Add workflow for building Strimzi (strimzi#11789)

Signed-off-by: Jakub Stejskal <xstejs24@gmail.com>

Author: Frawless

.github/actions/build/build-docs/action.yml

@@ -0,0 +1,45 @@
+name: "Build Documentation"
+description: "Builds Strimzi documentation in HTML and PDF formats"
+
+inputs:
+  artifactName:
+    description: "Name of the documentation artifact to upload"
+    required: false
+    default: "documentation.tar"
+  runnerArch:
+    description: "Runner architecture (amd64, arm64)"
+    required: false
+    default: "amd64"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install yq
+      uses: ./.github/actions/dependencies/install-yq
+      with:
+        architecture: ${{ inputs.runnerArch }}
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '3.2'
+        
+    - name: Install asciidoctor
+      shell: bash
+      run: |
+        gem install asciidoctor
+        gem install asciidoctor-pdf
+        
+    - name: Build documentation
+      shell: bash
+      run: make docu_html docu_htmlnoheader docu_pdf
+      
+    - name: Create documentation archive
+      shell: bash
+      run: tar -cvpf documentation.tar ./documentation/html ./documentation/htmlnoheader ./documentation/pdf
+      
+    - name: Upload documentation artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.artifactName }}
+        path: documentation.tar

…ctions/build-strimzi-binaries/action.yml …/build/build-strimzi-binaries/action.yml.github/actions/build-strimzi-binaries/action.yml renamed to .github/actions/build/build-strimzi-binaries/action.yml .github/actions/build-strimzi-binaries/action.yml renamed to .github/actions/build/build-strimzi-binaries/action.yml

@@ -15,15 +15,15 @@ runs:
   using: "composite"
   steps:
     - name: Install yq
-      uses: ./.github/actions/install-yq
+      uses: ./.github/actions/dependencies/install-yq
       with:
         architecture: ${{ inputs.runnerArch }}
     - name: Install Shellcheck
-      uses: ./.github/actions/install-shellcheck
+      uses: ./.github/actions/dependencies/install-shellcheck
       with:
         architecture: ${{ inputs.runnerArch }}
     - name: Install Helm
-      uses: ./.github/actions/install-helm
+      uses: ./.github/actions/dependencies/install-helm
     - name: Setup Java
       uses: actions/setup-java@v5
       with:

…thub/actions/containers-build/action.yml …ctions/build/containers-build/action.yml.github/actions/containers-build/action.yml renamed to .github/actions/build/containers-build/action.yml .github/actions/containers-build/action.yml renamed to .github/actions/build/containers-build/action.yml

@@ -15,13 +15,13 @@ runs:
   using: "composite"
   steps:
     - name: Install Docker
-      uses: ./.github/actions/install-docker
+      uses: ./.github/actions/dependencies/install-docker
     - name: Install yq
-      uses: ./.github/actions/install-yq
+      uses: ./.github/actions/dependencies/install-yq
       with:
         architecture: ${{ inputs.runnerArch }}
     - name: Install Shellcheck
-      uses: ./.github/actions/install-shellcheck
+      uses: ./.github/actions/dependencies/install-shellcheck
       with:
         architecture: ${{ inputs.runnerArch }}
 

…ithub/actions/containers-load/action.yml …actions/build/containers-load/action.yml.github/actions/containers-load/action.yml renamed to .github/actions/build/containers-load/action.yml .github/actions/containers-load/action.yml renamed to .github/actions/build/containers-load/action.yml

@@ -0,0 +1,140 @@
+name: "Push Containers"
+description: "Pushes container images and creates manifests"
+
+inputs:
+  architectures:
+    description: "Comma-separated list of architectures (e.g., 'amd64,arm64,s390x,ppc64le')"
+    required: true
+  runnerArch:
+    description: "Runner architecture (amd64, arm64)"
+    required: false
+    default: "amd64"
+  quayUser:
+    description: "Quay.io username"
+    required: true
+  quayPass:
+    description: "Quay.io password"
+    required: true
+  cosignPassword:
+    description: "Cosign password for signing"
+    required: true
+  cosignPrivateKey:
+    description: "Cosign private key for signing"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install prerequisites
+      shell: bash
+      run: |
+        .azure/scripts/install_cosign.sh
+        .azure/scripts/install_syft.sh
+      env:
+        ARCH: ${{ inputs.runnerArch }}
+
+    - uses: ./.github/actions/dependencies/install-docker
+    - uses: ./.github/actions/dependencies/install-yq
+      with:
+        architecture: ${{ inputs.runnerArch }}
+
+    - name: Download container artifact
+      uses: actions/download-artifact@v5
+      with:
+        pattern: containers-*
+        path: ./
+        merge-multiple: true
+        
+    - name: Extract container archives
+      shell: bash
+      run: |
+        IFS=',' read -ra ARCH_ARRAY <<< "${{ inputs.architectures }}"
+        for arch in "${ARCH_ARRAY[@]}"; do
+          tar -xvf "containers-${arch}.tar"
+          rm "containers-${arch}.tar"
+        done
+
+    - name: Login to container registry
+      shell: bash
+      run: docker login -u ${{ inputs.quayUser }} -p ${{ inputs.quayPass }} ${{ env.DOCKER_REGISTRY }}
+
+    - name: Delete existing container manifests
+      shell: bash
+      run: make docker_delete_manifest
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        
+    - name: Push containers and create manifests
+      shell: bash
+      run: |
+        IFS=',' read -ra ARCH_ARRAY <<< "${{ inputs.architectures }}"
+        for arch in "${ARCH_ARRAY[@]}"; do
+          echo "Processing architecture: ${arch}"
+          export DOCKER_ARCHITECTURE="${arch}"
+          make docker_load docker_tag docker_push docker_amend_manifest docker_delete_archive
+        done
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+
+    - name: Push container manifests
+      shell: bash
+      run: make docker_push_manifest
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+
+    # TODO - We can use cosign in better way. See https://github.com/strimzi/strimzi-kafka-operator/issues/11826 for more details.
+    - name: Sign container manifests
+      shell: bash
+      run: make docker_sign_manifest
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        BUILD_ID: ${{ github.run_number }}
+        BUILD_COMMIT: ${{ github.sha }}
+        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
+        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
+
+    # TODO - We can use existing GitHub Action for SBOMs - https://github.com/strimzi/strimzi-kafka-operator/issues/11827
+    - name: Generate SBOMs
+      shell: bash
+      run: |
+        IFS=',' read -ra ARCH_ARRAY <<< "${{ inputs.architectures }}"
+        for arch in "${ARCH_ARRAY[@]}"; do
+          echo "Generating SBOM for architecture: ${arch}"
+          export DOCKER_ARCHITECTURE="${arch}"
+          make docker_sbom
+        done
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
+        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
+
+    - name: Create SBOM archive
+      shell: bash
+      run: tar -z -C ./sbom/ -cvpf sbom.tar.gz ./
+
+    - name: Upload SBOM artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: SBOMs-${{ env.DOCKER_TAG }}
+        path: sbom.tar.gz
+        
+    - name: Push SBOMs to registry
+      if: ${{ startsWith(github.ref, 'refs/heads/release-') }}
+      shell: bash
+      run: |
+        IFS=',' read -ra ARCH_ARRAY <<< "${{ inputs.architectures }}"
+        for arch in "${ARCH_ARRAY[@]}"; do
+          echo "Generating SBOM for architecture: ${arch}"
+          export DOCKER_ARCHITECTURE="${arch}"
+          make docker_push_sbom
+        done
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
+        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}

.github/actions/build/containers-push/action.yml

@@ -0,0 +1,54 @@
+name: "Deploy Java Artifacts"
+description: "Deploys Java artifacts to Maven Central"
+
+inputs:
+  runnerArch:
+    description: "Runner architecture (amd64, arm64)"
+    required: false
+    default: "amd64"
+  gpgPassphrase:
+    description: "GPG passphrase for signing"
+    required: true
+  gpgSigningKey:
+    description: "GPG signing key"
+    required: true
+  centralUsername:
+    description: "Maven Central username"
+    required: true
+  centralPassword:
+    description: "Maven Central password"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        
+    - name: Cache Maven dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: "maven-cache | **/pom.xml"
+        restore-keys: |
+          maven | ${{ github.job }}
+          maven
+          
+    - name: Install yq
+      uses: ./.github/actions/dependencies/install-yq
+      with:
+        architecture: ${{ inputs.runnerArch }}
+        
+    - name: Deploy Java artifacts
+      shell: bash
+      run: make pushtocentral
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        GPG_PASSPHRASE: ${{ inputs.gpgPassphrase }}
+        GPG_SIGNING_KEY: ${{ inputs.gpgSigningKey }}
+        CENTRAL_USERNAME: ${{ inputs.centralUsername }}
+        CENTRAL_PASSWORD: ${{ inputs.centralPassword }}

.github/actions/build/deploy-java/action.yml

@@ -0,0 +1,32 @@
+name: "Publish Documentation"
+description: "Publishes documentation to the Strimzi website"
+
+inputs:
+  artifactName:
+    description: "Name of the documentation artifact to download"
+    required: false
+    default: "Documentation"
+  githubDeployKey:
+    description: "GitHub deploy key for website publishing"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download documentation artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.artifactName }}
+        path: ./
+        
+    - name: Extract documentation
+      shell: bash
+      run: tar -xvf documentation.tar
+      
+    - name: Publish docs to website
+      shell: bash
+      run: make docu_pushtowebsite
+      env:
+        BUILD_REASON: "IndividualCI"
+        BRANCH: ${{ github.ref }}
+        GITHUB_DEPLOY_KEY: ${{ inputs.githubDeployKey }}

.github/actions/build/publish-docs/action.yml

@@ -0,0 +1,70 @@
+name: "Test Strimzi"
+description: "Runs Strimzi unit and integration tests with Maven"
+
+inputs:
+  runnerArch:
+    description: "Runner architecture (amd64, arm64)"
+    required: false
+    default: "amd64"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK
+      uses: actions/setup-java@v4
+      with:
+        java-version: "17"
+        distribution: 'temurin'
+        
+    - name: Cache Maven dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: "maven-cache | **/pom.xml"
+        restore-keys: |
+          maven | ${{ github.job }}
+          maven
+
+    - name: Install yq
+      uses: ./.github/actions/dependencies/install-yq
+      with:
+        architecture: ${{ inputs.runnerArch }}
+      
+    - name: Install Docker
+      uses: ./.github/actions/dependencies/install-docker
+      
+    - name: Setup Kind cluster
+      uses: ./.github/actions/dependencies/setup-kind
+      with:
+        architecture: ${{ inputs.runnerArch }}
+        
+    - name: Run unit and integration tests
+      shell: bash
+      run: |
+        mvn -e -V -B -Dmaven.javadoc.skip=true \
+          -Dsurefire.rerunFailingTestsCount=5 \
+          -Dfailsafe.rerunFailingTestsCount=2 \
+          install
+      env:
+        # Test container optimization and eliminate pulling RYUK image from DockerHub to prevent limits
+        TESTCONTAINERS_RYUK_DISABLED: true
+        TESTCONTAINERS_CHECKS_DISABLE: true
+        # Disable container logging for cleaner test output
+        STRIMZI_TEST_CONTAINER_LOGGING_ENABLED: false
+        
+    - name: Publish test results
+      uses: dorny/test-reporter@v2
+      if: always()
+      with:
+        name: 'Unit & Integration Tests'
+        path: '**/TEST-*.xml'
+        reporter: java-junit
+        fail-on-error: false
+        
+    - name: Upload test coverage to Codecov
+      uses: codecov/codecov-action@v5
+      with:
+        files: ./target/site/jacoco/jacoco.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false