diff --git a/README.md b/README.md
index 1f8596304705..fd8ca0c668da 100644
--- a/README.md
+++ b/README.md
@@ -39,3 +39,12 @@ For Day 1 cutover, once we have main branch:
- Update `googleapis_commit.txt` to an appropriate value
- Update `.github/workflows/googleapis_hermetic_sync.yaml` to point to
the main branch.
+
+### The BOM coverage and its version
+
+Review the artifact name "google-cloud-gapic-bom" in the bom directory and
+configure the version managed by Release Please. Ensure the BOM is part of the
+entire release pipeline.
+
+Confirm the effective-pom (`mvn help:effective-pom`) of the BOM covers the same
+member of the google-cloud-bom except the handwritten libraries.
diff --git a/bom.pom.xml b/bom.pom.xml
new file mode 100644
index 000000000000..223ca7973f8d
--- /dev/null
+++ b/bom.pom.xml
@@ -0,0 +1,92 @@
+
+
+ 4.0.0
+ com.google.cloud
+ google-cloud-gapic-bom
+ pom
+ 0.0.1-SNAPSHOT
+ Google Cloud Java BOM
+ https://github.com/googleapis/java-cloud-bom
+
+ BOM for the libraries in google-cloud-java repository. Users should not
+ depend on this artifact explicitly because this BOM is an implementation
+ detail of the Libraries BOM.
+
+
+
+BOM_ARTIFACT_LIST
+
+
+
+
+
+
+ org.sonatype.plugins
+ nexus-staging-maven-plugin
+ 1.6.13
+ true
+
+ sonatype-nexus-staging
+ https://google.oss.sonatype.org/
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-site-plugin
+ 3.12.0
+
+ true
+
+
+
+
+
+
+
+ release
+
+
+ performRelease
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 3.0.1
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 3.2.1
+
+
+ attach-sources
+
+ jar-no-fork
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/bootstrap.sh b/bootstrap.sh
index adf27be084a3..9abd98399aaf 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -42,6 +42,7 @@ do
text=${text/api_shortname/api-name}
echo -e "\n"$text>> ${service}/.OwlBot.yaml
git add .
+ git config --add secrets.allowed "dest.*src"
git commit -am "chore: setup owlbot configuration"
cd ../google-cloud-java
@@ -63,10 +64,56 @@ cd google-cloud-java
git add pom.xml
git commit -am 'feat: create aggregator pom'
+# generate BOM of the artifacts in this repository
+bom_lines=""
+for bom_directory in $(find . -name 'google-*-bom' | sort); do
+ repo_metadata="${bom_directory}/../.repo-metadata.json"
+ pom_file="${bom_directory}/pom.xml"
+ groupId_line=$(grep --max-count=1 'groupId' "${pom_file}")
+ artifactId_line=$(grep --max-count=1 'artifactId' "${pom_file}")
+ version_line=$(grep --max-count=1 'x-version-update' "${pom_file}")
+ if ! grep --quiet '"release_level": "stable"' "${repo_metadata}"; then
+ # Not including non-GA libraries, except those that happened to be included
+ # already in google-cloud-bom.
+ if [[ $artifactId_line != *"google-cloud-datalabeling"* ]] \
+ && [[ $artifactId_line != *"google-cloud-errorreporting"* ]] \
+ && [[ $artifactId_line != *"google-cloud-logging-logback"* ]] \
+ && [[ $artifactId_line != *"google-cloud-mediatranslation"* ]] \
+ && [[ $artifactId_line != *"google-cloud-nio"* ]] \
+ && [[ $artifactId_line != *"google-cloud-notification"* ]] \
+ && [[ $artifactId_line != *"google-cloud-phishingprotection"* ]]; then
+ echo "Not adding ${pom_file} to the BOM because it's not stable."
+ continue
+ fi
+ fi
+
+ bom_lines+="
+ ${groupId_line}
+ ${artifactId_line}
+ ${version_line}
+ pom
+ import
+
+"
+done
+
+mkdir google-cloud-gapic-bom
+awk -v "dependencyManagements=$bom_lines" '{gsub(/BOM_ARTIFACT_LIST/,dependencyManagements)}1' \
+ ../../bom.pom.xml > google-cloud-gapic-bom/pom.xml
+
+git add google-cloud-gapic-bom/pom.xml
+git commit -am 'feat: create bom module'
+
+# Confirm everything is fine so far
+mvn -q -B -ntp validate
+
+
+# Template files
cp -r --preserve=all ../../templates/. ./
git add --all
git commit -m 'chore: add template files'
+
# generate coverage report
mkdir CoverageAggregator
cp ../../coverage.pom.xml CoverageAggregator/pom.xml
diff --git a/parent.pom.xml b/parent.pom.xml
index cb750a374840..5f31cc3520ab 100644
--- a/parent.pom.xml
+++ b/parent.pom.xml
@@ -13,6 +13,7 @@
+ google-cloud-gapic-bom