mongodb
diff --git a/‎.action_templates/jobs/setup.yaml
+1-1 b/‎.action_templates/jobs/setup.yaml
+1-1
diff --git a/‎.action_templates/jobs/tests.yaml
+1-1 b/‎.action_templates/jobs/tests.yaml
+1-1
diff --git a/‎.github/workflows/release-images.yml
+7-1 b/‎.github/workflows/release-images.yml
+7-1
diff --git a/‎.github/workflows/release-single-image.yml
+6-1 b/‎.github/workflows/release-single-image.yml
+6-1
diff --git a/‎docs/RELEASE_NOTES.md
+3-5 b/‎docs/RELEASE_NOTES.md
+3-5
diff --git a/‎inventories/e2e-inventory.yaml
+5-38 b/‎inventories/e2e-inventory.yaml
+5-38
diff --git a/‎inventories/operator-inventory.yaml
+10-123 b/‎inventories/operator-inventory.yaml
+10-123
@@ -4,7 +4,7 @@ setup:
     fail-fast: false
     matrix:
       include:
-        - pipeline-argument: mongodb-kubernetes-operator
+        - pipeline-argument: operator
         - pipeline-argument: version-upgrade-hook
         - pipeline-argument: readiness-probe
         - pipeline-argument: agent
 
@@ -10,7 +10,7 @@ tests:
         - test-name: replica_set_enterprise_upgrade_4_5
           distro: ubi
         - test-name: replica_set_enterprise_upgrade_5_6
-          distro: ubi.
+          distro: ubi
         - test-name: replica_set_enterprise_upgrade_6_7
           distro: ubi
         - test-name: replica_set_recovery
 
@@ -56,11 +56,17 @@ jobs:
 
       - name: Publish Image To Quay
         if: steps.release_status.outputs.OUTPUT == 'unreleased'
-        run: python pipeline.py --image-name ${{ matrix.pipeline-argument }} --release
+        run: python pipeline.py --image-name ${{ matrix.pipeline-argument }} --release --sign
         env:
           MONGODB_COMMUNITY_CONFIG: "${{ github.workspace }}/scripts/ci/config.json"
           AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
           AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+          GRS_USERNAME: "${{ vars.GRS_USERNAME }}"
+          GRS_PASSWORD: "${{ secrets.GRS_PASSWORD }}"
+          PKCS11_URI: "${{ vars.PKCS11_URI }}"
+          ARTIFACTORY_USERNAME: "${{ vars.ARTIFACTORY_USERNAME }}"
+          ARTIFACTORY_PASSWORD: "${{ secrets.ARTIFACTORY_PASSWORD }}"
+          AWS_DEFAULT_REGION: "${{ vars.AWS_DEFAULT_REGION }}"
 
   create-draft-release:
     runs-on: ubuntu-latest
 
@@ -46,8 +46,13 @@ jobs:
 
       - name: Publish Image To Quay
         if: steps.release_status.outputs.OUTPUT == 'unreleased'
-        run: python pipeline.py --image-name ${{ github.event.inputs.pipeline-argument }} --release
+        run: python pipeline.py --image-name ${{ github.event.inputs.pipeline-argument }} --release --sign
         env:
           MONGODB_COMMUNITY_CONFIG: "${{ github.workspace }}/scripts/ci/config.json"
           AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
           AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+          GRS_USERNAME: "${{ vars.GRS_USERNAME }}"
+          GRS_PASSWORD: "${{ secrets.GRS_PASSWORD }}"
+          PKCS11_URI: "${{ vars.PKCS11_URI }}"
+          ARTIFACTORY_USERNAME: "${{ vars.ARTIFACTORY_USERNAME }}"
+          ARTIFACTORY_PASSWORD: "${{ secrets.ARTIFACTORY_PASSWORD }}"
@@ -1,7 +1,5 @@
-# MongoDB Kubernetes Operator 0.9.0
+# MongoDB Kubernetes Operator 0.10.0
 
-## MongoDBCommunity Resource
+## Released images signed
 
-- Changes
-  - Introduced support for [Mongodb7](https://www.mongodb.com/docs/manual/release-notes/7.0/)
-  - Upgrading Kubernetes client APIs to 1.26
+All container images published for the community operator are signed with our private key. This is visible on our Quay registry. Signature can be verified using our public key, which is available at [this address](https://cosign.mongodb.com/mongodb-enterprise-kubernetes-operator.pem).
@@ -1,14 +1,15 @@
 vars:
   registry: <registry>
+  architecture: amd64
 
 images:
-  - name: e2e-arm64
+  - name: e2e
     vars:
       context: .
       template_context: scripts/dev/templates
     inputs:
       - image
-    platform: linux/arm64
+    platform: linux/$(inputs.params.architecture)
     stages:
       - name: e2e-template
         task_type: dockerfile_template
@@ -31,40 +32,6 @@ images:
 
         output:
           - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.version_id)-arm64
+            tag: $(inputs.params.version_id)-$(inputs.params.architecture)
           - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: latest-arm64
-
-  - name: e2e-amd64
-    vars:
-      context: .
-      template_context: scripts/dev/templates
-    inputs:
-      - image
-    platform: linux/amd64
-    stages:
-      - name: e2e-template
-        task_type: dockerfile_template
-        distro: e2e
-
-        inputs:
-          - builder
-          - base_image
-
-        output:
-          - dockerfile: scripts/dev/templates/Dockerfile.ubi-$(inputs.params.version_id)
-
-      - name: e2e-build
-        task_type: docker_build
-
-        dockerfile: scripts/dev/templates/Dockerfile.ubi-$(inputs.params.version_id)
-
-        labels:
-          quay.expires-after: 48h
-
-        output:
-          - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.version_id)-amd64
-          - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: latest-amd64
-
+            tag: latest-$(inputs.params.architecture)
@@ -1,8 +1,9 @@
 vars:
   registry: <registry>
+  architecture: amd64
 
 images:
-  - name: operator-amd64
+  - name: operator
     vars:
       context: .
       template_context: scripts/dev/templates/operator
@@ -11,7 +12,7 @@ images:
       - image
       - image_dev
 
-    platform: linux/amd64
+    platform: linux/$(inputs.params.architecture)
 
     stages:
 #
@@ -30,7 +31,7 @@ images:
 
         output:
         - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-          tag: $(inputs.params.version_id)-context-amd64
+          tag: $(inputs.params.version_id)-context-$(inputs.params.architecture)
 
       - name: operator-template-dev
         task_type: dockerfile_template
@@ -51,16 +52,16 @@ images:
           - version_id
 
         buildargs:
-          imagebase: $(inputs.params.registry)/$(inputs.params.image_dev):$(inputs.params.version_id)-context-amd64
+          imagebase: $(inputs.params.registry)/$(inputs.params.image_dev):$(inputs.params.version_id)-context-$(inputs.params.architecture)
 
         labels:
           quay.expires-after: 48h
 
         output:
           - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-            tag: $(inputs.params.version_id)-amd64
+            tag: $(inputs.params.version_id)-$(inputs.params.architecture)
           - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-            tag: latest-amd64
+            tag: latest-$(inputs.params.architecture)
 
 #
 # Release build stages
@@ -83,7 +84,7 @@ images:
 
         output:
           - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.release_version)-context-amd64
+            tag: $(inputs.params.release_version)-context-$(inputs.params.architecture)
 
       - name: operator-template-release
         task_type: dockerfile_template
@@ -107,125 +108,11 @@ images:
         dockerfile: scripts/dev/templates/operator/Dockerfile.operator-$(inputs.params.release_version)
 
         buildargs:
-          imagebase: $(inputs.params.registry)/$(inputs.params.image):$(inputs.params.release_version)-context-amd64
+          imagebase: $(inputs.params.registry)/$(inputs.params.image):$(inputs.params.release_version)-context-$(inputs.params.architecture)
 
         labels:
           quay.expires-after: Never
 
         output:
           - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.release_version)-amd64
-
-  - name: operator-arm64
-    vars:
-      context: .
-      template_context: scripts/dev/templates/operator
-
-    inputs:
-      - image
-      - image_dev
-
-    platform: linux/arm64
-
-    stages:
-      #
-      # Dev build stages
-      #
-      - name: operator-builder-dev
-        task_type: docker_build
-        tags: [ "ubi" ]
-        dockerfile: scripts/dev/templates/operator/Dockerfile.builder
-
-        buildargs:
-          builder_image: $(inputs.params.builder_image)
-
-        labels:
-          quay.expires-after: 48h
-
-        output:
-          - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-            tag: $(inputs.params.version_id)-context-arm64
-
-      - name: operator-template-dev
-        task_type: dockerfile_template
-        tags: [ "ubi" ]
-        template_file_extension: operator
-        inputs:
-          - base_image
-
-        output:
-          - dockerfile: scripts/dev/templates/operator/Dockerfile.operator-$(inputs.params.version_id)
-
-      - name: operator-build-dev
-        task_type: docker_build
-        tags: [ "ubi" ]
-        dockerfile: scripts/dev/templates/operator/Dockerfile.operator-$(inputs.params.version_id)
-
-        inputs:
-          - version_id
-
-        buildargs:
-          imagebase: $(inputs.params.registry)/$(inputs.params.image_dev):$(inputs.params.version_id)-context-arm64
-
-        labels:
-          quay.expires-after: 48h
-
-        output:
-          - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-            tag: $(inputs.params.version_id)-arm64
-          - registry: $(inputs.params.registry)/$(inputs.params.image_dev)
-            tag: latest-arm64
-
-      #
-      # Release build stages
-      #
-      - name: operator-builder-release
-        task_type: docker_build
-        tags: [ "ubi", "release" ]
-
-        inputs:
-          - builder_image
-          - release_version
-
-        dockerfile: scripts/dev/templates/operator/Dockerfile.builder
-
-        labels:
-          quay.expires-after: Never
-
-        buildargs:
-          builder_image: $(inputs.params.builder_image)
-
-        output:
-          - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.release_version)-context-arm64
-
-      - name: operator-template-release
-        task_type: dockerfile_template
-        tags: [ "ubi", "release" ]
-        template_file_extension: operator
-        inputs:
-          - base_image
-          - release_version
-
-        output:
-          - dockerfile: scripts/dev/templates/operator/Dockerfile.operator-$(inputs.params.release_version)
-          - dockerfile: $(inputs.params.s3_bucket)/mongodb-kubernetes-operator/$(inputs.params.release_version)/ubi/Dockerfile
-
-      - name: operator-build-release
-        task_type: docker_build
-        tags: [ "ubi", "release" ]
-
-        inputs:
-          - release_version
-
-        dockerfile: scripts/dev/templates/operator/Dockerfile.operator-$(inputs.params.release_version)
-
-        buildargs:
-          imagebase: $(inputs.params.registry)/$(inputs.params.image):$(inputs.params.release_version)-context-arm64
-
-        labels:
-          quay.expires-after: Never
-
-        output:
-          - registry: $(inputs.params.registry)/$(inputs.params.image)
-            tag: $(inputs.params.release_version)-arm64
+            tag: $(inputs.params.release_version)-$(inputs.params.architecture)