Skip to content
.github/workflows/cloudbuild.yaml

updated #17

Sign in to view logs

updated

updated #17

Workflow file for this run

.github/workflows/cloudbuild.yaml at 41a6ce3
# Copyright © 2025 Cask Data, Inc.

Check failure on line 1 in .github/workflows/cloudbuild.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/cloudbuild.yaml

Invalid workflow file 

(Line: 12, Col: 1): Unexpected value 'steps', (Line: 86, Col: 1): Unexpected value 'substitutions', (Line: 98, Col: 1): Unexpected value 'options', (Line: 103, Col: 1): Unexpected value 'availableSecrets', (Line: 12, Col: 1): Required property is missing: jobs
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
steps:
- name: 'gcr.io/cloud-builders/gcloud'
id: setup-gpg
entrypoint: 'bash'
secretEnv: ['GPG_KEY']
args:
- '-c'
- |
set -e
# Set a persistent GPG home in /workspace so other steps can see it
export GNUPGHOME=/workspace/.gnupg
mkdir -p $$GNUPGHOME
chmod 700 $$GNUPGHOME
# Configure loopback mode for non-interactive signing
echo "pinentry-mode loopback" >> $$GNUPGHOME/gpg.conf
echo "allow-loopback-pinentry" >> $$GNUPGHOME/gpg-agent.conf
# Import the key directly from the secret environment variable
echo "$$GPG_KEY" | gpg --batch --import
echo "GPG key imported into $$GNUPGHOME."
- name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
id: maven-package
entrypoint: 'bash'
secretEnv: [ 'GPG_PASSPHRASE' ]
args:
- '-c'
- |
set -e
export GNUPGHOME=/workspace/.gnupg
mvn deploy -B -V -DskipTests \
- deploy
- -P
- common-artifacts, version-release
- Dgpg.passphrase="$${CDAP_GPG_PASSPHRASE}"
- -Dmaven.wagon.http.retryHandler.count=5
- -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
- name: 'bash'
id: create-exit-gate-manifest
entrypoint: 'bash'
args:
- '-c'
- |
# Correctly access the output variable from determine-deploy using $$_STEP_ID_KEY
if [[ "$$_DETERMINE_DEPLOY_IS_SNAPSHOT" == "false" ]]; then
set -e
MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
echo '' >> "$${MANIFEST_FILE}"
echo 'publish_all: true' >> "$${MANIFEST_FILE}"
echo "Created manifest file: $${MANIFEST_FILE}"
waitFor: ['maven-package']
- name: 'gcr.io/cloud-builders/gsutil'
id: upload-exit-gate-manifest
entrypoint: 'bash'
args:
- '-c'
- |
set -e
GCS_MANIFEST_DIR="gs://oss-exit-gate-prod-projects-bucket/cloud-data-fusion/mavencentral/manifests/"
MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
MANIFEST_FILENAME="release_$$(date -u +%Y%m%d%H%M%S).textproto"
echo "Uploading manifest to $${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
gsutil cp "$${MANIFEST_FILE}" "$${GCS_MANIFEST_DIR}$${MANIFEST_FILENAME}"
echo "Manifest uploaded successfully. OSS Exit Gate process should now be triggered."
waitFor: ['create-exit-gate-manifest']
substitutions:
_VERSION: '0.25.0-SNAPSHOT'
#
#artifacts:
# mavenArtifacts:
# - repository: 'https://us-maven.pkg.dev/oss-exit-gate-prod/cloud-data-fusion--mavencentral'
# deployFolder: '/workspace/target/'
# groupId: 'io.cdap.plugin'
# artifactId: 'google-cloud'
# version: '${_VERSION}'
options:
requestedVerifyOption: VERIFIED
machineType: 'E2_HIGHCPU_32'
availableSecrets:
secretManager:
- versionName: projects/cdapio-github-builds/secrets/CDAP_GPG_PASSPHRASE/versions/latest
env: 'CDAP_GPG_PASSPHRASE'