diff --git a/.github/workflows/build-and-deploy.yaml b/.github/workflows/build-and-deploy.yaml
index 778ae00..5f515b7 100644
--- a/.github/workflows/build-and-deploy.yaml
+++ b/.github/workflows/build-and-deploy.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2023 Cask Data, Inc.
+# Copyright © 2025 Cask Data, Inc.
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
@@ -25,16 +25,6 @@ jobs:
branch: [ develop, release/0.13 ]
steps:
- - name: Get Secrets from GCP Secret Manager
- id: 'secrets'
- uses: 'google-github-actions/get-secretmanager-secrets@v0'
- with:
- secrets: |-
- CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME
- CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD
- CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
- CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY
-
- name: Recursively Checkout Repository
uses: actions/checkout@v3
with:
@@ -61,27 +51,12 @@ jobs:
command: |
cd common
MAVEN_OPTS="-Xmx16G -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError" mvn test -T2 -U -V -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
-
- - name: Set up GPG conf
- if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
- run: |
- echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
- echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
- - name: Import GPG key
- if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
- run: |
- echo "$GPG_PRIVATE_KEY" > private.key
- gpg --import --batch private.key
- env:
- GPG_PRIVATE_KEY: ${{ steps.secrets.outputs.CDAP_GPG_PRIVATE_KEY }}
-
- - name: Deploy Maven
+ - name: Submit Build to GCB
+ id: gcb
if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
working-directory: common
- run: mvn deploy -B -V -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dremoteresources.skip=true
- env:
- CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
- CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
- CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
- MAVEN_OPTS: "-Xmx12G"
\ No newline at end of file
+ run: |
+ gcloud builds submit . \
+ --config=cloudbuild.yaml \
+ --project='cdapio-github-builds' \
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
new file mode 100644
index 0000000..4911474
--- /dev/null
+++ b/cloudbuild.yaml
@@ -0,0 +1,65 @@
+# Copyright © 2025 Cask Data, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+steps:
+ - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+ id: maven-package
+ entrypoint: 'mvn'
+ args:
+ - -B
+ - -U
+ - clean
+ - package
+ - -DskipTests
+
+ - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+ id: deploy-to-artifact-registry
+ entrypoint: 'mvn'
+ args:
+ - 'deploy'
+ - '-Dmaven.wagon.http.google.EffectiveVersion=1.0.1'
+ waitFor: ['maven-package']
+
+ - name: 'bash'
+ id: create-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+ echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
+ echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
+ echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
+ echo '' >> "$${MANIFEST_FILE}"
+ echo 'publish_all: true' >> "$${MANIFEST_FILE}"
+ echo "Created manifest file: $${MANIFEST_FILE}"
+ waitFor: ['deploy-to-artifact-registry']
+
+ - name: 'gcr.io/cloud-builders/gsutil'
+ id: upload-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/mavencentral/manifests/"
+ MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+ # Use a timestamp to create a unique manifest filename for each release
+ MANIFEST_FILENAME="release_$(date -u +%Y%m%d%H%M%S).textproto"
+ echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ echo "Manifest uploaded successfully. OSS Exit Gate process should now be triggered."
+ waitFor: ['create-exit-gate-manifest']
+
+options:
+ requestedVerifyOption: VERIFIED
+ machineType: 'E2_HIGHCPU_32'
diff --git a/pom.xml b/pom.xml
index c49ce0d..c1e40c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,28 +57,26 @@ the License.
- sonatype
- https://oss.sonatype.org/content/repositories/snapshots/
+ artifact-registry
+ artifactregistry:us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral
- false
+ true
true
- always
- fail
-
- sonatype.release
- https://oss.sonatype.org/service/local/staging/deploy/maven2
-
- sonatype.snapshots
- https://oss.sonatype.org/content/repositories/snapshots
+ artifact-registry
+ artifactregistry://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral
+
+ artifact-registry
+ artifactregistry://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral
+
@@ -297,6 +295,13 @@ the License.
+
+
+ com.google.cloud.artifactregistry
+ artifactregistry-maven-wagon
+ 2.2.5
+
+
@@ -438,36 +443,6 @@ the License.
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.5
-
- ${gpg.passphrase}
- ${gpg.useagent}
-
-
-
-
- sign
-
-
-
-
-
-
-
- org.sonatype.plugins
- nexus-staging-maven-plugin
- 1.6.2
- true
-
- https://oss.sonatype.org
- sonatype.release
-
-