.forgejo/workflows/oci-image.yml

@@ -1,28 +0,0 @@
-name: OCI image
-
-on:
-  push:
-  workflow_dispatch:
-
-jobs:
-  image:
-    name: Build container images
-    runs-on: docker
-    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
-    steps:
-      - name: Clone git repo
-        uses: actions/checkout@v3
-
-      - name: Build OCI image
-        run: make images
-
-      - name: Push image to OCI registry
-        run: |
-          echo "$REGISTRY_PASSWORD" \
-            | docker login --username truecloudlab --password-stdin git.frostfs.info
-          make push-images
-        if: >-
-          startsWith(github.ref, 'refs/tags/v') &&
-          (github.event_name == 'workflow_dispatch' || github.event_name == 'push')
-        env:
-          REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}

Makefile

@@ -139,15 +139,6 @@ images: image-storage image-ir image-cli image-adm
 # Build dirty local Docker images
 dirty-images: image-dirty-storage image-dirty-ir image-dirty-cli image-dirty-adm
 
-# Push FrostFS components' docker image to the registry
-push-image-%:
-	@echo "⇒ Publish FrostFS $* docker image "
-	@docker push $(HUB_IMAGE)-$*:$(HUB_TAG)
-
-# Push all Docker images to the registry
-.PHONY: push-images
-push-images: push-image-storage push-image-ir push-image-cli push-image-adm
-
 # Run `make %` in Golang container
 docker/%:
 	docker run --rm -t \

docs/release-instruction.md

@@ -95,15 +95,19 @@ $ git push origin ${FROSTFS_TAG_PREFIX}${FROSTFS_REVISION}
 
 ## Post-release
 
-### Prepare and push images to a Docker registry (automated)
+### Prepare and push images to a Docker Hub (if not automated)
 
-Create Docker images for all applications and push them into container registry
+Create Docker images for all applications and push them into Docker Hub
-(executed automatically in Forgejo Actions upon pushing a release tag):
+(requires [organization](https://hub.docker.com/u/truecloudlab) privileges)
 
 ```shell
 $ git checkout ${FROSTFS_TAG_PREFIX}${FROSTFS_REVISION}
 $ make images
-$ make push-images
+$ docker push truecloudlab/frostfs-storage:${FROSTFS_REVISION}
+$ docker push truecloudlab/frostfs-storage-testnet:${FROSTFS_REVISION}
+$ docker push truecloudlab/frostfs-ir:${FROSTFS_REVISION}
+$ docker push truecloudlab/frostfs-cli:${FROSTFS_REVISION}
+$ docker push truecloudlab/frostfs-adm:${FROSTFS_REVISION}
 ```
 
 ### Make a proper release (if not automated)

pkg/util/ape/parser.go

@@ -261,7 +261,7 @@ func parseResource(lexeme string, isObj bool) (string, error) {
 		} else {
 			if lexeme == "*" {
 				return nativeschema.ResourceFormatAllContainers, nil
-			} else if lexeme == "/*" || lexeme == "root/*" {
+			} else if lexeme == "/*" {
 				return nativeschema.ResourceFormatRootContainers, nil
 			} else if strings.HasPrefix(lexeme, "/") && len(lexeme) > 1 {
 				lexeme = lexeme[1:]

pkg/util/ape/parser_test.go

@@ -43,15 +43,6 @@ func TestParseAPERule(t *testing.T) {
 				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
 			},
 		},
-		{
-			name: "Valid rule for all containers in explicit root namespace",
-			rule: "allow Container.Put root/*",
-			expectRule: policyengine.Rule{
-				Status:    policyengine.Allow,
-				Actions:   policyengine.Actions{Names: []string{nativeschema.MethodPutContainer}},
-				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootContainers}},
-			},
-		},
 		{
 			name: "Valid rule for all objects in root namespace and container",
 			rule: "allow Object.Put /cid/*",