From 1f50fcb46e3aace8b3fd373798ca2077aca33420 Mon Sep 17 00:00:00 2001 From: Markku Halinen Date: Mon, 29 Dec 2025 14:38:17 +0100 Subject: [PATCH 1/5] build: migrate repository to use CodeArtifact in build and publish --- .github/workflows/publish-to-codeartifact.yml | 44 +++++++++++++++++++ framework/build.gradle | 31 +++++-------- 2 files changed, 56 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/publish-to-codeartifact.yml diff --git a/.github/workflows/publish-to-codeartifact.yml b/.github/workflows/publish-to-codeartifact.yml new file mode 100644 index 0000000000..10b7fc442c --- /dev/null +++ b/.github/workflows/publish-to-codeartifact.yml @@ -0,0 +1,44 @@ +name: Publish to CodeArtifact + +on: + release: + types: [published] + +env: + AWS_REGION: us-east-1 + +jobs: + publish: + runs-on: + group: Infrastructure + labels: [self-hosted, linux, arm64] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '21' + distribution: 'corretto' + + - name: Login to CodeArtifact + run: | + export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \ + --domain ${{ vars.CODEARTIFACT_DOMAIN }} \ + --domain-owner ${{ vars.CODEARTIFACT_DOMAIN_OWNER }} \ + --region ${{ env.AWS_REGION }} \ + --query authorizationToken \ + --output text) + echo "CODEARTIFACT_AUTH_TOKEN=$CODEARTIFACT_AUTH_TOKEN" >> $GITHUB_ENV + + - name: Build with Gradle + run: ./gradlew build + + - name: Run tests + run: ./gradlew test + + - name: Publish to CodeArtifact + run: ./gradlew publish + diff --git a/framework/build.gradle b/framework/build.gradle index 7c6d61b925..033e5e24b7 100644 --- a/framework/build.gradle +++ b/framework/build.gradle @@ -3,10 +3,11 @@ import org.yaml.snakeyaml.Yaml buildscript { repositories { maven { - url "https://repo.nos.to/content/repositories/central/" + name = "codeartifact" + url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") credentials { - username = "$mavenUser" - password = "$mavenPassword" + username = "aws" + password = System.getenv("CODEARTIFACT_AUTH_TOKEN") } } } @@ -54,19 +55,11 @@ def deps = new Yaml().load(file("dependencies.yml").text) repositories { mavenLocal() maven { - name "NostoCentral" - url "https://repo.nos.to/content/repositories/central/" + name = "codeartifact" + url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") credentials { - username = "$mavenUser" - password = "$mavenPassword" - } - } - maven { - name "NostoDependencies" - url 'https://repo.nos.to/content/repositories/NostoDependencies/' - credentials { - username "$mavenUser" - password "$mavenPassword" + username = "aws" + password = System.getenv("CODEARTIFACT_AUTH_TOKEN") } } } @@ -217,11 +210,11 @@ publishing { } repositories { maven { - name "NostoDependencies" - url 'https://repo.nos.to/content/repositories/NostoDependencies/' + name = "codeartifact" + url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") credentials { - username "$mavenUser" - password "$mavenPassword" + username = "aws" + password = System.getenv("CODEARTIFACT_AUTH_TOKEN") } } } From 5fa108b20c66ceee97d65126dfd64e5bb3cdc149 Mon Sep 17 00:00:00 2001 From: Markku Halinen Date: Thu, 19 Feb 2026 13:35:16 +0200 Subject: [PATCH 2/5] ci: read codeartifact credentials from gradle.properties --- .github/workflows/publish-to-codeartifact.yml | 6 +++++- framework/build.gradle | 12 ++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-to-codeartifact.yml b/.github/workflows/publish-to-codeartifact.yml index 10b7fc442c..cc88cee3f7 100644 --- a/.github/workflows/publish-to-codeartifact.yml +++ b/.github/workflows/publish-to-codeartifact.yml @@ -31,7 +31,11 @@ jobs: --region ${{ env.AWS_REGION }} \ --query authorizationToken \ --output text) - echo "CODEARTIFACT_AUTH_TOKEN=$CODEARTIFACT_AUTH_TOKEN" >> $GITHUB_ENV + cat < gradle.properties + mavenUrl=${{ vars.CODEARTIFACT_DOMAIN }}-${{ vars.CODEARTIFACT_DOMAIN_OWNER }}.d.codeartifact.${{ env.AWS_REGION }}.amazonaws.com/maven/java + mavenUser=aws + mavenPassword=$CODEARTIFACT_AUTH_TOKEN + EOS - name: Build with Gradle run: ./gradlew build diff --git a/framework/build.gradle b/framework/build.gradle index 033e5e24b7..4ff38b2fad 100644 --- a/framework/build.gradle +++ b/framework/build.gradle @@ -4,10 +4,10 @@ buildscript { repositories { maven { name = "codeartifact" - url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") + url = "$mavenUrl" credentials { - username = "aws" - password = System.getenv("CODEARTIFACT_AUTH_TOKEN") + username = "$mavenUser + password = "$mavenPassword" } } } @@ -211,10 +211,10 @@ publishing { repositories { maven { name = "codeartifact" - url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") + url = "$mavenUrl" credentials { - username = "aws" - password = System.getenv("CODEARTIFACT_AUTH_TOKEN") + username = "$mavenUser" + password = "$mavenPassword" } } } From bb5ad4a1962a9c7d24ed6697c712cf87d14bfe5c Mon Sep 17 00:00:00 2001 From: Markku Halinen Date: Thu, 19 Feb 2026 13:36:32 +0200 Subject: [PATCH 3/5] fix: missing end quotes --- framework/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/build.gradle b/framework/build.gradle index 4ff38b2fad..416a7f429e 100644 --- a/framework/build.gradle +++ b/framework/build.gradle @@ -6,7 +6,7 @@ buildscript { name = "codeartifact" url = "$mavenUrl" credentials { - username = "$mavenUser + username = "$mavenUser" password = "$mavenPassword" } } From 6a4038990edc0e94da53f3977abe3d7d49bc0d68 Mon Sep 17 00:00:00 2001 From: Markku Halinen Date: Thu, 19 Feb 2026 13:44:18 +0200 Subject: [PATCH 4/5] ci: pin third party actions versions --- .github/workflows/publish-to-codeartifact.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-to-codeartifact.yml b/.github/workflows/publish-to-codeartifact.yml index cc88cee3f7..5c8739f7a0 100644 --- a/.github/workflows/publish-to-codeartifact.yml +++ b/.github/workflows/publish-to-codeartifact.yml @@ -15,10 +15,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '21' distribution: 'corretto' From 2aad4af51bf72ecf5314fccbc8d989c650d60b26 Mon Sep 17 00:00:00 2001 From: Markku Halinen Date: Thu, 19 Feb 2026 13:57:40 +0200 Subject: [PATCH 5/5] fix: remaining maven repository configuration block --- framework/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/framework/build.gradle b/framework/build.gradle index 416a7f429e..39cb99b6f3 100644 --- a/framework/build.gradle +++ b/framework/build.gradle @@ -56,10 +56,10 @@ repositories { mavenLocal() maven { name = "codeartifact" - url = uri("https://nosto-673366506863.d.codeartifact.us-east-1.amazonaws.com/maven/java/") + url = "$mavenUrl" credentials { - username = "aws" - password = System.getenv("CODEARTIFACT_AUTH_TOKEN") + username = "$mavenUser" + password = "$mavenPassword" } } }