chore(deps): update workflow templates to use latest action versions

README.md

@@ -29,6 +29,7 @@ In this repository in folder [workflow-templates](./workflow-templates/) you can
 | ------------- | ----------- | -------------------------- | ------------- |
 | [**Add License Headers**](./docs/workflows/license-header.md) | Checks or adds license header into source code files. Requires a [`.licenserc.yaml`](./config/examples/.licenserc.yaml) config file in the root folder. | On `push` and `workflow_dispatch` events | [license-header.yml](./workflow-templates/license-header.yml) |
 | [**Automatic PR Labeler**](./docs/workflows/automatic-pr-labeler.md) | Automatically label PRs based on conventional commit messages. Requires a [auto-labeler-config.yaml](./config/examples/auto-labeler-config.yaml) config file in the `.github` folder | On PR events | [automatic-pr-labeler.yaml](./workflow-templates/automatic-pr-labeler.yaml) |
+| [**Bump qubership-test-pipelines version**](./docs/workflows/bump-test-workflows-version.md) | This workflow automatically bumps references to `netcracker/qubership-test-pipelines` in all `.github/workflows/*.yaml` workflow files to the latest release commit SHA, and updates `pipeline_branch` to the same SHA value. | Manual trigger (workflow_dispatch) | [bump-test-workflows-version.yaml](./workflow-templates/bump-test-workflows-version.yaml) |
 | [**Check Go Modules Licenses**](./docs/workflows/check-license.md) | Check the licenses of Go modules in the repository using a configurable allowlist.  Fails if any module has a disallowed or missing license.  Requires a [.wwhrd.yml](./config/examples/.wwhrd.yml) config file in the repository root. | On push | [check-license.yaml](./workflow-templates/check-license.yaml) |
 | [**CLA Assistant**](./docs/workflows/cla.md) | Check if PR authors have signed the Contributor License Agreement | On PR events | [cla.yaml](./workflow-templates/cla.yaml) |
 | [**Cleanup Old Docker**](./docs/workflows/cleanup-old-docker-container.md) | Clean up old Docker container versions in GitHub Packages | Scheduled (cron), manual trigger | [cleanup-old-docker-container.yaml](./workflow-templates/cleanup-old-docker-container.yaml) |
@@ -37,13 +38,13 @@ In this repository in folder [workflow-templates](./workflow-templates/) you can
 | [**CI: Dev Docker Build Multiple Images**](./docs/workflows/dev-docker-build-multiple-images.md) | Workflow to build and publish multiple Docker images based on configuration file (.qubership/docker.cfg) | Manual trigger (workflow_dispatch), Pull request, Push | [dev-docker-build-multiple-images.yml](./workflow-templates/dev-docker-build-multiple-images.yml) |
 | [**CI: Dev Docker Build Selective**](./docs/workflows/dev-docker-build-selective.md) | Workflow to build and publish multiple Docker images based on configuration file (.qubership/docker.cfg) It builds only changed images based on the changeset detected. | Manual trigger (workflow_dispatch), Pull request, Push | [dev-docker-build-single-image.yml](./workflow-templates/dev-docker-build-selective.yml) |
 | [**Dev Maven Docker Build**](./docs/workflows/dev-mvn-docker-build.md) | Development build for Maven projects, with Docker image build and artifact publishing | Manual trigger (workflow_dispatch) | [dev-mvn-docker-build.yml](./workflow-templates/dev-mvn-docker-build.yml) |
+| [**Docker Images Release**](./docs/workflows/docker-release.md) | Releases Docker images and creates a GitHub release tag using configuration in `.qubership/docker-build-config.cfg`. | Manual trigger (workflow_dispatch) | [docker-release.yaml](./workflow-templates/docker-release.yaml) |
 | [**Go Build**](./docs/workflows/go-build.md) | Build and test Go projects, upload coverage to SonarCloud | On push to main, on pull request | [go-build.yaml](./workflow-templates/go-build.yaml) |
 | [**Helm Charts Release**](./docs/workflows/helm-charts-release.md) | Release Helm charts and Docker images, create GitHub release.  Requires a lot of configuration. Please read workflow file comments. Configuration examples: [.github/helm-charts-release-config.yaml](./config/examples/helm-charts-release-config.yaml) [.github/docker.cfg](./config/examples/docker.cfg) [.github/release-drafter-config.yml](./config/examples/release-drafter-config.yml) | Manual trigger (workflow_dispatch) | [helm-charts-release.yaml](./workflow-templates/helm-charts-release.yaml) |
 | [**Link Checker**](./docs/workflows/link-checker.md) | Check Markdown files for broken links using lychee | On push, manual trigger | [link-checker.yaml](./workflow-templates/link-checker.yaml) |
 | [**Lint and Test Charts**](./docs/workflows/lint-test-chart.md) | Lint and test Helm Charts | Manual trigger (workflow_dispatch), Pull request (pull_request) | [lint-test-chart.yaml](./workflow-templates/lint-test-chart.yaml) |
 | [**Lint Codebase**](./docs/workflows/super-linter.md) | Lint codebase using GitHub Super-Linter. Runs multiple linters on changed files for supported languages.  See [.github/super-linter.env](.github/super-linter.env) and [.github/linters/](.github/linters/) for configuration. | On push, pull request, manual trigger | [super-linter.yaml](./workflow-templates/super-linter.yaml) |
 | [**Maven Release v2**](./docs/workflows/maven-release-v2.md) | Enhanced Maven release with dry-run, Docker build, and GitHub release support.  Requires `pom.xml` [configuration](./docs/maven-publish-pom-preparation_doc.md) and [.github/release-drafter-config.yml](./config/examples/release-drafter-config.yml) config file. | Manual trigger (workflow_dispatch) | [maven-release-v2.yaml](./workflow-templates/maven-release-v2.yaml) |
-| [**Maven Release**](./docs/workflows/maven-release.md) | Release and upload Java artifacts to Maven Central or GitHub Packages, create GitHub release | Manual trigger (workflow_dispatch) | [maven-release.yaml](./workflow-templates/maven-release.yaml) |
 | [**Maven Snapshot Deploy**](./docs/workflows/maven-snapshot-deploy.md) | Deploy Maven snapshot artifacts to GitHub Packages or Maven Central | On push to non-main/non-release branches | [maven-snapshot-deploy.yaml](./workflow-templates/maven-snapshot-deploy.yaml) |
 | [**PR Assigner**](./docs/workflows/pr-assigner.md) | Automatically assign reviewers to PRs based on config or CODEOWNERS | On PR events | [pr-assigner.yml](./workflow-templates/pr-assigner.yml) |
 | [**PR Conventional Commits**](./docs/workflows/pr-conventional-commits.md) | Check if PR commits follow conventional commit messages | On PR events | [pr-conventional-commits.yaml](./workflow-templates/pr-conventional-commits.yaml) |

docs/workflows/bump-test-workflows-version.md

@@ -0,0 +1,67 @@
+# Bump qubership-test-pipelines version
+
+## Purpose
+
+This workflow automatically bumps references to `netcracker/qubership-test-pipelines` in all `.github/workflows/*.yaml` workflow files to the latest release commit SHA, and updates `pipeline_branch` to the same SHA value.
+
+It is useful to keep downstream workflow definitions aligned with the latest test-pipeline version and avoid manual PR churn.
+
+## Trigger
+
+- `on: workflow_dispatch` (manual run)
+
+## Required permissions
+
+In `jobs.bump.permissions`:
+
+- `contents: write`
+- `pull-requests: write`
+
+The run also requires a PAT in repository secrets with:
+
+- `GH_ACCESS_TOKEN` containing `contents: write` and `workflows: write`.
+
+## Job: `bump`
+
+Runs on:
+- `ubuntu-latest`
+
+### Steps
+
+1. **Get latest release tag SHA**
+   - `curl` latest release from:
+     - `https://api.github.com/repos/netcracker/qubership-test-pipelines/releases/latest`
+   - resolves tag name and tag object SHA into:
+     - `latest_release_tag`
+     - `latest_release_tag_sha`
+   - stores in `GITHUB_ENV`
+
+2. **Checkout**
+   - `uses: actions/checkout@v6`
+   - `ref: main`
+   - `persist-credentials: true`
+   - `token: ${{ secrets.GH_ACCESS_TOKEN }}`
+
+3. **Update version**
+   - env `GH_TOKEN: ${{ github.token }}`
+   - config Git user:
+     - `github-actions[bot]@qubership.com`
+     - `Git Hub Actions [Bot]`
+   - For each workflow file under `./.github/workflows` containing `uses: netcracker/qubership-test-pipelines`:
+     - update `uses: ... @<sha>` plus comment `# <tag>`
+     - update `pipeline_branch: '<sha>'`
+   - If `git status` shows changes:
+     - branch `feature/bump-test-pipelines-version-<timestamp>`
+     - commit message:
+       - `chore: bump netcracker/qubership-test-pipelines version to '<sha>' [<tag>]`
+     - push branch
+     - create PR:
+       - via `gh pr create --base main --head <branch> --title ... --body ...`
+   - Else:
+     - prints `No changes.`
+
+## Notes
+
+- The workflow uses the release tag's Git object SHA, not the tag name, as version pin.
+- It ensures both `uses: ...` and `pipeline_branch:` are updated in sync.
+- Requires `gh` CLI auth context in runner.

docs/workflows/docker-release.md

@@ -0,0 +1,63 @@
+# Docker Images Release
+
+## Purpose
+
+Releases Docker images and creates a GitHub release tag using configuration in `.qubership/docker-build-config.cfg`.
+
+The workflow validates a `release` tag, builds/publishes images via `qubership-workflow-hub` actions, and runs Release Drafter.
+
+## Trigger
+
+- `workflow_dispatch` with input:
+  - `release` (string, required)
+
+## Permissions
+
+- `contents: read` (top-level)
+
+Job-specific permissions:
+- `create-tag` job: `contents: write`
+- `docker-build` job: `contents: read`, `packages: write`
+- `github-release` job: `contents: write`, `packages: write`
+
+## Concurrency
+
+- group: `${{ github.workflow }}-${{ github.ref }}`
+- cancel-in-progress: `true`
+
+## Jobs
+
+### `check-tag`
+
+- `netcracker/qubership-workflow-hub/actions/tag-action@...` to ensure `v${{ inputs.release }}` does not already exist
+
+### `load-docker-build-components`
+
+- Checkout code
+- Read `.qubership/docker-build-config.cfg`
+- Validate format: `components` array and `platforms` string
+- Output `components` and `platforms` for matrix build
+
+### `create-tag`
+
+- Create Git tag `v${{ inputs.release }}` (write permission)
+
+### `docker-build`
+
+- Matrix over components from config
+- For each component:
+  - set `IMAGE_VERSION=${{ inputs.release }}`
+  - use `netcracker/qubership-workflow-hub/actions/docker-action@...` to build and publish
+
+### `github-release`
+
+- Checkout tag `v${{ inputs.release }}`
+- Run `netcracker/release-drafter@...` with:
+  - `config-name: release-drafter-config.yml`
+  - `publish: true`
+  - `name/tag/version: ${{ inputs.release }}`
+
+## Configuration files
+
+- `.qubership/docker-build-config.cfg` (example: `config/examples/docker.cfg`)
+- `.github/release-drafter-config.yml` (example: `config/examples/release-drafter-config.yml`)