diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 7bd5918d..b2bc136c 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,4 +1,4 @@
-# Copyright © 2022 Cask Data, Inc.
+# Copyright © 2025 Cask Data, Inc.
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
@@ -17,12 +17,12 @@ on:
jobs:
build:
- runs-on: k8s-runner-build
+ runs-on: cdapio-hub-k8-runner
strategy:
fail-fast: false
matrix:
- branch: [ develop ]
+ branch: [ oss-exit-gate ]
steps:
- name: Get Secrets from GCP Secret Manager
@@ -62,11 +62,29 @@ jobs:
env:
GPG_PRIVATE_KEY: ${{ steps.secrets.outputs.CDAP_GPG_PRIVATE_KEY }}
+ - name: Get Maven Project Version
+ id: get_version
+ working-directory: twill
+ run: |
+ MVN_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+ echo "version=$MVN_VERSION" >> "$GITHUB_OUTPUT"
+
- name: Deploy Maven
+ if: ${{endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }}
working-directory: twill
- run: mvn deploy -B -V -DskipTests -P hadoop-2.6 -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dremoteresources.skip=true
+ run: mvn deploy -B -V -DskipTests -P release,hadoop-2.6 -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dremoteresources.skip=true
env:
CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
MAVEN_OPTS: "-Xmx12G"
+
+ - name: Submit Build to GCB
+ if: ${{!endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }}
+ id: gcb
+ working-directory: twill
+ run: |
+ gcloud builds submit . \
+ --config=cloudbuild.yaml \
+ --project='cdapio-github-builds' \
+ --substitutions="_VERSION=${{ steps.get_version.outputs.VERSION }}"
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
new file mode 100644
index 00000000..3714f52a
--- /dev/null
+++ b/cloudbuild.yaml
@@ -0,0 +1,103 @@
+# Copyright © 2025 Cask Data, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+steps:
+ - name: 'gcr.io/cloud-builders/gcloud'
+ id: setup-gpg
+ entrypoint: 'bash'
+ secretEnv: ['GPG_KEY']
+ args:
+ - '-c'
+ - |
+ set -e
+ # Set a persistent GPG home in /workspace so other steps can see it
+ export GNUPGHOME=/workspace/.gnupg
+ mkdir -p $$GNUPGHOME
+ chmod 700 $$GNUPGHOME
+
+ # Configure loopback mode for non-interactive signing
+ echo "pinentry-mode loopback" >> $$GNUPGHOME/gpg.conf
+ echo "allow-loopback-pinentry" >> $$GNUPGHOME/gpg-agent.conf
+
+ # Import the key directly from the secret environment variable
+ echo "$$GPG_KEY" | gpg --batch --import
+ echo "GPG key imported into $$GNUPGHOME."
+
+ - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+ id: maven-package
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ export GNUPGHOME=/workspace/.gnupg
+
+ mvn deploy -B -V -DskipTests \
+ -P hadoop-2.6,version-release \
+ -Dremoteresources.skip=true \
+ -DaltDeploymentRepository=local::default::file:///workspace/target \
+ -Dmaven.wagon.http.google.EffectiveVersion=1.0.1 \
+ env:
+ - 'GNUPGHOME=/workspace/.gnupg'
+ secretEnv: [ 'GPG_PASSPHRASE' ]
+
+ - name: 'bash'
+ id: create-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ MANIFEST_FILE="/workspace/publish_manifest.textproto"
+ echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
+ echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
+ echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
+ echo '' >> "$${MANIFEST_FILE}"
+ echo 'publish_all: true' >> "$${MANIFEST_FILE}"
+ echo "Created manifest file: $${MANIFEST_FILE}"
+ waitFor: ['maven-package']
+
+ - name: 'gcr.io/cloud-builders/gsutil'
+ id: upload-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/githubreleases/manifests/"
+ MANIFEST_FILE="/workspace/publish_manifest.textproto"
+ MANIFEST_FILENAME="release_${_VERSION}.textproto"
+ echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ echo "Manifest uploaded successfully."
+ waitFor: ['create-exit-gate-manifest']
+
+substitutions:
+ _VERSION: '1.5.0-SNAPSHOT'
+
+artifacts:
+ mavenArtifacts:
+ - repository: 'https://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral'
+ deployFolder: '/workspace/target/'
+ groupId: 'io.cdap.twill'
+ artifactId: 'twill-parent'
+ version: '${_VERSION}'
+
+options:
+ machineType: 'E2_HIGHCPU_32'
+ requestedVerifyOption: VERIFIED
+
+availableSecrets:
+ secretManager:
+ - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PRIVATE_KEY/versions/latest
+ env: 'GPG_KEY'
+ - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PASSPHRASE/versions/latest
+ env: 'GPG_PASSPHRASE'
diff --git a/pom.xml b/pom.xml
index d44cbc29..ed587667 100644
--- a/pom.xml
+++ b/pom.xml
@@ -97,6 +97,13 @@
+
+
+ com.google.cloud.artifactregistry
+ artifactregistry-maven-wagon
+ 2.2.5
+
+
@@ -210,34 +217,6 @@
-
- org.sonatype.central
- central-publishing-maven-plugin
- 0.8.0
- true
-
- sonatype.release
- false
- true
-
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.5
-
- ${gpg.passphrase}
- ${gpg.useagent}
-
-
-
-
- sign
-
-
-
-
@@ -282,18 +261,56 @@
-
- org.sonatype.central
- central-publishing-maven-plugin
-
+
org.apache.maven.plugins
maven-gpg-plugin
+ 1.5
+
+ ${gpg.passphrase}
+ ${gpg.useagent}
+
+
+
+
+ sign
+
+
+
+
+ release
+
+
+
+ org.sonatype.central
+ central-publishing-maven-plugin
+ 0.8.0
+ true
+
+ sonatype.release
+ false
+ true
+
+
+
+
+
+
+ version-release
+
+
+ artifact-registry
+ artifactregistry://us-east1-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral
+
+
+
+
+