nuxeo · pmacius · Feb 17, 2026 · Feb 16, 2026 · Feb 17, 2026 · Feb 17, 2026
diff --git a/.github/actions/nos-publish/action.yml b/.github/actions/nos-publish/action.yml
@@ -0,0 +1,121 @@
+name: 📦 Publish to Nuxeo Online Services
+description: |
+  Publish package to Nuxeo Online service.
+inputs:
+  package-path:
+    description: Path to the package file to be published.
+    required: true
+  nos-username:
+    description: Nuxeo Online Service username for authentication.
+    required: true
+  nos-token:
+    description: Nuxeo Online Service token for authentication.
+    required: true
+  nos-env:
+    description: |
+      Nuxeo Online Service target environment (production or staging).
+      unrecognized values fallback to 'staging'.
+    required: true
+  nos-org:
+    description: |
+      Nuxeo Online Service organization name.
+    default: nuxeo
+  skip-verify:
+    description: Skip verification of the published package.
+    default: "false"
+outputs:
+  publishing-status:
+    description: Status of the publishing process.
+    value: ${{ steps.publish-output.outputs.status }}
+  package-url:
+    description: URL of the published package on Nuxeo Online Services.
+    value: ${{ steps.publish-output.outputs.url }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Get Branch name
+      uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v14.0.0
+
+    - name: Evaluate Target env if none has been set
+      shell: bash
+      run: |
+        case "${{ inputs.nos-env }}" in
+          "production")
+            CONNECT_HOST=connect.nuxeo.com
+            ;;
+          *)
+            CONNECT_HOST=nos-preprod-connect.nuxeocloud.com
+            ;;
+        esac
+        echo "CONNECT_BASE=https://${CONNECT_HOST}/nuxeo/site/marketplace" >> $GITHUB_ENV
+        echo "🎯 Target Nuxeo Online Services environment: '${CONNECT_HOST}'"
+
+    - name: Extract package info
+      shell: bash
+      env:
+        PACKAGE_XML: "package.xml"
+      run: |
+        unzip -t "${{ inputs.package-path }}" $PACKAGE_XML || {
+          echo "❌ The package file '${{ inputs.package-path }}' has no valid descriptor"
+          exit 1
+        }
+        echo "📦 Extracting package information from ${{ inputs.package-path }}..."
+        for i in name version; do
+          VALUE=$(unzip -p "${{ inputs.package-path }}" $PACKAGE_XML | yq -p=xml ".package.+@${i}")
+          export "PACKAGE_${i^^}=${VALUE}"
+          echo "PACKAGE_${i^^}=${VALUE}" | tee -a $GITHUB_ENV
+        done
+        if [[ -z "${PACKAGE_NAME}" || -z "${PACKAGE_VERSION}" ]]; then
+          echo "❌ Unable to extract package name or version from descriptor"
+          exit 1
+        fi
+
+    - name: Publish package to Nuxeo Online Services
+      shell: bash
+      id: publish
+      env:
+        NOS_USERNAME: ${{ inputs.nos-username }}
+        NOS_TOKEN: ${{ inputs.nos-token }}
+      run: |
+        PUBLISH=$(curl -sX POST \
+          -u "${NOS_USERNAME}:${NOS_TOKEN}" \
+          -w "%{http_code}" \
+          -F "package=@${{ inputs.package-path }}" \
+          "${CONNECT_BASE}/upload?batch=true&orgId=${{ inputs.nos-org }}")
+        echo "📢 Publishing package to Nuxeo Online Services..."
+        if [[ "${PUBLISH: -3}" != "200" ]]; then
+          echo "❌ Failed to publish package. HTTP Status: ${PUBLISH: -3}"
+          exit 1
+        fi
+
+    - name: Verify published package on Nuxeo Online Services
+      id: verify
+      env:
+        NOS_USERNAME: ${{ inputs.nos-username }}
+        NOS_TOKEN: ${{ inputs.nos-token }}
+      shell: bash
+      if: inputs.skip-verify == 'false'
+      run: |
+        sleep 5
+        echo "🔍 Verifying published package on Nuxeo Online Services..."
+        PUBLISHED=$(curl -sX GET \
+          -u "${NOS_USERNAME}:${NOS_TOKEN}" \
+          -w "%{http_code}" \
+          "${CONNECT_BASE}/package/${PACKAGE_NAME}?version=${PACKAGE_VERSION}")
+        if [[ "${PUBLISHED: -3}" != "200" ]]; then
+          echo "❌ Published package verification failed. HTTP Status: ${PUBLISHED: -3}"
+          exit 1
+        fi
+        echo "✅ Package '${PACKAGE_NAME}' version '${PACKAGE_VERSION}' successfully published to Nuxeo Online Services."
+
+    - name: Populate outputs
+      id: publish-output
+      shell: bash
+      if: always()
+      env:
+        PACKAGE_URL: ${{ format('{0}/package/{1}?version={2}', env.CONNECT_BASE, env.PACKAGE_NAME, env.PACKAGE_VERSION) }}
+        STATUS: ${{ inputs.skip-verify == 'false' && steps.verify.outcome || steps.publish.outcome }}
+      run: |
+        echo "url=${PACKAGE_URL}" >> $GITHUB_OUTPUT
+        echo "status=${STATUS}" >> $GITHUB_OUTPUT
diff --git a/.github/actions/nos-publish/install.xml b/.github/actions/nos-publish/install.xml
@@ -0,0 +1 @@
+<install />
diff --git a/.github/actions/nos-publish/package.xml b/.github/actions/nos-publish/package.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<package type="addon" name="ops-readiness-ci" version="0.1.0">
+  <title>A dummy package to test OPS Readiness CI</title>
+  <description>
+    <div>
+      This is a dummy package created to test OPS Readiness CI.
+    </div>
+  </description>
+  <vendor>Hyland</vendor>
+  <target-platform>
+    <name>lts</name>
+    <version>[2023,)</version>
+  </target-platform>
+  <license>Apache 2.0</license>
+  <license-url>http://www.apache.org/licenses/LICENSE-2.0</license-url>
+  <visibility>PUBLIC</visibility>
+</package>
diff --git a/.github/actions/nuxeo-docker-build/Dockerfile b/.github/actions/nuxeo-docker-build/Dockerfile
@@ -0,0 +1,65 @@
+# Base image
+ARG BASE_IMAGE_TAG="2023"
+FROM docker-private.packages.nuxeo.com/nuxeo/nuxeo:${BASE_IMAGE_TAG}
+
+# Build arguments
+ARG BUILD_TAG=unknown
+ARG SCM_REF=unknown
+ARG VERSION=unknown
+ARG BUILD_DATE=""
+ARG PACKAGES_AUTH_USER
+ARG PACKAGES_AUTH_TOKEN
+ARG PACKAGES_LIST
+ARG NUXEO_CONNECT_MODULES
+ARG IMAGE_TITLE="Nuxeo Server"
+ARG IMAGE_LICENSE="Apache 2.0"
+
+# Labels
+LABEL org.nuxeo.build-tag=$BUILD_TAG \
+      org.nuxeo.scm-ref=$SCM_REF \
+      org.nuxeo.version=$VERSION \
+      org.label-schema.build-date="$BUILD_DATE" \
+      org.label-schema.license="$IMAGE_LICENSE" \
+      org.label-schema.name="$IMAGE_TITLE" \
+      org.label-schema.vendor="$IMAGE_VENDOR" \
+      org.opencontainers.image.created="$BUILD_DATE" \
+      org.opencontainers.image.licenses="$IMAGE_LICENSE" \
+      org.opencontainers.image.title="$IMAGE_TITLE" \
+      org.opencontainers.image.vendor="Nuxeo"
+
+# Switch to root
+USER root
+
+# Combined system dependencies and secure private repo installation into a single RUN to reduce image layers
+# --- Install system dependencies and secure private repo ---
+RUN --mount=type=secret,id=nuxeo-private,target=/tmp/nuxeo-private.repo <<EOC
+dnf -y install gettext
+envsubst </tmp/nuxeo-private.repo >/etc/yum.repos.d/nuxeo-private.repo
+dnf -y install --skip-broken $PACKAGES_LIST
+rm /etc/yum.repos.d/nuxeo-private.repo
+dnf clean all
+rm -rf /var/cache/dnf
+EOC
+
+USER nuxeo
+
+RUN --mount=type=bind,from=modules,target=/modules \
+    --mount=type=secret,id=NUXEO_CLID,env=NUXEO_CLID \
+    --mount=type=secret,id=NUXEO_CONNECT_URL,env=NUXEO_CONNECT_URL <<EOC
+if [ -n "${NUXEO_CONNECT_MODULES}" ]; then
+    OPT_CONNECT_URL=""
+    if [ -n "${NUXEO_CONNECT_URL}" ]; then
+        OPT_CONNECT_URL="--connect-url ${NUXEO_CONNECT_URL}"
+    fi
+    /install-packages.sh --clid ${NUXEO_CLID} "${OPT_CONNECT_URL}" ${NUXEO_CONNECT_MODULES}
+else
+    echo "No Nuxeo Connect modules specified - skipping connect installation"
+fi
+
+mods=$(find /modules -maxdepth 1 -type f \( -name '*.zip' -o -name '*.jar' \) -print)
+if [ -n "${mods}" ]; then
+    /install-packages.sh --offline ${mods}
+else
+    echo "No offline package files (*.zip/*.jar) found in /modules - skipping offline installation"
+fi
+EOC