       id-token: write
       contents: read
@@ -36,17 +35,8 @@ jobs:
           role-session-name: DDBEC-Dafny-Java-Tests
 
       - uses: actions/checkout@v3
-
-      - name: Init Submodules
-        env:
-          # This secret is in the configured environment,
-          # and set to expire every 30 days
-          MPL_PAT: ${{ secrets.MPL_PAT }}
-        run: |
-          AUTH="$(echo -n "pat:${MPL_PAT}" | base64 | tr -d '\n')"
-          git config --global http.https://github.com/.extraheader "AUTHORIZATION: basic $AUTH"
-          git config --global --add url.https://github.com/.insteadOf [email protected]:
-          git submodule update --init --recursive submodules/MaterialProviders
+        with:
+          submodules: recursive
 
       - name: Setup Dafny
         uses: dafny-lang/[email protected]
@@ -70,4 +60,8 @@ jobs:
       - name: Test TestVectors
         working-directory: ./TestVectors
         run: |
+          # Clear MPL from cache
+          # We have to do this because MakeFile does not do this yet. The MakeFile automatically builds and deploys dependencies
+          # instead it should be picking it up from Maven.
+          rm -rf ~/.m2/repository/software/amazon/cryptography/aws-cryptographic-material-providers
           make test_java

.github/workflows/ci_verification.yml

@@ -41,22 +41,11 @@ jobs:
           macos-latest,
         ]
     runs-on: ${{ matrix.os }}
-    environment: "MPL CI"
     steps:
       - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
-      - name: Init Submodules
-        env:
-          # This secret is in the configured environment
-          # Token created on # 05/12/2023
-          # expires in ~30 days 05/22/2023
-          MPL_PAT: ${{ secrets.MPL_PAT }}
-        run: |
-          AUTH="$(echo -n "pat:${MPL_PAT}" | base64 | tr -d '\n')"
-          git config --global http.https://github.com/.extraheader "AUTHORIZATION: basic $AUTH"
-          git config --global --add url.https://github.com/.insteadOf [email protected]:
-          git submodule update --init --recursive submodules/MaterialProviders
-      
       - name: Setup Dafny
         uses: dafny-lang/[email protected]
         with:

.gitmodules

@@ -3,4 +3,4 @@
 	url = https://github.com/aws/aws-cryptographic-material-providers-library-java.git
 [submodule "submodules/smithy-dafny"]
 	path = submodules/smithy-dafny
-	url = git@github.com:awslabs/smithy-dafny.git
+	url = https://github.com/awslabs/smithy-dafny.git

CHANGELOG.md

@@ -0,0 +1,8 @@
+# Changelog
+
+## 3.0.0-preview-1 2023-06-08
+
+### Features
+- Initial release of the AWS Database Encryption SDK.
+  This release is considered a [developer preview](https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle)
+  and is not intended for production use cases.

DynamoDbEncryption/runtimes/java/build.gradle.kts

@@ -7,10 +7,12 @@ plugins {
     `java`
     `java-library`
     `maven-publish`
+    `signing`
+    id("io.github.gradle-nexus.publish-plugin") version "1.3.0"
 }
 
 group = "software.amazon.cryptography"
-version = "1.0-SNAPSHOT"
+version = "3.0.0-preview-1"
 description = "Aws Database Encryption Sdk for DynamoDb Java"
 
 java {
@@ -68,7 +70,7 @@ val dynamodb by configurations.creating
 dependencies {
     implementation("org.dafny:DafnyRuntime:4.1.0")
     implementation("software.amazon.smithy.dafny:conversion:0.1")
-    implementation("software.amazon.cryptography:AwsCryptographicMaterialProviders:1.0-SNAPSHOT")
+    implementation("software.amazon.cryptography:aws-cryptographic-material-providers:1.0.0-preview-1")
 
     implementation(platform("software.amazon.awssdk:bom:2.19.1"))
     implementation("software.amazon.awssdk:dynamodb")
@@ -107,12 +109,55 @@ dependencies {
 }
 
 publishing {
+    publications.create<MavenPublication>("mavenLocal") {
+        groupId = "software.amazon.cryptography"
+        artifactId = "aws-database-encryption-sdk-dynamodb"
+        from(components["java"])
+    }
+
     publications.create<MavenPublication>("maven") {
         groupId = "software.amazon.cryptography"
         artifactId = "aws-database-encryption-sdk-dynamodb"
         from(components["java"])
+
+        // Include extra information in the POMs.
+        afterEvaluate {
+            pom {
+                name.set("AWS Database Encryption SDK for DynamoDB")
+                description.set("AWS Database Encryption SDK for DynamoDB in Java")
+                url.set("https://github.com/aws/aws-database-encryption-sdk-dynamodb-java")
+                licenses {
+                    license {
+                        name.set("Apache License 2.0")
+                        url.set("http://www.apache.org/licenses/LICENSE-2.0.txt")
+                        distribution.set("repo")
+                    }
+                }
+                developers {
+                    developer {
+                        id.set("amazonwebservices")
+                        organization.set("Amazon Web Services")
+                        organizationUrl.set("https://aws.amazon.com")
+                        roles.add("developer")
+                    }
+                }
+                scm {
+                    url.set("https://github.com/aws/aws-database-encryption-sdk-dynamodb-java.git")
+                }
+            }
+        }
+    }
+    repositories {
+        mavenLocal()
+        maven {
+            name = "StagingCodeArtifact"
+            url = URI.create("https://crypto-tools-internal-587316601012.d.codeartifact.us-east-1.amazonaws.com/maven/java-dbesdk-ddb-staging/")
+            credentials {
+                username = "aws"
+                password = System.getenv("CODEARTIFACT_TOKEN")
+            }
+        }
     }
-    repositories { mavenLocal() }
 }
 
 tasks.withType<JavaCompile>() {
@@ -185,3 +230,36 @@ tasks.javadoc {
     }
     exclude("src/main/dafny-generated")
 }
+
+nexusPublishing {
+    // We are using the nexusPublishing plugin since it is recommended by Sonatype Gradle Project configurations
+    // and it is easy to supply the creds we need to deploy
+    // https://github.com/gradle-nexus/publish-plugin/
+    repositories {
+        sonatype {
+            nexusUrl.set(uri("https://aws.oss.sonatype.org/service/local/"))
+            snapshotRepositoryUrl.set(uri("https://aws.oss.sonatype.org/content/repositories/snapshots/"))
+            username.set(System.getenv("SONA_USERNAME"))
+            password.set(System.getenv("SONA_PASSWORD"))
+        }
+    }
+}
+
+signing {
+    useGpgCmd()
+
+    // Dynamically set these properties
+    project.ext.set("signing.gnupg.executable", "gpg")
+    project.ext.set("signing.gnupg.useLegacyGpg" , "true")
+    project.ext.set("signing.gnupg.homeDir", System.getenv("HOME") + "/.gnupg/")
+    project.ext.set("signing.gnupg.optionsFile", System.getenv("HOME") + "/.gnupg/gpg.conf")
+    project.ext.set("signing.gnupg.keyName", System.getenv("GPG_KEY"))
+    project.ext.set("signing.gnupg.passphrase", System.getenv("GPG_PASS"))
+
+    // Signing is required if building a release version and if we're going to publish it.
+    // Otherwise if doing a maven publication we will sign
+    setRequired({
+        gradle.getTaskGraph().hasTask("publish")
+    })
+    sign(publishing.publications["maven"])
+}

Examples/runtimes/java/DynamoDbEncryption/build.gradle.kts

@@ -24,14 +24,14 @@ java {
 
 var caUrl: URI? = null
 @Nullable
-val caUrlStr: String? = System.getenv("CODEARTIFACT_URL_JAVA_CONVERSION")
+val caUrlStr: String? = System.getenv("CODEARTIFACT_REPO_URL")
 if (!caUrlStr.isNullOrBlank()) {
     caUrl = URI.create(caUrlStr)
 }
 
 var caPassword: String? = null
 @Nullable
-val caPasswordString: String? = System.getenv("CODEARTIFACT_AUTH_TOKEN")
+val caPasswordString: String? = System.getenv("CODEARTIFACT_TOKEN")
 if (!caPasswordString.isNullOrBlank()) {
     caPassword = caPasswordString
 }
@@ -56,8 +56,8 @@ repositories {
 }
 
 dependencies {
-    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:1.0-SNAPSHOT")
-    implementation("software.amazon.cryptography:AwsCryptographicMaterialProviders:1.0-SNAPSHOT")
+    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:3.0.0-preview-1")
+    implementation("software.amazon.cryptography:aws-cryptographic-material-providers:1.0.0-preview-1")
 
     implementation(platform("software.amazon.awssdk:bom:2.19.1"))
     implementation("software.amazon.awssdk:arns")

Examples/runtimes/java/Migration/DDBECToAWSDBE/build.gradle.kts

@@ -24,14 +24,14 @@ java {
 
 var caUrl: URI? = null
 @Nullable
-val caUrlStr: String? = System.getenv("CODEARTIFACT_URL_JAVA_CONVERSION")
+val caUrlStr: String? = System.getenv("CODEARTIFACT_REPO_URL")
 if (!caUrlStr.isNullOrBlank()) {
     caUrl = URI.create(caUrlStr)
 }
 
 var caPassword: String? = null
 @Nullable
-val caPasswordString: String? = System.getenv("CODEARTIFACT_AUTH_TOKEN")
+val caPasswordString: String? = System.getenv("CODEARTIFACT_TOKEN")
 if (!caPasswordString.isNullOrBlank()) {
     caPassword = caPasswordString
 }
@@ -56,8 +56,8 @@ repositories {
 }
 
 dependencies {
-    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:1.0-SNAPSHOT")
-    implementation("software.amazon.cryptography:AwsCryptographicMaterialProviders:1.0-SNAPSHOT")
+    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:3.0.0-preview-1")
+    implementation("software.amazon.cryptography:aws-cryptographic-material-providers:1.0.0-preview-1")
 
     implementation(platform("software.amazon.awssdk:bom:2.19.1"))
     implementation("software.amazon.awssdk:dynamodb")

Examples/runtimes/java/Migration/PlaintextToAWSDBE/build.gradle.kts

@@ -24,14 +24,14 @@ java {
 
 var caUrl: URI? = null
 @Nullable
-val caUrlStr: String? = System.getenv("CODEARTIFACT_URL_JAVA_CONVERSION")
+val caUrlStr: String? = System.getenv("CODEARTIFACT_REPO_URL")
 if (!caUrlStr.isNullOrBlank()) {
     caUrl = URI.create(caUrlStr)
 }
 
 var caPassword: String? = null
 @Nullable
-val caPasswordString: String? = System.getenv("CODEARTIFACT_AUTH_TOKEN")
+val caPasswordString: String? = System.getenv("CODEARTIFACT_TOKEN")
 if (!caPasswordString.isNullOrBlank()) {
     caPassword = caPasswordString
 }
@@ -56,8 +56,8 @@ repositories {
 }
 
 dependencies {
-    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:1.0-SNAPSHOT")
-    implementation("software.amazon.cryptography:AwsCryptographicMaterialProviders:1.0-SNAPSHOT")
+    implementation("software.amazon.cryptography:aws-database-encryption-sdk-dynamodb:3.0.0-preview-1")
+    implementation("software.amazon.cryptography:aws-cryptographic-material-providers:1.0.0-preview-1")
 
     implementation(platform("software.amazon.awssdk:bom:2.19.1"))
     implementation("software.amazon.awssdk:dynamodb")

README.md

@@ -1,5 +1,10 @@
 # AWS Database Encryption SDK for DynamoDB in Java
 
+Note: The AWS Cryptographic Material Providers Library is released as a
+[developer preview](https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle)
+and is subject to change.
+The current release is not intended to be used in production environments.
+
 The AWS Database Encryption SDK (DB-ESDK) for DynamoDB in Java is a client-side encryption 
 library that allows you to perform attribute-level encryption, enabling you to encrypt specific 
 attribute values within items before storing them in your DynamoDB table. All encryption and 

SUPPORT_POLICY.rst

@@ -21,9 +21,9 @@ This table describes the current support status of each major version of the AWS
       - Current status
       - Next status
       - Next status date
-    * - 3.x
-      - General Availability
+    * - 3.0.0-preview-1
+      - Developer Preview
       -
       -
 
-.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle
+.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle