Add exit gate

Komal Yadav · Komal Yadav · commit f87e2e9865d9 · 2025-10-13T05:05:13.000Z
updated

updated
diff --git a/.github/workflows/build-and-deploy.yaml b/.github/workflows/build-and-deploy.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2023 Cask Data, Inc.
+# Copyright © 2025 Cask Data, Inc.
 #  Licensed under the Apache License, Version 2.0 (the "License"); you may not
 #  use this file except in compliance with the License. You may obtain a copy of
 #  the License at
@@ -30,10 +30,7 @@ jobs:
         uses: 'google-github-actions/get-secretmanager-secrets@v0'
         with:
           secrets: |-
-            CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME
-            CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD
-            CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
-            CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY
+            secure_publish_bucket:cdapio-github-builds/publish_bucket
 
       - name: Recursively Checkout Repository
         uses: actions/checkout@v3
@@ -61,27 +58,13 @@ jobs:
           command: |
             cd common
             MAVEN_OPTS="-Xmx16G -XX:+UseG1GC -XX:+HeapDumpOnOutOfMemoryError" mvn test -T2 -U -V -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
-      
-      - name: Set up GPG conf
-        if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
-        run: |
-          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
-          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
-
-      - name: Import GPG key
-        if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
-        run: |
-          echo "$GPG_PRIVATE_KEY" > private.key
-          gpg --import --batch private.key
-        env:
-          GPG_PRIVATE_KEY: ${{ steps.secrets.outputs.CDAP_GPG_PRIVATE_KEY }}
 
-      - name: Deploy Maven
+      - name: Submit Build to GCB
+        id: gcb
         if: ${{ matrix.branch == 'develop' || startsWith(matrix.branch, 'release/') }}
         working-directory: common
-        run: mvn deploy -B -V -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dremoteresources.skip=true
-        env:
-          CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
-          CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
-          CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
-          MAVEN_OPTS: "-Xmx12G"
+        run: |
+          gcloud builds submit . \
+            --config=cloudbuild-release.yaml \
+            --project='cdapio-github-builds' \
+            --substitutions="_ARTIFACT_ID='common',_SECURE_PUBLISH_BUCKET_NAME=${{ steps.gcp_secrets.outputs.secure_publish_bucket }}"
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
@@ -0,0 +1,92 @@
+# Copyright © 2025 Cask Data, Inc.
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+steps:
+  - name: 'maven:3.8-jdk-8' # Specify a Maven image
+    id: maven-package
+    entrypoint: 'mvn'
+    args:
+      - -B
+      - -U
+      - clean
+      - package
+      - -DskipTests
+
+  - name: 'anchore/syft:v1.5.0'
+    id: generate-sbom
+    args:
+      - 'packages'
+      - '-o'
+      - 'spdx-json=/workspace/attestations/project-sbom.spdx.json'
+      - '.'
+    waitFor: ['maven-package']
+
+  - name: 'bash'
+    id: stage-artifacts
+    entrypoint: 'bash'
+    args:
+      - '-c'
+      - |
+        set -e
+        mkdir -p /workspace/staging
+        mkdir -p /workspace/attestations
+
+        # Copy Maven artifacts from the 'target' directory
+        echo "Copying Maven artifacts..."
+        find target -name "*.jar" -exec cp {} /workspace/staging/ \;
+        find target -name "*.pom" -exec cp {} /workspace/staging/ \;
+        # Add other artifact types if necessary
+
+        # Copy SBOM
+        echo "Copying SBOM..."
+        if [ -f /workspace/attestations/project-sbom.spdx.json ]; then
+          cp /workspace/attestations/project-sbom.spdx.json /workspace/staging/
+        else
+          echo "ERROR: SBOM file not found!"
+          exit 1
+        fi
+
+        echo "Staged files:"
+        ls -l /workspace/staging
+    waitFor: ['generate-sbom']
+
+  - name: 'bash'
+    id: create-manifest
+    entrypoint: 'bash'
+    args:
+      - '-c'
+      - |
+        set -e
+        echo "Creating manifest.json..."
+        cd /workspace/staging
+        printf '{\n  "artifacts": [\n' > manifest.json
+        find . -maxdepth 1 -type f ! -name "manifest.json" | sed 's|./||' | sed 's/.*/    "&",/' >> manifest.json
+        sed -i '$ s/,$//' manifest.json
+        printf '\n  ]\n}\n' >> manifest.json
+        echo "Generated manifest.json:"
+        cat manifest.json
+        cd /workspace
+    waitFor: ['stage-artifacts']
+
+  - name: 'gcr.io/cloud-builders/gsutil'
+    id: upload-to-staging
+    args:
+      - '-m'
+      - 'cp'
+      - '-r'
+      - '/workspace/staging/*'
+      - 'gs://${_SECURE_PUBLISH_BUCKET_NAME}/cdap/${_ARTIFACT_ID}/${BUILD_ID}/'
+    waitFor: ['create-manifest']
+
+options:
+  requestedVerifyOption: VERIFIED
+  machineType: 'E2_HIGHCPU_32'
+
