#26518 merge master done

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# Require workflow changes to be approved by developers who understand the codebase
+# and security implications of changes
+
+/.github/ @dotCMS/core-workflow-developers
+

.github/actions/deploy-artifact-artifactory/README.md

@@ -0,0 +1,45 @@
+# Deploy Artifact to Artifactory
+
+This GitHub Action streamlines the process of deploying dotCMS artifacts to Artifactory. It's particularly useful for automating the deployment workflow in projects utilizing dotCMS.
+
+## Inputs
+
+### `artifactory-repo-username`
+
+**Description**: Username required for accessing the Artifactory repository.  
+**Required**: true
+
+### `artifactory-repo-password`
+
+**Description**: Password associated with the Artifactory repository username.  
+**Required**: true
+
+### `github-token`
+
+**Description**: Token required for GitHub API access, used here for retrieving artifacts.  
+**Required**: true
+
+## Example Usage
+
+```yaml
+name: Deploy Artifact
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Deploy Artifact to Artifactory
+        uses: ./.github/actions/deploy-artifact-artifactory
+        with:
+          artifactory-repo-username: ${{ secrets.ARTIFACTORY_REPO_USERNAME }}
+          artifactory-repo-password: ${{ secrets.ARTIFACTORY_REPO_PASSWORD }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+```

.github/actions/deploy-artifact-artifactory/action.yml

@@ -0,0 +1,78 @@
+name: 'Deploy Artifact to Artifactory'
+description: 'Deploy the dotCMS artifacts to Artifactory'
+inputs:
+  artifactory-repo-username:
+    description: 'Artifactory Repository Username'
+    required: true
+  artifactory-repo-password:
+    description: 'Artifactory Repository Password'
+    required: true
+  github-token:
+    description: 'GitHub Token'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: 'Set up JDK'
+      uses: actions/setup-java@v4
+      with:
+        java-version: 11
+        distribution: temurin
+
+    - name: 'Get Date'
+      id: get-date
+      run: |
+        echo "date=$(/bin/date -u "+%Y-%m")" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Download Build Artifact
+      id: data-download
+      uses: dawidd6/[email protected]
+      with:
+        github_token: ${{ inputs.github-token }}
+        workflow_search: true # artifacts can come from merge_group build. Cannot specify a list of workflows without multiple calls
+        commit: ${{ github.sha }}
+        workflow_conclusion: success
+        search_artifacts: true
+        dry_run: true
+        name: maven-repo # If using the same branch for different environments artifact names must be unique
+        path: .
+        if_no_artifact_found: warn
+
+    - name: 'Check if artifact exists'
+      id: check
+      run: |
+        build_artifact_exists=${{ steps.data-download.outputs.found_artifact }}
+        if [[ ${build_artifact_exists} == "true" ]]; then
+            run_id=`echo '${{ steps.data-download.outputs.artifacts }}' | jq -r '.[0].workflow_run.id'`
+            found_artifacts=true
+            echo "Artifact Run id: $run_id"
+        else
+           echo "No artifact found"
+           run_id="${{ github.run_id }}"
+           found_artifacts=false
+        fi
+        echo "run_id=$run_id" >> $GITHUB_OUTPUT
+        echo "found_artifacts=$found_artifacts" >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: 'Download Maven Repo'
+      uses: actions/download-artifact@v4
+      with:
+        run-id: ${{ steps.check.outputs.run_id }}
+        github-token: ${{ inputs.github-token }}
+        name: maven-repo
+        path: ~/.m2/repository
+
+    - name: 'Maven settings.xml setup'
+      uses: whelk-io/maven-settings-xml-action@v22
+      with:
+        servers: '[{ "id": "dotcms-libs-local", "username": "${{ inputs.artifactory-repo-username }}", "password": "${{ inputs.artifactory-repo-password }}" }, { "id": "dotcms-libs-snapshot-local", "username": "${{ inputs.artifactory-repo-username }}", "password": "${{ inputs.artifactory-repo-password }}" }]'
+
+    # Artifact deployment in the Artifactory excluding 'dotcms-integration' and 'dotcms-postman'
+    - name: 'Deploy Artifacts'
+      run: |
+        JVM_TEST_MAVEN_OPTS="-e -B --no-transfer-progress -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn"
+        eval ./mvnw -ntp deploy -Dprod=true -DskipTests=true -DskipITs=true $JVM_TEST_MAVEN_OPTS
+      shell: bash

.github/actions/deploy-artifact-docker/README.md

@@ -9,33 +9,43 @@ The action accepts the following inputs:
 - `docker_platforms`: Docker platforms to build the image on. Default is 'linux/amd64'.
 - `docker_registry`: Docker registry to push the image to (DOCKER.IO, GHCR.IO, BOTH). Default is 'DOCKER.IO'.
 - `build_run_id`: The run id of the build to pull the artifact from. This is required.
+- `docker_context` : The docker context from the docker directory to use for the build. This is required if build-run-id is not used.
 - `commit_id`: The commit id that triggered the build. This is required.
-- `variant`: The branch or type of build to tag the image with. This is required.
+- `image_name`: The name of the image to build. e.g 'dotcms/dotcms'
+- `ref`: The the branch or tag that triggered the build e.g. the docker environment name "trunk", "nightly" if "release" then the name will not be used in the tag.
+- `docker-use-ref`: If true, the ref will be used in the tag if this is false then version must be specified
 - `docker_tag`: The docker tag to use for the image. This is required.
+- `latest` : If true, the image will be tagged as latest, usually reserved for the agile release e.g. dotcms/dotcms:latest
+- `version`: The release version of the image to tag for snapshot builds this is unset and ref is used.
 - `do_deploy`: Actually do the final deploy, set to false for testing. Default is 'true'.
 - `docker_io_username`: Docker.io username.
 - `docker_io_token`: Docker.io token.
 - `ghcr_io_username`: GHCR.io username.
 - `ghcr_io_token`: GHCR.io token.
 - `github_token`: GitHub token. This is required.
+- `build_args`: Build arguments to pass to the docker build command. Default is ''.
 
 ## Usage
 
 Here is an example of how to use this action in a workflow:
 
 ```yaml
-- name: Deploy Docker Artifact
-  uses: ./.github/actions/deploy-artifact-docker
-  with:
-    docker_platforms: linux/amd64,linux/arm64
-    build_run_id: ${{ github.event.workflow_run.id }}
-    commit_id: ${{ github.event.workflow_run.head_sha }}
-    variant: dotcms/dotcms:master
-    docker_tag: dotcms/dotcms:master_latest_SNAPSHOT
-    do_deploy: false
-    docker_io_username: ${{ secrets.DOCKER_USERNAME }}
-    docker_io_token: ${{ secrets.DOCKER_TOKEN }}
-    github_token: ${{ secrets.GITHUB_TOKEN }}
-```
+- name: Build/Push Docker Dev Image
+        id: docker_build_dev
+        if: inputs.deploy-dev-image
+        uses: ./.github/actions/deploy-artifact-docker
+        with:
+          image_name: dotcms/dotcms-dev
+          docker_platforms: linux/amd64,linux/arm64
+          docker_context: dev-env
+          commit_id: ${{ github.sha }}
+          ref: trunk
+          do_deploy: ${{ vars.DOCKER_DEPLOY || 'true' }} # default to true, set to disable in fork
+          docker_io_username: ${{ secrets.DOCKER_USERNAME }}
+          docker_io_token: ${{ secrets.DOCKER_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Make value below which is source dotcms/dotcms tag to base dev image on dynamic to use whatever tag created above
+          build_args: |
+            DOTCMS_DOCKER_TAG=trunk
 
 This action is part of a larger workflow and is designed to work in conjunction with other actions. It is used to build and push a Docker image as part of a continuous integration/continuous deployment (CI/CD) pipeline.