Replace artifacts.codice.org with GitHub Packages in itest PAX URL co…

.github/workflows/ci.yml

@@ -57,12 +57,12 @@ jobs:
             [{
               "id": "codice",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             },
             {
               "id": "connexta",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             }]
 
       - name: Quick install (skip tests)
@@ -105,12 +105,12 @@ jobs:
             [{
               "id": "codice",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             },
             {
               "id": "connexta",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             }]
 
       - name: Full build (excluding itests)
@@ -154,6 +154,21 @@ jobs:
           distribution: 'temurin'
           cache: maven
 
+      - name: Configure Maven settings
+        uses: s4u/maven-settings-action@v3.0.0
+        with:
+          servers: |
+            [{
+              "id": "codice",
+              "username": "${{ github.actor }}",
+              "password": "${{ github.token }}"
+            },
+            {
+              "id": "connexta",
+              "username": "${{ github.actor }}",
+              "password": "${{ github.token }}"
+            }]
+
       - name: Quick install (skip tests)
         run: mvn install $MAVEN_CLI_OPTS -DskipStatic=true -DskipTests=true
 
@@ -188,12 +203,12 @@ jobs:
             [{
               "id": "codice",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             },
             {
               "id": "connexta",
               "username": "${{ github.actor }}",
-              "password": "${{ secrets.READ_PACKAGES }}"
+              "password": "${{ github.token }}"
             }]
 
       - name: OWASP Dependency Check
@@ -286,7 +301,17 @@ jobs:
         with:
           servers: |
             [{
-              "id": "github",
+              "id": "codice",
+              "username": "${{ github.actor }}",
+              "password": "${{ secrets.GITHUB_TOKEN }}"
+            },
+            {
+              "id": "releases",
+              "username": "${{ github.actor }}",
+              "password": "${{ secrets.GITHUB_TOKEN }}"
+            },
+            {
+              "id": "snapshots",
               "username": "${{ github.actor }}",
               "password": "${{ secrets.GITHUB_TOKEN }}"
             }]

RELEASE_CHANGES_LOG.md

@@ -0,0 +1,29 @@
+# Changes to apply to master after 2.29.x release
+
+## Branch Protection: Migrate from legacy to ruleset
+
+**Done on 2.29.x:**
+- Created repo ruleset "2.29.x branch protection" (ID: 13192736)
+  - Targets: `refs/heads/2.29.x`
+  - Bypass actor: Codice Release Bot (app ID 2789451, Integration, always)
+  - Rules: pull_request (2 approvals), required_status_checks (license/cla, WIP, incremental-build), required_linear_history, non_fast_forward, deletion
+- Removed legacy branch protection on `2.29.x`
+
+**TODO for master:**
+- Create equivalent ruleset targeting `refs/heads/master`
+  - Same rules but note: master does NOT have `required_linear_history` (2.29.x did)
+  - Master has same status checks: incremental-build, WIP, license/cla
+  - Add Codice Release Bot as bypass actor (not present in current master legacy protection)
+- Remove legacy branch protection on `master`
+
+## CI Workflow (`.github/workflows/ci.yml`)
+
+**Done on gh-packages branch (commit 9f4ebf8e1d):**
+- Added `packages: write` permission to the `deploy` job (top-level only has `packages: read`)
+
+**TODO for master:**
+- Merge `gh-packages` branch or cherry-pick the `packages: write` fix into master's `ci.yml`
+
+## Release Workflow (`codice/release-pipelines`)
+
+All changes pushed directly to `main` in `codice/release-pipelines` — these apply to all repos using the reusable workflow, no per-branch action needed.

distribution/test/itests/test-itests-common/src/main/java/org/codice/ddf/itests/common/AbstractIntegrationTest.java

@@ -580,8 +580,7 @@ protected Option[] configureMavenRepos() {
                 + "https://repository.springsource.com/maven/bundles/external@id=springsourceext,"
                 + "https://oss.sonatype.org/content/repositories/releases/@id=sonatype,"
                 + "https://repo.osgeo.org/repository/release/@id=osgeo,"
-                + "https://artifacts.codice.org/content/repositories/releases@id=codice-releases,"
-                + "https://artifacts.codice.org/content/repositories/thirdparty@id=codice-thirdparty"),
+                + "https://maven.pkg.github.com/codice/ddf@id=codice"),
         when(System.getProperty(MVN_LOCAL_REPO) != null)
             .useOptions(
                 editConfigurationFilePut(

libs/test-common/src/main/java/org/codice/ddf/test/common/options/DistributionOptions.java

@@ -84,7 +84,7 @@ private static Option mavenRepos() {
         "https://repo1.maven.org/maven2@id=central,"
             + "http://oss.sonatype.org/content/repositories/snapshots@snapshots@noreleases@id=sonatype-snapshot,"
             + "http://oss.sonatype.org/content/repositories/ops4j-snapshots@snapshots@noreleases@id=ops4j-snapshot,"
-            + "http://artifacts.codice.org/content/repositories/releases@id=codice,"
+            + "https://maven.pkg.github.com/codice/ddf@id=codice,"
             + "https://repo.osgeo.org/repository/release/@id=osgeo,"
             + "http://repository.apache.org/content/groups/snapshots-group@snapshots@noreleases@id=apache,"
             + "http://svn.apache.org/repos/asf/servicemix/m2-repo@id=servicemix,"