diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index 8d0c747e2..b5853d60d 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -1,4 +1,4 @@
-# Copyright © 2022 Cask Data, Inc.
+# Copyright © 2026 Cask Data, Inc.
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
@@ -21,16 +21,6 @@ jobs:
if: ${{ github.ref_type == 'tag' }}
steps:
- - name: Get Secrets from GCP Secret Manager
- id: 'secrets'
- uses: 'google-github-actions/get-secretmanager-secrets@v0'
- with:
- secrets: |-
- CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME
- CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD
- CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
- CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY
-
- name: Checkout Repository
uses: actions/checkout@v4
with:
@@ -44,25 +34,17 @@ jobs:
restore-keys: |
${{ runner.os }}-maven-${{ github.workflow }}
- - name: Set up GPG conf
- run: |
- echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
- echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
-
- - name: Import GPG key
- run: |
- echo "$GPG_PRIVATE_KEY" > private.key
- gpg --import --batch private.key
- env:
- GPG_PRIVATE_KEY: ${{ steps.secrets.outputs.CDAP_GPG_PRIVATE_KEY }}
-
- name: Run tests
run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
- - name: Publish to Maven Central
- run: mvn clean -B -V -DskipTests deploy -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
- env:
- CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
- CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
- CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
- MAVEN_OPTS: '-Xmx3200m'
\ No newline at end of file
+ - name: Get Project Version
+ id: get_version
+ run: echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
+
+ - name: Submit Build to GCB
+ id: gcb
+ run: |
+ gcloud builds submit . \
+ --config=cloudbuild-release.yaml \
+ --project='cdapio-github-builds' \
+ --substitutions="_VERSION=${{ steps.get_version.outputs.VERSION }}"
diff --git a/cloudbuild-release.yaml b/cloudbuild-release.yaml
new file mode 100644
index 000000000..648887c7f
--- /dev/null
+++ b/cloudbuild-release.yaml
@@ -0,0 +1,102 @@
+# Copyright © 2026 Cask Data, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+steps:
+ - name: 'gcr.io/cloud-builders/gcloud'
+ id: setup-gpg
+ entrypoint: 'bash'
+ secretEnv: ['GPG_KEY']
+ args:
+ - '-c'
+ - |
+ set -e
+ export GNUPGHOME=/workspace/.gnupg
+ mkdir -p $$GNUPGHOME
+ chmod 700 $$GNUPGHOME
+
+ echo "pinentry-mode loopback" >> $$GNUPGHOME/gpg.conf
+ echo "allow-loopback-pinentry" >> $$GNUPGHOME/gpg-agent.conf
+
+ echo "$$GPG_KEY" | gpg --batch --import
+ echo "GPG key imported into $$GNUPGHOME."
+
+ - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+ id: maven-package
+ entrypoint: 'mvn'
+ args:
+ - 'deploy'
+ - '-B'
+ - '-V'
+ - '-DskipTests'
+ - "-Dgpg.passphrase=$${GPG_PASSPHRASE}"
+ - '-Pcommon-artifacts,version-release'
+ - '-DaltDeploymentRepository=local::default::file:///workspace/target'
+ - '-Dmaven.wagon.http.retryHandler.count=5'
+ - '-Dmaven.wagon.httpconnectionManager.ttlSeconds=30'
+ env:
+ - 'GNUPGHOME=/workspace/.gnupg'
+ secretEnv: [ 'GPG_PASSPHRASE' ]
+
+
+ - name: 'bash'
+ id: create-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ MANIFEST_FILE="/workspace/publish_manifest.textproto"
+ echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
+ echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
+ echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
+ echo '' >> "$${MANIFEST_FILE}"
+ echo 'publish_all: true' >> "$${MANIFEST_FILE}"
+ echo "Created manifest file: $${MANIFEST_FILE}"
+ waitFor: ['maven-package']
+
+ - name: 'gcr.io/cloud-builders/gsutil'
+ id: upload-exit-gate-manifest
+ entrypoint: 'bash'
+ args:
+ - '-c'
+ - |
+ set -e
+ GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/githubreleases/manifests/"
+ MANIFEST_FILE="/workspace/publish_manifest.textproto"
+ MANIFEST_FILENAME="release_${_VERSION}.textproto"
+ echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
+ echo "Manifest uploaded successfully."
+ waitFor: ['create-exit-gate-manifest']
+
+
+substitutions:
+ _VERSION: '0.25.0-SNAPSHOT'
+
+artifacts:
+ mavenArtifacts:
+ - repository: 'https://us-east1-maven.pkg.dev/komalyd-dev/my-test-maven-repo'
+ deployFolder: '/workspace/target/'
+ groupId: 'io.cdap.plugin'
+ artifactId: 'google-cloud'
+ version: '${_VERSION}'
+
+options:
+ requestedVerifyOption: VERIFIED
+ machineType: 'E2_HIGHCPU_32'
+
+
+availableSecrets:
+ secretManager:
+ - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PRIVATE_KEY/versions/latest
+ env: 'GPG_KEY'
+ - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PASSPHRASE/versions/latest
+ env: 'GPG_PASSPHRASE'
diff --git a/pom.xml b/pom.xml
index 70a4f0b37..56f1de477 100644
--- a/pom.xml
+++ b/pom.xml
@@ -904,6 +904,13 @@
+
+
+ com.google.cloud.artifactregistry
+ artifactregistry-maven-wagon
+ 2.2.5
+
+
${testSourceLocation}
@@ -1058,7 +1065,13 @@
- release
+ version-release
+
+
+ artifact-registry
+ artifactregistry://us-east1-maven.pkg.dev/komalyd-dev/my-test-maven-repo
+
+
@@ -1145,20 +1158,10 @@
-
- org.sonatype.central
- central-publishing-maven-plugin
- 0.8.0
- true
-
- sonatype.release
- false
- true
-
-
-
-
-
+
+
+
+
cloudBuild