fix(ci): add correcting signing keys for ci and release process on 1.x (#1027)

josecorella · web-flow · commit 803c64f89490 · 2022-08-25T15:23:44.000-07:00
diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml
@@ -12,8 +12,8 @@ env:
   parameter-store:
     ACCOUNT: /CodeBuild/AccountIdentity
   secrets-manager:
-    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
-    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
+    GPG_KEY: Maven-GPG-Keys-CI-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-CI-Credentials:Passphrase
 
 phases:
   install:
@@ -24,7 +24,7 @@ phases:
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
       - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
       - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
-      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-CI --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
   build:
     commands:
diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml
@@ -7,8 +7,8 @@ env:
   variables:
     BRANCH: "mainline-1.x"
   secrets-manager:
-    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
-    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
+    GPG_KEY: Maven-GPG-Keys-Release-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Release-Credentials:Passphrase
     SONA_USERNAME: Sonatype-Team-Account:Username 
     SONA_PASSWORD: Sonatype-Team-Account:Password
 
@@ -21,7 +21,7 @@ phases:
       - git checkout $BRANCH
       - export VERSION=$(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
-      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-Release --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
   build:
     commands:
diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml
@@ -12,8 +12,8 @@ env:
   parameter-store:
     ACCOUNT: /CodeBuild/AccountId
   secrets-manager:
-    GPG_KEY: Maven-GPG-Keys-Credentials:Keyname
-    GPG_PASS: Maven-GPG-Keys-Credentials:Passphrase
+    GPG_KEY: Maven-GPG-Keys-Release-Credentials:Keyname
+    GPG_PASS: Maven-GPG-Keys-Release-Credentials:Passphrase
 
 phases:
   install:
@@ -25,7 +25,7 @@ phases:
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
       - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
       - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
-      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
+      - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-Release --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
   build:
     commands:
