chore: update mainline-1.x cd

.releaserc

@@ -53,11 +53,11 @@
           ["@semantic-release/exec", {
             "prepareCmd": "mvn versions:set -DnewVersion=${nextRelease.version} \
                     -DautoVersionSubmodules=true && find README.md -type f \
-                    -exec sed -i '' 's/<version>.*<\\/version>/<version>${nextRelease.version}<\\/version>/g' {} \\;"
+                    -exec sed -i 's/<version>.*<\\/version>/<version>${nextRelease.version}<\\/version>/g' {} \\;"
           }],
           ["@semantic-release/git", {
             "assets": ["./CHANGELOG.md", "./pom.xml", "./README.md"],
-            "message": "AWS Encryption SDK ${nextRelease.version} Release \n\n${nextRelease.notes}"
+            "message": "AWS Encryption SDK ${nextRelease.version} Release -- $(date +%Y-%m-%d) \n\n${nextRelease.notes}"
           }],
     ],
     "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java",

README.md

@@ -56,7 +56,7 @@ You can get the latest release from Maven:
 <dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-encryption-sdk-java</artifactId>
-  <version>1.9.0</version>
+  <version>1.9.1</version>
 </dependency>
 ```
 

codebuild/release/artifact-hunt.yml

@@ -0,0 +1,20 @@
+## Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+## SPDX-License-Identifier: Apache-2.0
+
+version: 0.2
+
+env:
+  variables:
+    BRANCH: "mainline-1.x"
+
+phases:
+  install:
+    runtime-versions:
+      java: corretto11
+  pre_build:
+    commands:
+      - git checkout $BRANCH
+      - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
+  build:
+    commands:
+      - ./look_4_version.sh $VERSION

codebuild/release/release-prod.yml

@@ -38,4 +38,3 @@ phases:
           -Dsonatype.password="$SONA_PASSWORD" \
           --no-transfer-progress \
           -s $SETTINGS_FILE
-      - ./look_4_version.sh $VERSION

codebuild/release/release.yml

@@ -70,10 +70,18 @@ batch:
       - version
     buildspec: codebuild/release/release-prod.yml
 
+# Wait for artifacts to be available
+  - identifier: availability
+    depend-on:
+      - version
+    buildspec: codebuild/release/artifact-hunt.yml
+    env:
+      image: aws/codebuild/standard:5.0
+
 # Validate Maven Central with supported JDK and Corretto
   - identifier: validate_prod_release_openjdk8
     depend-on:
-      - publish
+      - availability
     buildspec: codebuild/release/validate-prod.yml
     env:
       variables:
@@ -83,7 +91,7 @@ batch:
 
   - identifier: validate_prod_release_openjdk11
     depend-on:
-      - publish
+      - availability
     buildspec: codebuild/release/validate-prod.yml
     env:
       variables:
@@ -93,7 +101,7 @@ batch:
 
   - identifier: validate_prod_release_corretto8
     depend-on:
-      - publish
+      - availability
     buildspec: codebuild/release/validate-prod.yml
     env:
       variables:
@@ -103,7 +111,7 @@ batch:
 
   - identifier: validate_prod_release_corretto11
     depend-on:
-      - publish
+      - availability
     buildspec: codebuild/release/validate-prod.yml
     env:
       variables:

codebuild/release/upload_artifacts.yml

@@ -5,26 +5,31 @@ version: 0.2
 
 env:
   variables:
-    BRANCH: "mainline-1.x"
+    BRANCH: "master"
   git-credential-helper: yes
   secrets-manager:
-    GH_TOKEN: Github/aws-crypto-tools-ci-bot:personal\ access\ token
+    GH_TOKEN: Github/aws-crypto-tools-ci-bot:ESDK Release Token
 
 phases:
   pre_build:
     commands:
-      - git checkout $BRANCH
         # get new project version
       - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
+      - git config --global user.name "aws-crypto-tools-ci-bot"
+      - git config --global user.email "[email protected]"
+      - echo $GH_TOKEN > token.txt
+      - export GH_TOKEN=
         # install gh cli in order to upload artifacts
       - curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
       - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null
       - apt update
       - apt install gh
+      - git checkout $BRANCH
   build:
     commands:
       - gh version
-      - gh auth login --with-token < $GH_TOKEN
+      - gh auth login --with-token < token.txt
+      - gh auth status
       - |
         mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
           -DrepoUrl=https://aws.oss.sonatype.org \
@@ -37,4 +42,4 @@ phases:
         mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
           -DrepoUrl=https://aws.oss.sonatype.org \
           -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc
-      - gh release upload v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar
+      - gh release create v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar -d -F CHANGELOG.md -t "AWS Encryption SDK ${VERSION} Release -- $(date +%Y-%m-%d)"

codebuild/release/version.yml

@@ -26,5 +26,5 @@ phases:
       - git checkout $BRANCH
   build:
     commands:
-     - npx semantic-release --branches $BRANCH --no-ci
+      - npx semantic-release --branches $BRANCH --no-ci