From c01f28cf16821847d276ff59af4da075eaddba28 Mon Sep 17 00:00:00 2001 From: Komal Yadav Date: Thu, 12 Feb 2026 06:18:10 +0000 Subject: [PATCH] Set up Maven profiles for release and snapshot updated updated updated updated updated updated Set up Maven profiles for release and snapshot updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated updated --- .github/workflows/tag-release.yml | 42 ++++-------- cloudbuild-release.yaml | 102 ++++++++++++++++++++++++++++++ pom.xml | 33 +++++----- 3 files changed, 132 insertions(+), 45 deletions(-) create mode 100644 cloudbuild-release.yaml diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index 8d0c747e2..b5853d60d 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -1,4 +1,4 @@ -# Copyright © 2022 Cask Data, Inc. +# Copyright © 2026 Cask Data, Inc. # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of # the License at @@ -21,16 +21,6 @@ jobs: if: ${{ github.ref_type == 'tag' }} steps: - - name: Get Secrets from GCP Secret Manager - id: 'secrets' - uses: 'google-github-actions/get-secretmanager-secrets@v0' - with: - secrets: |- - CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME - CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD - CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE - CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY - - name: Checkout Repository uses: actions/checkout@v4 with: @@ -44,25 +34,17 @@ jobs: restore-keys: | ${{ runner.os }}-maven-${{ github.workflow }} - - name: Set up GPG conf - run: | - echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf - echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf - - - name: Import GPG key - run: | - echo "$GPG_PRIVATE_KEY" > private.key - gpg --import --batch private.key - env: - GPG_PRIVATE_KEY: ${{ steps.secrets.outputs.CDAP_GPG_PRIVATE_KEY }} - - name: Run tests run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 - - name: Publish to Maven Central - run: mvn clean -B -V -DskipTests deploy -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 - env: - CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }} - CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }} - CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }} - MAVEN_OPTS: '-Xmx3200m' \ No newline at end of file + - name: Get Project Version + id: get_version + run: echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT + + - name: Submit Build to GCB + id: gcb + run: | + gcloud builds submit . \ + --config=cloudbuild-release.yaml \ + --project='cdapio-github-builds' \ + --substitutions="_VERSION=${{ steps.get_version.outputs.VERSION }}" diff --git a/cloudbuild-release.yaml b/cloudbuild-release.yaml new file mode 100644 index 000000000..648887c7f --- /dev/null +++ b/cloudbuild-release.yaml @@ -0,0 +1,102 @@ +# Copyright © 2026 Cask Data, Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +steps: + - name: 'gcr.io/cloud-builders/gcloud' + id: setup-gpg + entrypoint: 'bash' + secretEnv: ['GPG_KEY'] + args: + - '-c' + - | + set -e + export GNUPGHOME=/workspace/.gnupg + mkdir -p $$GNUPGHOME + chmod 700 $$GNUPGHOME + + echo "pinentry-mode loopback" >> $$GNUPGHOME/gpg.conf + echo "allow-loopback-pinentry" >> $$GNUPGHOME/gpg-agent.conf + + echo "$$GPG_KEY" | gpg --batch --import + echo "GPG key imported into $$GNUPGHOME." + + - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8' + id: maven-package + entrypoint: 'mvn' + args: + - 'deploy' + - '-B' + - '-V' + - '-DskipTests' + - "-Dgpg.passphrase=$${GPG_PASSPHRASE}" + - '-Pcommon-artifacts,version-release' + - '-DaltDeploymentRepository=local::default::file:///workspace/target' + - '-Dmaven.wagon.http.retryHandler.count=5' + - '-Dmaven.wagon.httpconnectionManager.ttlSeconds=30' + env: + - 'GNUPGHOME=/workspace/.gnupg' + secretEnv: [ 'GPG_PASSPHRASE' ] + + + - name: 'bash' + id: create-exit-gate-manifest + entrypoint: 'bash' + args: + - '-c' + - | + set -e + MANIFEST_FILE="/workspace/publish_manifest.textproto" + echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}" + echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}" + echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}" + echo '' >> "$${MANIFEST_FILE}" + echo 'publish_all: true' >> "$${MANIFEST_FILE}" + echo "Created manifest file: $${MANIFEST_FILE}" + waitFor: ['maven-package'] + + - name: 'gcr.io/cloud-builders/gsutil' + id: upload-exit-gate-manifest + entrypoint: 'bash' + args: + - '-c' + - | + set -e + GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/githubreleases/manifests/" + MANIFEST_FILE="/workspace/publish_manifest.textproto" + MANIFEST_FILENAME="release_${_VERSION}.textproto" + echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}" + gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}" + echo "Manifest uploaded successfully." + waitFor: ['create-exit-gate-manifest'] + + +substitutions: + _VERSION: '0.25.0-SNAPSHOT' + +artifacts: + mavenArtifacts: + - repository: 'https://us-east1-maven.pkg.dev/komalyd-dev/my-test-maven-repo' + deployFolder: '/workspace/target/' + groupId: 'io.cdap.plugin' + artifactId: 'google-cloud' + version: '${_VERSION}' + +options: + requestedVerifyOption: VERIFIED + machineType: 'E2_HIGHCPU_32' + + +availableSecrets: + secretManager: + - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PRIVATE_KEY/versions/latest + env: 'GPG_KEY' + - versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PASSPHRASE/versions/latest + env: 'GPG_PASSPHRASE' diff --git a/pom.xml b/pom.xml index 70a4f0b37..56f1de477 100644 --- a/pom.xml +++ b/pom.xml @@ -904,6 +904,13 @@ + + + com.google.cloud.artifactregistry + artifactregistry-maven-wagon + 2.2.5 + + ${testSourceLocation} @@ -1058,7 +1065,13 @@ - release + version-release + + + artifact-registry + artifactregistry://us-east1-maven.pkg.dev/komalyd-dev/my-test-maven-repo + + @@ -1145,20 +1158,10 @@ - - org.sonatype.central - central-publishing-maven-plugin - 0.8.0 - true - - sonatype.release - false - true - - - - - + + + + cloudBuild