From f0a5dacd3192a72d86b14706f0008d4d9e9f1e7c Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Tue, 21 Feb 2023 11:12:05 -0800
Subject: [PATCH] Added Publish snapshots to maven via GHA workflow (#690)
 (#692)

* Added Publish snapshots to maven via GHA workflow

Signed-off-by: Angie Zhang <langelzh@amazon.com>

* Added Publish snapshots to maven via GHA workflow

Signed-off-by: Angie Zhang <langelzh@amazon.com>

* Fixed CVE-2022-1471

Signed-off-by: Angie Zhang <langelzh@amazon.com>

* Fixed review comments

Signed-off-by: Angie Zhang <langelzh@amazon.com>

---------

Signed-off-by: Angie Zhang <langelzh@amazon.com>
(cherry picked from commit 9cdcffd8c98a2f01530655fed451cef6b9e3ae66)

Co-authored-by: Angie Zhang <langelzh@amazon.com>
Signed-off-by: Ronnak Saxena <ronsax@amazon.com>
---
 .github/workflows/maven-publish.yml | 36 +++++++++++++++++++++++++++++
 build.gradle                        | 12 +++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/maven-publish.yml

diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
new file mode 100644
index 000000000..734589752
--- /dev/null
+++ b/.github/workflows/maven-publish.yml
@@ -0,0 +1,36 @@
+name: Publish snapshots to maven
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [
+      main
+        1.*
+        2.*
+    ]
+
+jobs:
+  build-and-publish-snapshots:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin # Temurin is a distribution of adoptium
+          java-version: 11
+      - uses: actions/checkout@v3
+      - uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }}
+          aws-region: us-east-1
+      - name: publish snapshots to maven
+        run: |
+          export SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text)
+          export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text)
+          echo "::add-mask::$SONATYPE_USERNAME"
+          echo "::add-mask::$SONATYPE_PASSWORD"
+          ./gradlew publishPluginZipPublicationToSnapshotsRepository
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index 3cd991b33..2755fc34b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -112,7 +112,7 @@ configurations.all {
         force 'org.apache.httpcomponents.client5:httpclient5:5.0.3'
         force 'org.apache.httpcomponents.client5:httpclient5-osgi:5.0.3'
         force "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
-        force 'org.yaml:snakeyaml:1.32'
+        force "org.yaml:snakeyaml:${versions.snakeyaml}"
         force 'org.codehaus.plexus:plexus-utils:3.0.24'
     }
 }
@@ -248,6 +248,16 @@ publishing {
             }
         }
     }
+    repositories {
+        maven {
+            name = "Snapshots"
+            url = "https://aws.oss.sonatype.org/content/repositories/snapshots"
+            credentials {
+                username "$System.env.SONATYPE_USERNAME"
+                password "$System.env.SONATYPE_PASSWORD"
+            }
+        }
+    }
 }
 
 plugins.withId('java') {