Implemented exit gate

updated

updated

updated

updated

Author: Komal Yadav

.github/workflows/cloudbuild.yaml

@@ -0,0 +1,70 @@
+# Copyright © 2025 Cask Data, Inc.
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+steps:
+  - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+    id: maven-package
+    entrypoint: 'mvn'
+    args:
+      - clean
+      - -B
+      - -V
+      - -DskipTests
+      - deploy
+      - -P
+      - common-artifacts
+      - oss-exit-gate
+      - -Dmaven.wagon.http.retryHandler.count=5
+      - -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
+
+  - name: 'bash'
+    id: create-exit-gate-manifest
+    entrypoint: 'bash'
+    args:
+      - '-c'
+      - |
+        set -e
+        MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+        echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
+        echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
+        echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
+        echo '' >> "$${MANIFEST_FILE}"
+        echo 'publish_all: true' >> "$${MANIFEST_FILE}"
+        echo "Created manifest file: $${MANIFEST_FILE}"
+    waitFor: ['maven-package']
+
+  - name: 'gcr.io/cloud-builders/gsutil'
+    id: upload-exit-gate-manifest
+    entrypoint: 'bash'
+    args:
+      - '-c'
+      - |
+        set -e
+        MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+        # Use a timestamp to create a unique manifest filename for each release
+        MANIFEST_FILENAME="release_$(date -u +%Y%m%d%H%M%S).textproto"
+        echo "Uploading manifest to $${SECURE_PUBLISH_BUCKET}$${MANIFEST_FILENAME}"
+        gsutil cp "$${MANIFEST_FILE}" "$${SECURE_PUBLISH_BUCKET}$${MANIFEST_FILENAME}"
+        echo "Manifest uploaded successfully. OSS Exit Gate process should now be triggered."
+    waitFor: ['create-exit-gate-manifest']
+
+artifacts:
+  mavenArtifacts:
+    - repository: 'https://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral'
+      deployFolder: '/workspace/target/'
+      groupId: 'io.cdap.plugin'
+      artifactId: 'google-cloud'
+      version: $VERSION
+
+options:
+  requestedVerifyOption: VERIFIED
+  machineType: 'E2_HIGHCPU_32'
+

.github/workflows/tag-release.yml

@@ -29,7 +29,9 @@ jobs:
             CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME
             CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD
             CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
+            CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
             CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY
+            SECURE_PUBLISH_BUCKET:cdapio-github-builds/publish_bucket
 
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -59,10 +61,26 @@ jobs:
       - name: Run tests
         run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
 
-      - name: Publish to Maven Central
-        run: mvn clean -B -V -DskipTests deploy -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
+      - name: Get Project Version
+        id: get_version
+        working-directory: google-cloud
+        run: echo "VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
+
+      - name: Publish SNAPSHOT to Maven Central
+        if: ${{ endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }}
+        run: mvn clean -B -V -DskipTests deploy -P snapshot-release common-artifacts -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
         env:
           CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
           CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
           CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
-          MAVEN_OPTS: '-Xmx3200m'
+          MAVEN_OPTS: '-Xmx3200m'
+
+      - name: Submit Build to GCB
+        if: ${{ !endsWith(steps.get_version.outputs.VERSION, '-SNAPSHOT') }}
+        id: gcb
+        working-directory: google-cloud
+        run: |
+          gcloud builds submit . \
+          --config=cloudbuild-release.yaml \
+          --project='cdapio-github-builds'
+          --substitutions="_VERSION=${{steps.get_version.outputs.VERSION}},_SECURE_PUBLISH_BUCKET=${{steps.secrets.outputs.SECURE_PUBLISH_BUCKET}}, _GPG_PASSPHRASE=${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}"

pom.xml

@@ -106,18 +106,6 @@
     </dependencies>
   </dependencyManagement>
 
-  <repositories>
-    <repository>
-      <id>sonatype-snapshots</id>
-      <url>https://central.sonatype.com/repository/maven-snapshots</url>
-      <releases>
-        <enabled>false</enabled>
-      </releases>
-      <snapshots>
-        <enabled>true</enabled>
-      </snapshots>
-    </repository>
-  </repositories>
 
   <dependencies>
     <!-- Start: dependency used by the Dataplex connector -->
@@ -904,6 +892,13 @@
   </dependencies>
 
   <build>
+    <extensions>
+      <extension>
+        <groupId>com.google.cloud.artifactregistry</groupId>
+        <artifactId>artifactregistry-maven-wagon</artifactId>
+        <version>2.2.5</version>
+      </extension>
+    </extensions>
     <testSourceDirectory>${testSourceLocation}</testSourceDirectory>
     <plugins>
       <plugin>
@@ -1058,7 +1053,7 @@
   <!-- Profile for release. Includes signing of jars. -->
   <profiles>
     <profile>
-      <id>release</id>
+      <id>common-artifacts</id>
       <build>
         <plugins>
           <!-- Source JAR -->
@@ -1128,23 +1123,13 @@
               </execution>
             </executions>
           </plugin>
-
-          <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.5</version>
-            <configuration>
-              <passphrase>${gpg.passphrase}</passphrase>
-              <useAgent>${gpg.useagent}</useAgent>
-            </configuration>
-            <executions>
-              <execution>
-                <goals>
-                  <goal>sign</goal>
-                </goals>
-              </execution>
-            </executions>
-          </plugin>
+        </plugins>
+      </build>
+    </profile>
+    <profile>
+      <id>snapshot-release</id>
+      <build>
+        <plugins>
           <plugin>
             <groupId>org.sonatype.central</groupId>
             <artifactId>central-publishing-maven-plugin</artifactId>
@@ -1159,6 +1144,26 @@
         </plugins>
       </build>
     </profile>
+    <profile>
+      <id>oss-exit-gate</id>
+      <distributionManagement>
+        <repository>
+          <id>artifact-registry</id>
+          <url>
+            artifactregistry://us-central1-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral
+          </url>
+        </repository>
+      </distributionManagement>
+      <repositories>
+        <repository>
+          <id>artifact-registry</id>
+          <url>artifactregistry://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+        </repository>
+      </repositories>
+    </profile>
     <profile>
       <id>cloudBuild</id>
       <activation>