allies release

.azure/scripts/push-to-central.sh

@@ -14,6 +14,6 @@ export GPG_TTY=$(tty)
 echo $GPG_SIGNING_KEY | base64 -d > signing.gpg
 gpg --batch --import signing.gpg
 
-GPG_EXECUTABLE=gpg mvn $MVN_ARGS -DskipTests -s ./.azure/scripts/settings.xml -pl ./,crd-annotations,crd-generator,test,api,v1-api-conversion -P central deploy
+GPG_EXECUTABLE=gpg mvn $MVN_ARGS -DskipTests -s ./.azure/scripts/settings.xml -pl ./,crd-annotations,crd-generator,test,api,v1-api-conversion -P artifactory deploy
 
 cleanup

.azure/scripts/settings.xml

@@ -1,9 +1,9 @@
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0">
     <servers>
         <server>
-            <id>central</id>
-            <username>${env.CENTRAL_USERNAME}</username>
-            <password>${env.CENTRAL_PASSWORD}</password>
+            <id>artifactory</id>
+            <username>${env.ARTIFACTORY_USER}</username>
+            <password>${env.JF_ACCESS_TOKEN}</password>
         </server>
     </servers>
 </settings>

.github/actions/build/containers-push/action.yml

@@ -9,10 +9,10 @@ inputs:
     description: "Runner architecture (amd64, arm64)"
     required: false
     default: "amd64"
-  quayUser:
+  dockerUsername:
     description: "Quay.io username"
     required: true
-  quayPass:
+  dockerToken:
     description: "Quay.io password"
     required: true
   buildRunId:
@@ -67,9 +67,16 @@ runs:
           rm "containers-${arch}.tar"
         done
 
-    - name: Login to container registry
-      shell: bash
-      run: docker login -u ${{ inputs.quayUser }} -p ${{ inputs.quayPass }} ${{ env.DOCKER_REGISTRY }}
+    - name: Login to Docker
+      uses: docker/login-action@v3
+      with:
+        registry: registry.nordix.org
+        username: ${{ inputs.dockerUsername }}
+        password: ${{ inputs.dockerToken }}
+
+#    - name: Login to container registry
+#      shell: bash
+#      run: docker login -u ${{ inputs.dockerUsername }} -p ${{ inputs.dockerToken }} registry.nordix.org
 
     - name: Delete existing container manifests
       shell: bash

.github/actions/build/deploy-java/action.yml

@@ -12,11 +12,11 @@ inputs:
   gpgSigningKey:
     description: "GPG signing key"
     required: true
-  centralUsername:
-    description: "Maven Central username"
+  artifactoryUsername:
+    description: "Artifactory Username"
     required: true
-  centralPassword:
-    description: "Maven Central password"
+  artifactoryAccessToken:
+    description: "Artifactory Access Token"
     required: true
 
 runs:
@@ -28,6 +28,12 @@ runs:
         java-version: '17'
         distribution: 'temurin'
 
+    - name: Setup JFrog CLI
+      uses: jfrog/setup-jfrog-cli@v4
+      env:
+        JF_URL: https://artifactory.nordix.org/
+        JF_ACCESS_TOKEN: ${{ inputs.artifactoryAccessToken }}
+
     - name: Restore Maven cache
       uses: actions/cache/restore@v4
       with:
@@ -49,5 +55,5 @@ runs:
         BRANCH: ${{ github.ref }}
         GPG_PASSPHRASE: ${{ inputs.gpgPassphrase }}
         GPG_SIGNING_KEY: ${{ inputs.gpgSigningKey }}
-        CENTRAL_USERNAME: ${{ inputs.centralUsername }}
-        CENTRAL_PASSWORD: ${{ inputs.centralPassword }}
+        ARTIFACTORY_USER: ${{ inputs.artifactoryUsername }}
+        JF_ACCESS_TOKEN: ${{ inputs.artifactoryAccessToken }}

.github/actions/build/release-artifacts/action.yml

@@ -15,11 +15,8 @@ inputs:
   gpgSigningKey:
     description: "GPG signing key"
     required: true
-  centralUsername:
-    description: "Maven Central username"
-    required: true
-  centralPassword:
-    description: "Maven Central password"
+  artifactoryAccessToken:
+    description: "Artifactory Access Token"
     required: true
 
 runs:
@@ -61,39 +58,38 @@ runs:
       env:
         RELEASE_VERSION: ${{ inputs.releaseVersion }}
 
-    - name: Deploy Java artifacts to Maven Central
+    - name: Deploy Java artifacts to Artifactory
       shell: bash
       run: make pushtocentral
       env:
         BUILD_REASON: "IndividualCI"
         BRANCH: ${{ github.ref }}
         GPG_PASSPHRASE: ${{ inputs.gpgPassphrase }}
         GPG_SIGNING_KEY: ${{ inputs.gpgSigningKey }}
-        CENTRAL_USERNAME: ${{ inputs.centralUsername }}
-        CENTRAL_PASSWORD: ${{ inputs.centralPassword }}
+        JF_ACCESS_TOKEN: ${{ inputs.artifactoryAccessToken }}
 
     - name: Create release archives
       shell: bash
       run: tar -cvpf release.tar ./*${{ inputs.releaseVersion }}*
 
-    - name: Upload release archives
-      uses: actions/upload-artifact@v4
-      with:
-        name: release.tar
-        path: release.tar
-
-    - name: Build documentation
-      shell: bash
-      run: make docu_html docu_htmlnoheader docu_pdf
-      env:
-        RELEASE_VERSION: ${{ inputs.releaseVersion }}
-
-    - name: Create documentation archive
-      shell: bash
-      run: tar -cvpf documentation.tar ./documentation/html ./documentation/htmlnoheader ./documentation/pdf
-
-    - name: Upload documentation
-      uses: actions/upload-artifact@v4
-      with:
-        name: documentation.tar
-        path: documentation.tar
+#    - name: Upload release archives
+#      uses: actions/upload-artifact@v4
+#      with:
+#        name: release.tar
+#        path: release.tar
+#
+#    - name: Build documentation
+#      shell: bash
+#      run: make docu_html docu_htmlnoheader docu_pdf
+#      env:
+#        RELEASE_VERSION: ${{ inputs.releaseVersion }}
+#
+#    - name: Create documentation archive
+#      shell: bash
+#      run: tar -cvpf documentation.tar ./documentation/html ./documentation/htmlnoheader ./documentation/pdf
+#
+#    - name: Upload documentation
+#      uses: actions/upload-artifact@v4
+#      with:
+#        name: documentation.tar
+#        path: documentation.tar

.github/tests/events/check-permissions/permissions_authorized.json

@@ -1,7 +1,7 @@
 {
   "event_name": "pull_request",
   "action": "opened", 
-  "actor": "frawless",
+  "actor": "JvD-Ericsson",
   "pull_request": {
     "number": 123,
     "title": "Test authorized user",
@@ -17,7 +17,7 @@
   "repository": {
     "name": "ci-playground",
     "owner": { 
-      "login": "frawless",
+      "login": "JvD-Ericsson",
       "type": "User"
     }
   }

.github/workflows/build.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - "main"
       - "release-*"
+      - "allies-release*"
   pull_request:
     branches:
       - "*"
@@ -95,42 +96,42 @@ jobs:
       - test-strimzi
       - build-containers
       - build-docs
-    if: ${{ github.ref == 'refs/heads/main' }}
+    if: ${{ startsWith(github.ref, 'refs/heads/allies-release') }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
       # Required for keyless signing with GitHub OIDC
       id-token: write
     env:
-      DOCKER_REGISTRY: "quay.io"
-      DOCKER_ORG: "strimzi"
+      DOCKER_REGISTRY: "registry.nordix.org"
+      DOCKER_ORG: "allies/strimzi"
       DOCKER_TAG: "latest"
     steps:
       - uses: actions/checkout@v5
       - uses: ./.github/actions/build/containers-push
         with:
           architectures: "amd64,arm64,ppc64le,s390x"
           runnerArch: "amd64"
-          quayUser: ${{ secrets.QUAY_USER }}
-          quayPass: ${{ secrets.QUAY_PASS }}
+          dockerUsername: ${{ secrets.DOCKER_USERNAME }}
+          dockerToken: ${{ secrets.DOCKER_TOKEN }}
 
-  # Publish Strimzi docs to the website - run only on main branch
-  publish-docs:
-    name: Publish Docs
-    needs:
-      - build-strimzi
-      - test-strimzi
-      - build-containers
-      - build-docs
-    if: ${{ github.ref == 'refs/heads/main' }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/build/publish-docs
-        with:
-          artifactName: "documentation.tar"
-          websiteDeployKey: ${{ secrets.WEBSITE_DEPLOY_KEY }}
+#  # Publish Strimzi docs to the website - run only on main branch
+#  publish-docs:
+#    name: Publish Docs
+#    needs:
+#      - build-strimzi
+#      - test-strimzi
+#      - build-containers
+#      - build-docs
+#    if: ${{ github.ref == 'refs/heads/main' }}
+#    runs-on: ubuntu-latest
+#    steps:
+#      - uses: actions/checkout@v5
+#      - uses: ./.github/actions/build/publish-docs
+#        with:
+#          artifactName: "documentation.tar"
+#          websiteDeployKey: ${{ secrets.WEBSITE_DEPLOY_KEY }}
 
   # Deploy Strimzi Java artifacts - run only on main branch
   deploy-java:
@@ -140,7 +141,7 @@ jobs:
       - test-strimzi
       - build-containers
       - build-docs
-    if: ${{ github.ref == 'refs/heads/main' }}
+    if: ${{ startsWith(github.ref, 'refs/heads/allies-release') }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
@@ -149,5 +150,5 @@ jobs:
           runnerArch: "amd64"
           gpgPassphrase: ${{ secrets.GPG_PASSPHRASE }}
           gpgSigningKey: ${{ secrets.GPG_SIGNING_KEY }}
-          centralUsername: ${{ secrets.CENTRAL_USERNAME }}
-          centralPassword: ${{ secrets.CENTRAL_PASSWORD }}
+          artifactoryUsername: ${{ secrets.ARTIFACTORY_USER }}
+          artifactoryAccessToken: ${{ secrets.JF_ACCESS_TOKEN }}

.github/workflows/cve-rebuild.yml

@@ -91,8 +91,8 @@ jobs:
         with:
           architectures: "amd64,arm64,ppc64le,s390x"
           runnerArch: "amd64"
-          quayUser: ${{ secrets.QUAY_USER }}
-          quayPass: ${{ secrets.QUAY_PASS }}
+          dockerUsername: ${{ secrets.DOCKER_USERNAME }}
+          dockerToken: ${{ secrets.DOCKER_TOKEN }}
 
   # Manual validation step - waits for approval before pushing without suffix
   manual-validation:
@@ -131,5 +131,5 @@ jobs:
         with:
           architectures: "amd64,arm64,ppc64le,s390x"
           runnerArch: "amd64"
-          quayUser: ${{ secrets.QUAY_USER }}
-          quayPass: ${{ secrets.QUAY_PASS }}
+          dockerUsername: ${{ secrets.DOCKER_USERNAME }}
+          dockerToken: ${{ secrets.DOCKER_TOKEN }}