From 593eed8bd1ef81153800fd2ab67b4151038516ab Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 12 Feb 2024 16:41:14 -0800 Subject: [PATCH 01/33] chore(GHA): add semantic release manual gha --- .github/workflows/semantic_release.yml | 41 ++++++++++++++++++++++++++ .releaserc.cjs | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/semantic_release.yml diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml new file mode 100644 index 000000000..54464e77f --- /dev/null +++ b/.github/workflows/semantic_release.yml @@ -0,0 +1,41 @@ +# This workflow runs semantic release, bumps, generates changelog, and tags the project +name: Semantic Release + +on: + workflow_dispatch: + inputs: + dry-run: + description: "Is this dry-run mode?" + required: true + type: string + +jobs: + semantic-release: + if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz"]', github.actor) + runs-on: macos-latest + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths on Git checkout + run: | + git config --global core.longpaths true + - uses: actions/checkout@v3 + + # We only pull in the submodules we need to build the library + - run: git submodule update --init libraries + + # We need access to the role that is able to get CI Bot Creds + - name: Configure AWS Credentials for Release + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 + role-session-name: CI_Bot_Release + + # Use AWS Secrets Manger GHA to retrieve CI Bot Creds + - name: Get CI Bot Creds Secret + uses: aws-actions/aws-secretsmanager-get-secrets@v2 + with: + secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U + \ No newline at end of file diff --git a/.releaserc.cjs b/.releaserc.cjs index d28a69fa5..27225ec19 100644 --- a/.releaserc.cjs +++ b/.releaserc.cjs @@ -53,7 +53,7 @@ const Runtimes = { * @type {import('semantic-release').GlobalConfig} */ module.exports = { - //branches: ["main"], + branches: ["main"], repositoryUrl: "git@github.com:aws/aws-cryptographic-material-providers-library.git", plugins: [ From 2d01dd7ee3cec1507c2d3c1fee25d76e5cfb0602 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:31:33 -0800 Subject: [PATCH 02/33] mimic --- .github/workflows/sem_ver.yml | 33 ++++++++++++++++ .github/workflows/semantic_release.yml | 52 +++++++++++++------------- 2 files changed, 58 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/sem_ver.yml diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml new file mode 100644 index 000000000..5792a7a4c --- /dev/null +++ b/.github/workflows/sem_ver.yml @@ -0,0 +1,33 @@ +# This workflow runs semantic release in dry run mode +name: Library format check + +on: + pull_request: + +jobs: + semantic-release: + runs-on: macos-latest + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths on Git checkout + run: | + git config --global core.longpaths true + - uses: actions/checkout@v3 + # We only pull in the submodules we need to build the library + - run: git submodule update --init libraries + + # We need access to the role that is able to get CI Bot Creds + - name: Configure AWS Credentials for Release + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 + role-session-name: CI_Bot_Release + + # Use AWS Secrets Manger GHA to retrieve CI Bot Creds + - name: Get CI Bot Creds Secret + uses: aws-actions/aws-secretsmanager-get-secrets@v2 + with: + secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 54464e77f..fd998c963 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -10,32 +10,30 @@ on: type: string jobs: - semantic-release: - if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz"]', github.actor) - runs-on: macos-latest - permissions: - id-token: write - contents: read - steps: - - name: Support longpaths on Git checkout - run: | - git config --global core.longpaths true - - uses: actions/checkout@v3 - - # We only pull in the submodules we need to build the library - - run: git submodule update --init libraries + semantic-release: + if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz"]', github.actor) + runs-on: macos-latest + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths on Git checkout + run: | + git config --global core.longpaths true + - uses: actions/checkout@v3 + # We only pull in the submodules we need to build the library + - run: git submodule update --init libraries - # We need access to the role that is able to get CI Bot Creds - - name: Configure AWS Credentials for Release - uses: aws-actions/configure-aws-credentials@v2 - with: - aws-region: us-west-2 - role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 - role-session-name: CI_Bot_Release + # We need access to the role that is able to get CI Bot Creds + - name: Configure AWS Credentials for Release + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 + role-session-name: CI_Bot_Release - # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - - name: Get CI Bot Creds Secret - uses: aws-actions/aws-secretsmanager-get-secrets@v2 - with: - secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U - \ No newline at end of file + # Use AWS Secrets Manger GHA to retrieve CI Bot Creds + - name: Get CI Bot Creds Secret + uses: aws-actions/aws-secretsmanager-get-secrets@v2 + with: + secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U From 1cb532565d1aff3740cdbe8aa6aaee157eacb56c Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:36:57 -0800 Subject: [PATCH 03/33] update --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 5792a7a4c..2828215d7 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -1,5 +1,5 @@ # This workflow runs semantic release in dry run mode -name: Library format check +name: Semantic Release Dry Run Mode on: pull_request: From a6c56796e4410dd0237d72c0303b555774664264 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:45:51 -0800 Subject: [PATCH 04/33] attempt to log in as bot --- .github/workflows/sem_ver.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 2828215d7..ed8089e64 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -31,3 +31,9 @@ jobs: uses: aws-actions/aws-secretsmanager-get-secrets@v2 with: secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U + + # Log in as the CI Bot + - name: Log in as CI Bot + run: | + gh auth login --with-token < GITHUB_AWS_CRYPTO_TOOLS_CI_BOT + gh auth status From 49ad623b6489a2a0c68afd5279aa128e617b124d Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:48:38 -0800 Subject: [PATCH 05/33] update --- .github/workflows/sem_ver.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index ed8089e64..32fe72c2d 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -35,5 +35,8 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < GITHUB_AWS_CRYPTO_TOOLS_CI_BOT + git config --global user.name "aws-crypto-tools-ci-bot" + git config --global user.email "no-reply@noemail.local" + echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt + gh auth login --with-token < token.txt gh auth status From 45d980bfeb66146a151241a76aa5284a4d5a0407 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:50:01 -0800 Subject: [PATCH 06/33] another --- .github/workflows/sem_ver.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 32fe72c2d..ebcb6ea7f 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -35,8 +35,6 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - git config --global user.name "aws-crypto-tools-ci-bot" - git config --global user.email "no-reply@noemail.local" echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt gh auth login --with-token < token.txt gh auth status From bc472f0e85aab7b26672dfc791e909df036e0884 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 10:52:02 -0800 Subject: [PATCH 07/33] ? --- .github/workflows/sem_ver.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index ebcb6ea7f..3befe6a19 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -35,6 +35,7 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | + gh auth status echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt gh auth login --with-token < token.txt gh auth status From 4f8b5777adadd399949b45310755c7e25cd27f52 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:15:17 -0800 Subject: [PATCH 08/33] maybe? --- .github/workflows/sem_ver.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3befe6a19..17d16b309 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -30,12 +30,12 @@ jobs: - name: Get CI Bot Creds Secret uses: aws-actions/aws-secretsmanager-get-secrets@v2 with: - secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U + secret-ids: Github/aws-crypto-tools-ci-bot:ESDK Release Token # Log in as the CI Bot - - name: Log in as CI Bot - run: | - gh auth status - echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt - gh auth login --with-token < token.txt - gh auth status + # - name: Log in as CI Bot + # run: | + # gh auth status + # echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt + # gh auth login --with-token < token.txt + # gh auth status From d4378df671a1d2bdca14ab8d84b79dfb7200a6b0 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:17:53 -0800 Subject: [PATCH 09/33] add dry run --- .github/workflows/sem_ver.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 17d16b309..245aa13ae 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -25,6 +25,11 @@ jobs: aws-region: us-west-2 role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release + + - name: Run Semantic Release in dry run mode + run: | + make setup_semantic_release + make dry_run_semantic_release # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - name: Get CI Bot Creds Secret @@ -39,3 +44,4 @@ jobs: # echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt # gh auth login --with-token < token.txt # gh auth status + From c8da060d86a8022b36bab71fb27a312b777ee5bf Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:21:25 -0800 Subject: [PATCH 10/33] upgrade node --- .github/workflows/sem_ver.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 245aa13ae..4f76d3779 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -26,6 +26,11 @@ jobs: role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release + - name: Upgrade Node + uses: actions/setup-node@v4 + with: + node-version: 20 + - name: Run Semantic Release in dry run mode run: | make setup_semantic_release From 3db45e5410646c1e4107be05cf52cb0e6d89d058 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:45:52 -0800 Subject: [PATCH 11/33] parse jason --- .github/workflows/sem_ver.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 4f76d3779..2e3fb7411 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -31,16 +31,18 @@ jobs: with: node-version: 20 - - name: Run Semantic Release in dry run mode - run: | - make setup_semantic_release - make dry_run_semantic_release + # - name: Run Semantic Release in dry run mode + # run: | + # make setup_semantic_release + # git checkout -b dry + # make dry_run_semantic_release # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - name: Get CI Bot Creds Secret uses: aws-actions/aws-secretsmanager-get-secrets@v2 with: - secret-ids: Github/aws-crypto-tools-ci-bot:ESDK Release Token + secret-ids: Github/aws-crypto-tools-ci-bot + parse-json-secrets: true # Log in as the CI Bot # - name: Log in as CI Bot From 8b3ccd3a92f7149e58614d0299b89719fe0b529e Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:48:42 -0800 Subject: [PATCH 12/33] attempt --- .github/workflows/sem_ver.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 2e3fb7411..4f005371a 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -43,12 +43,10 @@ jobs: with: secret-ids: Github/aws-crypto-tools-ci-bot parse-json-secrets: true - + # Log in as the CI Bot - # - name: Log in as CI Bot - # run: | - # gh auth status - # echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT > token.txt - # gh auth login --with-token < token.txt - # gh auth status + - name: Log in as CI Bot + run: | + gh auth login --with-token < echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_ + gh auth status From d79b7fd3ece9720cef2b88f1e111f4b83d528d01 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:54:19 -0800 Subject: [PATCH 13/33] attempt 2 --- .github/workflows/sem_ver.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 4f005371a..90459abee 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,6 +47,7 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < echo $GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_ + gh auth login --with-token < echo $token gh auth status - + env: + token: ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} From b0f8447ee42ea96371ec1ced8fea160c33b61cf3 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 12:58:06 -0800 Subject: [PATCH 14/33] attempt 3 --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 90459abee..c8545236c 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,7 +47,7 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < echo $token + gh auth login --with-token < echo "$token" gh auth status env: token: ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} From f3a851facdf88d9e50a167e34d4760f7500aaf4d Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:00:22 -0800 Subject: [PATCH 15/33] update --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index c8545236c..7cfed60f2 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,7 +47,7 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < echo "$token" + gh auth login --with-token < echo ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} gh auth status env: token: ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} From 88b750d475ed97524194ab38728f0f44c25d8e85 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:04:29 -0800 Subject: [PATCH 16/33] update: --- .github/workflows/sem_ver.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 7cfed60f2..7b1d9f076 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,7 +47,5 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < echo ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} + gh auth login --with-token < echo "${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}}" gh auth status - env: - token: ${{secrets.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} From e8c262c0766d6b036d10f95f4ac455d7c9d8c09b Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:06:15 -0800 Subject: [PATCH 17/33] no need to echo? --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 7b1d9f076..37446cc13 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,5 +47,5 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < echo "${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}}" + gh auth login --with-token < "${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}}" gh auth status From 9a08eb4e6db5562e7866eeb7bf29e8588ab9293d Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:07:55 -0800 Subject: [PATCH 18/33] ? --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 37446cc13..62afa2e47 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,5 +47,5 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < "${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}}" + gh auth login --with-token < ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} gh auth status From 02a60d04aa97b47203461624101f3da9b53de2ea Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:10:59 -0800 Subject: [PATCH 19/33] m --- .github/workflows/sem_ver.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 62afa2e47..3bf8f3ec4 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,5 +47,6 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - gh auth login --with-token < ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} + echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} > token.txt + gh auth login --with-token < token.txt gh auth status From 16dec3d844043ede6ffd66658222f4e3bd8c6abf Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:12:52 -0800 Subject: [PATCH 20/33] ? --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3bf8f3ec4..877f99eab 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,6 +47,6 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_PERSONAL_ACCESS_TOKEN__NEW_TOKEN_FORMAT_}} > token.txt + echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt gh auth login --with-token < token.txt gh auth status From 66c7e27dc019aee1d81d9b2916808cdbb2e5e9b6 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:17:02 -0800 Subject: [PATCH 21/33] ? --- .github/workflows/sem_ver.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 877f99eab..9b85e6993 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -49,4 +49,5 @@ jobs: run: | echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt gh auth login --with-token < token.txt + rm token.txt gh auth status From a3229cea5574290c7f2593ec1b6401d536db00a4 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:26:29 -0800 Subject: [PATCH 22/33] ? --- .github/workflows/sem_ver.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 9b85e6993..3c52f03c2 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -31,12 +31,6 @@ jobs: with: node-version: 20 - # - name: Run Semantic Release in dry run mode - # run: | - # make setup_semantic_release - # git checkout -b dry - # make dry_run_semantic_release - # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - name: Get CI Bot Creds Secret uses: aws-actions/aws-secretsmanager-get-secrets@v2 @@ -51,3 +45,10 @@ jobs: gh auth login --with-token < token.txt rm token.txt gh auth status + + # Run Semantic Release in dry run mode + - name: Run Semantic Release in dry run mode + run: | + make setup_semantic_release + git checkout -b dry-${{github.sha}} + make dry_run_semantic_release From 074b97e15a91008ec9d849139b79df6989f3e803 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:30:12 -0800 Subject: [PATCH 23/33] maybe --- .github/workflows/sem_ver.yml | 1 + .releaserc.cjs | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3c52f03c2..3c171e151 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -51,4 +51,5 @@ jobs: run: | make setup_semantic_release git checkout -b dry-${{github.sha}} + git push --set-upstream origin dry-${{github.sha}} make dry_run_semantic_release diff --git a/.releaserc.cjs b/.releaserc.cjs index 27225ec19..811676839 100644 --- a/.releaserc.cjs +++ b/.releaserc.cjs @@ -53,7 +53,10 @@ const Runtimes = { * @type {import('semantic-release').GlobalConfig} */ module.exports = { - branches: ["main"], + branches: [ + "main", + "dry-*" + ], repositoryUrl: "git@github.com:aws/aws-cryptographic-material-providers-library.git", plugins: [ From 2613a2125904c58628fbede7ef9b425907958251 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:37:15 -0800 Subject: [PATCH 24/33] update --- .github/workflows/sem_ver.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3c171e151..3c52f03c2 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -51,5 +51,4 @@ jobs: run: | make setup_semantic_release git checkout -b dry-${{github.sha}} - git push --set-upstream origin dry-${{github.sha}} make dry_run_semantic_release From bd10b00b18e80be9ede6ec29ce73dba1684aca22 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:40:21 -0800 Subject: [PATCH 25/33] this --- .github/workflows/sem_ver.yml | 2 +- .releaserc.cjs | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3c52f03c2..c8405c1de 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -50,5 +50,5 @@ jobs: - name: Run Semantic Release in dry run mode run: | make setup_semantic_release - git checkout -b dry-${{github.sha}} + git checkout main make dry_run_semantic_release diff --git a/.releaserc.cjs b/.releaserc.cjs index 811676839..27225ec19 100644 --- a/.releaserc.cjs +++ b/.releaserc.cjs @@ -53,10 +53,7 @@ const Runtimes = { * @type {import('semantic-release').GlobalConfig} */ module.exports = { - branches: [ - "main", - "dry-*" - ], + branches: ["main"], repositoryUrl: "git@github.com:aws/aws-cryptographic-material-providers-library.git", plugins: [ From 98713aa82f602375b93df36d5274991740c7257e Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:42:31 -0800 Subject: [PATCH 26/33] specific --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index c8405c1de..91bc761e3 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -50,5 +50,5 @@ jobs: - name: Run Semantic Release in dry run mode run: | make setup_semantic_release - git checkout main + git checkout origin main make dry_run_semantic_release From 324dcf81e020e0d5775a24bbbf819146314dfdfa Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:46:38 -0800 Subject: [PATCH 27/33] more --- .github/workflows/sem_ver.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 91bc761e3..3efa1e838 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -48,7 +48,10 @@ jobs: # Run Semantic Release in dry run mode - name: Run Semantic Release in dry run mode - run: | + uses: actions/checkout@v4 + with: + ref: main + - run: | make setup_semantic_release git checkout origin main make dry_run_semantic_release From 8461f1c8b7b0c34b357f4625f1855eb9dc91014c Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 13:48:21 -0800 Subject: [PATCH 28/33] oops --- .github/workflows/sem_ver.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 3efa1e838..bfa000320 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -53,5 +53,4 @@ jobs: ref: main - run: | make setup_semantic_release - git checkout origin main make dry_run_semantic_release From 179673ef1c1b5140088e138354b6f0d1dd093370 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 14:03:25 -0800 Subject: [PATCH 29/33] finish --- .github/workflows/sem_ver.yml | 23 ++++++++--------- .github/workflows/semantic_release.yml | 35 ++++++++++++++++++++++++-- 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index bfa000320..b2642f971 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -25,11 +25,11 @@ jobs: aws-region: us-west-2 role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release - + - name: Upgrade Node uses: actions/setup-node@v4 - with: - node-version: 20 + with: + node-version: 20 # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - name: Get CI Bot Creds Secret @@ -41,16 +41,15 @@ jobs: # Log in as the CI Bot - name: Log in as CI Bot run: | - echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt - gh auth login --with-token < token.txt - rm token.txt - gh auth status - - # Run Semantic Release in dry run mode + echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt + gh auth login --with-token < token.txt + rm token.txt + gh auth status + + # Test to see if we can setup semantic release - name: Run Semantic Release in dry run mode uses: actions/checkout@v4 with: - ref: main + ref: main - run: | - make setup_semantic_release - make dry_run_semantic_release + make setup_semantic_release diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index fd998c963..8635a8e63 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: inputs: dry-run: - description: "Is this dry-run mode?" + description: "Are you releasing a new version? (Y/n)" required: true type: string @@ -32,8 +32,39 @@ jobs: role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release + - name: Upgrade Node + uses: actions/setup-node@v4 + with: + node-version: 20 + # Use AWS Secrets Manger GHA to retrieve CI Bot Creds - name: Get CI Bot Creds Secret uses: aws-actions/aws-secretsmanager-get-secrets@v2 with: - secret-ids: arn:aws:secretsmanager:us-west-2:587316601012:secret:Github/aws-crypto-tools-ci-bot-AGUB3U + secret-ids: Github/aws-crypto-tools-ci-bot + parse-json-secrets: true + + # Log in as the CI Bot + - name: Log in as CI Bot + run: | + echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt + gh auth login --with-token < token.txt + rm token.txt + gh auth status + + # Set up semantic release + - name: Setup Semantic Release + run: | + make setup_semantic_release + + # Run semantic release in dry run mode if input matches + - name: Run Semantic Release in dry run mode + if: ${{inputs.dry-run == 'n'}} + run: | + make dry_run_semantic_release + + # Run semantic release if input matches + - name: Run Semantic Release + if: ${{inputs.dry-run == 'Y'}} + run: | + make run_semantic_release From f1682d76a606f83c4bdf7cb3b620d3a024f3ed76 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 14:07:34 -0800 Subject: [PATCH 30/33] change name --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index b2642f971..cffcac8d7 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -1,5 +1,5 @@ # This workflow runs semantic release in dry run mode -name: Semantic Release Dry Run Mode +name: Semantic Release Test Installation on: pull_request: From f342705940039ee4ad3e38b24834909d2de72c09 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 14:10:56 -0800 Subject: [PATCH 31/33] fix name --- .github/workflows/sem_ver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index cffcac8d7..9e58546c8 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -47,7 +47,7 @@ jobs: gh auth status # Test to see if we can setup semantic release - - name: Run Semantic Release in dry run mode + - name: Test Semantic Release Installation uses: actions/checkout@v4 with: ref: main From 823007033e0040e023003abda4980005eaf64e1a Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 14:13:25 -0800 Subject: [PATCH 32/33] fix description and conditional --- .github/workflows/semantic_release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 8635a8e63..74428f3dc 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: inputs: dry-run: - description: "Are you releasing a new version? (Y/n)" + description: "Are you releasing a new version? (y/n)" required: true type: string @@ -65,6 +65,6 @@ jobs: # Run semantic release if input matches - name: Run Semantic Release - if: ${{inputs.dry-run == 'Y'}} + if: ${{inputs.dry-run == 'y'}} run: | make run_semantic_release From 5dc6be661bf8a8c689cb4806504a981060ee83ed Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Tue, 13 Feb 2024 14:23:32 -0800 Subject: [PATCH 33/33] comments --- .github/workflows/sem_ver.yml | 2 +- .github/workflows/semantic_release.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 9e58546c8..5a88014b0 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -1,4 +1,4 @@ -# This workflow runs semantic release in dry run mode +# This workflow tests the installation of semantic release name: Semantic Release Test Installation on: diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 74428f3dc..94370d0b3 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -11,6 +11,9 @@ on: jobs: semantic-release: + # there is no easy way in gha to check if the actor is part of the team, running semantic release is a more + # privileged operation, so we must make sure this list of users is a subset of the users labeled as maintainers of + # https://github.com/orgs/aws/teams/aws-crypto-tools if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz"]', github.actor) runs-on: macos-latest permissions: