diff --git a/.github/workflows/cloudbuild.yaml b/.github/workflows/cloudbuild.yaml
new file mode 100644
index 000000000..08fad4ab4
--- /dev/null
+++ b/.github/workflows/cloudbuild.yaml
@@ -0,0 +1,63 @@
+# Copyright © 2025 Cask Data, Inc.
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may not
+#  use this file except in compliance with the License. You may obtain a copy of
+#  the License at
+#  http://www.apache.org/licenses/LICENSE-2.0
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations under
+#  the License.
+
+steps:
+  - name: 'gcr.io/cloud-builders/mvn:3.8-jdk-8'
+    id: maven-package
+    entrypoint: 'mvn'
+    args:
+      - -B
+      - -V
+      - -DskipTests
+      - -P
+      - oss-exit-gate
+      - -Dgpg.passphrase=$_GPG_PASSPHRASE
+      - Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
+
+#  - name: 'bash'
+#    id: create-exit-gate-manifest
+#    entrypoint: 'bash'
+#    args:
+#      - '-c'
+#      - |
+#        set -e
+#        MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+#        echo '# -*- protobuffer -*-' > "$${MANIFEST_FILE}"
+#        echo '# proto-file: security/opensource/exit_gate_v1/onboarded/proto/publishing_manifest.proto' >> "$${MANIFEST_FILE}"
+#        echo '# proto-message: PublishingManifest' >> "$${MANIFEST_FILE}"
+#        echo '' >> "$${MANIFEST_FILE}"
+#        echo 'publish_all: true' >> "$${MANIFEST_FILE}"
+#        echo "Created manifest file: $${MANIFEST_FILE}"
+#    waitFor: ['maven-package']
+#
+#  - name: 'gcr.io/cloud-builders/gsutil'
+#    id: upload-exit-gate-manifest
+#    entrypoint: 'bash'
+#    args:
+#      - '-c'
+#      - |
+#        set -e
+#        MANIFEST_FILE="/workspace/exit_gate_manifest.textproto"
+#        # Use a timestamp to create a unique manifest filename for each release
+#        MANIFEST_FILENAME="release_$(date -u +%Y%m%d%H%M%S).textproto"
+#        echo "Uploading manifest to $${SECURE_PUBLISH_BUCKET}$${MANIFEST_FILENAME}"
+#        gsutil cp "$${MANIFEST_FILE}" "$${SECURE_PUBLISH_BUCKET}$${MANIFEST_FILENAME}"
+#        echo "Manifest uploaded successfully. OSS Exit Gate process should now be triggered."
+#    waitFor: ['create-exit-gate-manifest']
+
+options:
+  requestedVerifyOption: VERIFIED
+  machineType: 'E2_HIGHCPU_32'
+
+substitutions:
+  _GPG_PASSPHRASE: cdapio-github-builds/CDAP_GPG_PASSPHRASE
+
+
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index 8d0c747e2..460e45e86 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -26,10 +26,9 @@ jobs:
         uses: 'google-github-actions/get-secretmanager-secrets@v0'
         with:
           secrets: |-
-            CDAP_OSSRH_USERNAME:cdapio-github-builds/CDAP_OSSRH_USERNAME
-            CDAP_OSSRH_PASSWORD:cdapio-github-builds/CDAP_OSSRH_PASSWORD
             CDAP_GPG_PASSPHRASE:cdapio-github-builds/CDAP_GPG_PASSPHRASE
             CDAP_GPG_PRIVATE_KEY:cdapio-github-builds/CDAP_GPG_PRIVATE_KEY
+            SECURE_PUBLISH_BUCKET:cdapio-github-builds/publish_bucket
 
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -59,10 +58,11 @@ jobs:
       - name: Run tests
         run: mvn clean test -fae -T 2 -B -V -DcloudBuild -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
 
-      - name: Publish to Maven Central
-        run: mvn clean -B -V -DskipTests deploy -P release -Dgpg.passphrase=$CDAP_GPG_PASSPHRASE -Dmaven.wagon.http.retryHandler.count=5 -Dmaven.wagon.httpconnectionManager.ttlSeconds=30
-        env:
-          CDAP_OSSRH_USERNAME: ${{ steps.secrets.outputs.CDAP_OSSRH_USERNAME }}
-          CDAP_OSSRH_PASSWORD: ${{ steps.secrets.outputs.CDAP_OSSRH_PASSWORD }}
-          CDAP_GPG_PASSPHRASE: ${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}
-          MAVEN_OPTS: '-Xmx3200m'
\ No newline at end of file
+      - name: Submit Build to GCB
+        id: gcb
+        working-directory: google-cloud
+        run: |
+          gcloud builds submit . \
+          --config=cloudbuild-release.yaml \
+          --project='cdapio-github-builds' \
+          --substitutions="_GPG_PASSPHRASE=${{ steps.secrets.outputs.CDAP_GPG_PASSPHRASE }}"
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 70a4f0b37..bbea761ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1057,6 +1057,46 @@
 
   <!-- Profile for release. Includes signing of jars. -->
   <profiles>
+    <profile>
+      <id>oss-exit-gate</id>
+      <build>
+        <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-gpg-plugin</artifactId>
+        <version>1.5</version>
+        <configuration>
+          <passphrase>${gpg.passphrase}</passphrase>
+          <useAgent>${gpg.useagent}</useAgent>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>sign</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+        </plugins>
+      </build>
+      <distributionManagement>
+        <repository>
+          <id>artifact-registry</id>
+          <url>
+            artifactregistry://us-central1-maven.pkg.dev/komalyd-dev/my-test-maven-repo
+          </url>
+        </repository>
+      </distributionManagement>
+      <repositories>
+        <repository>
+          <id>artifact-registry</id>
+          <url>artifactregistry://us-maven.pkg.dev/komalyd-dev/my-test-maven-repo</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+        </repository>
+      </repositories>
+    </profile>
     <profile>
       <id>release</id>
       <build>