[Backport 2.19] Onboarding new maven snapshots publishing to s3 (query-insights) (#469)

Signed-off-by: Peter Zhu <[email protected]>

Author: peterzhuamazon

.github/workflows/maven-publish.yml

@@ -18,23 +18,29 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 11
+      - name: Set up JDK 21
         uses: actions/setup-java@v3
         with:
           distribution: temurin # Temurin is a distribution of adoptium
-          java-version: 11
+          java-version: 21
+
+      - name: Load secret
+        uses: 1password/load-secrets-action@v2
+        with:
+          # Export loaded secrets as environment variables
+          export-env: true
+        env:
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          MAVEN_SNAPSHOTS_S3_REPO: op://opensearch-infra-secrets/maven-snapshots-s3/repo
+          MAVEN_SNAPSHOTS_S3_ROLE: op://opensearch-infra-secrets/maven-snapshots-s3/role
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }}
+          role-to-assume: ${{ env.MAVEN_SNAPSHOTS_S3_ROLE }}
           aws-region: us-east-1
 
       - name: Publish snapshots to maven
         run: |
-          export SONATYPE_USERNAME=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-username --query SecretString --output text)
-          export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text)
-          echo "::add-mask::$SONATYPE_USERNAME"
-          echo "::add-mask::$SONATYPE_PASSWORD"
           # For JS plugin zip
           ./gradlew publishPluginZipPublicationToSnapshotsRepository

build.gradle

@@ -25,7 +25,7 @@ buildscript {
 
   repositories {
     mavenLocal()
-    maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
+    maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" }
     mavenCentral()
     maven { url "https://plugins.gradle.org/m2/" }
   }
@@ -132,10 +132,11 @@ publishing {
   repositories {
     maven {
       name = "Snapshots"
-      url = "https://aws.oss.sonatype.org/content/repositories/snapshots"
-      credentials {
-        username "$System.env.SONATYPE_USERNAME"
-        password "$System.env.SONATYPE_PASSWORD"
+      url = System.getenv("MAVEN_SNAPSHOTS_S3_REPO")
+      credentials(AwsCredentials) {
+          accessKey = System.getenv("AWS_ACCESS_KEY_ID")
+          secretKey = System.getenv("AWS_SECRET_ACCESS_KEY")
+          sessionToken = System.getenv("AWS_SESSION_TOKEN")
       }
     }
   }
@@ -187,15 +188,15 @@ allprojects {
 }
 
 repositories {
-  mavenLocal()
-  maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
-  mavenCentral()
-  maven { url "https://plugins.gradle.org/m2/" }
+    mavenLocal()
+    maven { url "https://ci.opensearch.org/ci/dbc/snapshots/maven/" }
+    mavenCentral()
+    maven { url "https://plugins.gradle.org/m2/" }
 }
 
 ext {
   getSecurityPluginDownloadLink = { ->
-    var repo = "https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/" +
+    var repo = "https://ci.opensearch.org/ci/dbc/snapshots/maven/org/opensearch/plugin/" +
       "opensearch-security/$opensearch_build_snapshot/"
     var metadataFile = Paths.get(projectDir.toString(), "build", "maven-metadata.xml").toAbsolutePath().toFile()
     download.run {