From 1d30b42af2d1c3f5ec85e2253a88bf188430eb6d Mon Sep 17 00:00:00 2001
From: nvasiu <nvasiu@amazon.com>
Date: Thu, 11 Jun 2026 18:18:13 +0000
Subject: [PATCH] chore: use github secrets for maven publish

---
 .github/workflows/release_maven.yml | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/release_maven.yml b/.github/workflows/release_maven.yml
index 8d446779a..f4c6b8e83 100644
--- a/.github/workflows/release_maven.yml
+++ b/.github/workflows/release_maven.yml
@@ -20,13 +20,9 @@ on:
 
 permissions:
   contents: write
-  id-token: write
   issues: read
   pull-requests: read
 
-env:
-  AWS_REGION: us-west-2
-
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -270,13 +266,6 @@ jobs:
           distribution: 'corretto'
           cache: maven
 
-      - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v6.2.0
-        with:
-          role-to-assume: "${{ secrets.ACTIONS_MVN_ROLE_NAME }}"
-          role-session-name: mavenreleasesession
-          aws-region: ${{ env.AWS_REGION }}
-
       - name: Set release version
         run: mvn -q versions:set -DnewVersion=${{ github.event.inputs.release_version }} -DgenerateBackupPoms=false
 
@@ -306,18 +295,14 @@ jobs:
             sdk/target/aws-durable-execution-sdk-java-${{ github.event.inputs.release_version }}.jar
             sdk-testing/target/aws-durable-execution-sdk-java-testing-${{ github.event.inputs.release_version }}.jar
       
-      - name: Get Env variables
-        uses: aws-actions/aws-secretsmanager-get-secrets@v3
-        with:
-            secret-ids: |
-                mvn_gpg_keys
-                mvn_account_keys
-            parse-json-secrets: true
-          
       - name: Sign and publish
         run: bash .github/scripts/maven_publish.sh
         env:
           RELEASE_VERSION: ${{ github.event.inputs.release_version }}
+          MVN_GPG_KEYS_GPGPRIVATEKEY: ${{ secrets.MVN_GPG_KEYS_GPGPRIVATEKEY }}
+          MVN_GPG_KEYS_GPGPASSPHRASE: ${{ secrets.MVN_GPG_KEYS_GPGPASSPHRASE }}
+          MVN_ACCOUNT_KEYS_USERNAME: ${{ secrets.MVN_ACCOUNT_KEYS_USERNAME }}
+          MVN_ACCOUNT_KEYS_PASSWORD: ${{ secrets.MVN_ACCOUNT_KEYS_PASSWORD }}
 
       - name: Set next development version
         run: mvn -q versions:set -DnewVersion=${{ github.event.inputs.next_version }} -DgenerateBackupPoms=false