Migrate to maven central (#201)

* update to use maven central

* use ubuntu-latest for ci

* use [email protected]

* use role to assume instead

* add id-token permission

* use crt resource for testing

* hardcode endpoint value to test CI

* test with aws credentials set in env

* revert endpoint path and secrets

* test with CRT CI role

* use CRT credential, hardcoded

* hard coded to not use websocket

* revert test properties

* DEBUG: print system property

* DEBUG: more logs

* update websocket test properties

* setup environment variable for websocket test

* use default thing name

* revert to use SDK CI role

* clean up comments

* cleanup test changes

* clean up

* cleanup

Author: xiazhvera

.github/workflows/ci.yml

@@ -12,13 +12,15 @@ env:
   BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
   PACKAGE_NAME: aws-iot-device-sdk-java
   RUN: ${{ github.run_id }}-${{ github.run_number }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   AWS_DEFAULT_REGION: us-east-1
+  SDK_V1_CI_ROLE: ${{ secrets.CI_SDK_V1_ROLE_ARN }}
+
+permissions:
+  id-token: write # This is required for requesting the JWT
 
 jobs:
   java-compat:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
@@ -30,12 +32,23 @@ jobs:
       - name: Checkout Sources
         uses: actions/checkout@v2
       - name: Setup Java
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3.14.1
         with:
           distribution: temurin
           java-version: ${{ matrix.version }}
           cache: maven
+      - name: Configure AWS Credentials
+        id: creds
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.SDK_V1_CI_ROLE }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+          output-credentials: true
       - name: Build ${{ env.PACKAGE_NAME }} + consumers
         run: |
           java -version
           mvn -B test
+        env: 
+          AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }}

aws-iot-device-sdk-java/src/test/java/com/amazonaws/services/iot/client/CredentialUtil.java

@@ -73,10 +73,14 @@ public static AWSIotMqttClient newClient(String clientEndpoint, String clientId,
         String privateMaterial = CredentialUtil.getSecret(privateMateiralARN);
 
         if (isWebSocket == false) {
-            return newMqttTlsClient(clientEndpoint, clientId+TEST_UID, publicMaterial,
-                    privateMaterial);
+            return newMqttTlsClient(clientEndpoint, clientId+TEST_UID, publicMaterial, privateMaterial);
         } else {
-            return new AWSIotMqttClient(clientEndpoint, clientId+TEST_UID, publicMaterial, privateMaterial);
+            // For WebSocket, the public material is the AWS access key id and the private material is the AWS secret access key.
+            // Grab the credential info from environment variables.
+            String accessKeyId = System.getenv("AWS_ACCESS_KEY_ID");
+            String privateKey = System.getenv("AWS_SECRET_ACCESS_KEY");
+            String sessionToken = System.getenv("AWS_SESSION_TOKEN");
+            return new AWSIotMqttClient(clientEndpoint, clientId+TEST_UID, accessKeyId, privateKey, sessionToken);
         }
     }
 

aws-iot-device-sdk-java/src/test/java/com/amazonaws/services/iot/client/system_props_mutualAuth.properties

@@ -1,7 +1,7 @@
-clientEndpoint=ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com
+clientEndpoint=a16523t7iy5uyg-ats.iot.us-east-1.amazonaws.com
 clientId=DefaultClientId
 thingName=DefaultThingName
-privateMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:V1IotSdkIntegrationTestPrivateKey-vNUQU8
-publicMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:V1IotSdkIntegrationTestCertificate-vTRwjE
+privateMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:unit-test/privatekey-p8-d3pMKx
+publicMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:unit-test/certificate-iZBV7L
 isWebSocket=false
 authMode=CertificateMutualAuthentication

aws-iot-device-sdk-java/src/test/java/com/amazonaws/services/iot/client/system_props_websocket.properties

@@ -1,7 +1,7 @@
-clientEndpoint=ajje7lpljulm4-ats.iot.us-east-1.amazonaws.com
+clientEndpoint=a16523t7iy5uyg-ats.iot.us-east-1.amazonaws.com
 clientId=DefaultClientId
 thingName=DefaultThingName
-privateMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:V1IotSdkIntegrationTestWebsocketSecretAccessKey-MKTSaV
-publicMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:V1IotSdkIntegrationTestWebsocketAccessKeyId-1YdB9z
+privateMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:unit-test/privatekey-p8-d3pMKx
+publicMaterial=arn:aws:secretsmanager:us-east-1:123124136734:secret:unit-test/certificate-iZBV7L
 isWebSocket=true
 authMode=MqttOverWebSocketSigV4Signing

codebuild/cd/promote-release.yml

@@ -29,7 +29,7 @@ phases:
       - cp -r maven-gpg aws-iot-device-sdk-java-samples/maven-gpg
       # install settings.xml to ~/.m2/settings.xml
       - mkdir -p $HOME/.m2
-      - aws s3 cp s3://code-sharing-aws-crt/iot-sdk-java-v1.settings.xml $HOME/.m2/settings.xml
+      - aws s3 cp s3://code-sharing-aws-crt/iot-sdk-java-v1.settings.central.xml $HOME/.m2/settings.xml
       - aws --query "SecretString" secretsmanager get-secret-value --secret-id Sonatype/JIRA/token/V1 > sonatype_secret
       - jq fromjson sonatype_secret > sonatype_json
       - export ST_PASSWORD=$(jq -r '.password' sonatype_json)
@@ -49,10 +49,8 @@ phases:
   build:
     commands:
       - cd $CODEBUILD_SRC_DIR/aws-iot-device-sdk-java
-      # Trigger the release of the last staged package in the staging repository
-      - mvn -s $HOME/.m2/settings.xml clean package -Dmaven.test.skip=true
-      - mvn -s $HOME/.m2/settings.xml clean deploy -P publishing -e -X
-      - mvn -s $HOME/.m2/settings.xml nexus-staging:release -e -X
+      - mvn -B versions:set -DnewVersion=${PKG_VERSION}
+      - mvn clean deploy -P publishing -Dmaven.test.skip=true
 
 cache:
   paths:

pom.xml

@@ -5,7 +5,7 @@
   <version>0.0.1-dev</version>
   <packaging>pom</packaging>
   <name>AWS IoT Device SDK for Java</name>
-  <description>The AWS IoT Device SDK for Java provides Java APIs for devices to connect to AWS IoT service using the MQTT protocol. The SDK also provides support for AWS IoT specific features, such as Thing Shadow and Thing Shadow abstraction.</description>
+  <description>The SDK is in maintenance mode, and no longer receive feature updates. Checkout aws-iot-device-sdk for new features. The AWS IoT Device SDK for Java provides Java APIs for devices to connect to AWS IoT service using the MQTT protocol. The SDK also provides support for AWS IoT specific features, such as Thing Shadow and Thing Shadow abstraction.</description>
   <url>https://aws.amazon.com/iot/sdk</url>
   <licenses>
     <license>
@@ -34,23 +34,16 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
-  <distributionManagement>
-    <snapshotRepository>
-      <id>ossrh</id>
-      <url>https://aws.oss.sonatype.org/content/repositories/snapshots</url>
-    </snapshotRepository>
-  </distributionManagement>
   <build>
     <plugins>
       <plugin>
-        <groupId>org.sonatype.plugins</groupId>
-        <artifactId>nexus-staging-maven-plugin</artifactId>
-        <version>1.6.8</version>
+        <groupId>org.sonatype.central</groupId>
+        <artifactId>central-publishing-maven-plugin</artifactId>
+        <version>0.7.0</version>
         <extensions>true</extensions>
         <configuration>
-          <serverId>ossrh</serverId>
-          <nexusUrl>https://aws.oss.sonatype.org/</nexusUrl>
-          <autoReleaseAfterClose>false</autoReleaseAfterClose>
+            <publishingServerId>central</publishingServerId>
+            <autoPublish>true</autoPublish>
         </configuration>
       </plugin>
       <plugin>
@@ -66,7 +59,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-gpg-plugin</artifactId>
-        <version>1.6</version>
+        <version>3.2.7</version>
         <executions>
           <execution>
             <id>sign-artifacts</id>