Migrate OpenShift & Plus secrets to Azure Vault

[pdabelf5]

Proposed changes

• Redhat Openshift certification secrets migrated
• Plus JWT secret migrated
• Remove unused AWS Marketplace secrets
• Tidy formatting in image promotion workflow
• Allow goreleaser make target to use GOOS

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

[Copilot]

Pull Request Overview

This PR migrates secret management from GitHub Secrets to Azure Key Vault for improved security and centralized secret management. The changes establish Azure Vault integration for OpenShift certification credentials and NGINX Plus JWT tokens, while removing unused AWS Marketplace secrets and making minor improvements to the build process.

Key Changes:

• Integrated Azure Key Vault authentication across multiple GitHub workflows
• Migrated OpenShift certification secrets (PYAXIS tokens and project IDs) to Azure Vault
• Migrated NGINX Plus JWT credentials to Azure Vault
• Removed unused AWS Marketplace environment variables

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
.github/workflows/update-docker-images.yml	Added Azure login and secret retrieval for OpenShift certification
.github/workflows/single-image-regression.yml	Added Azure login and Plus JWT secret retrieval for regression tests
.github/workflows/setup-smoke.yml	Added Azure login and Plus JWT secret retrieval for smoke tests
.github/workflows/release.yml	Added Azure login and secret retrieval for release certification
.github/workflows/regression.yml	Added Azure login and Plus JWT secret retrieval for regression and helm tests
.github/workflows/image-promotion.yml	Added Azure login and secret retrieval for image promotion certification
.github/workflows/ci.yml	Added Azure login and Plus JWT secret retrieval for CI helm tests
.github/workflows/certify-ubi-image.yml	Added Azure login and secret retrieval for UBI image certification
.github/workflows/build-artifacts.yml	Removed unused AWS Marketplace secrets and relocated netrc cleanup
Makefile	Modified GoReleaser command to support configurable GOOS and removed debug flag

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.75%. Comparing base (e9d7c1c) to head (eb0bb19).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8515      +/-   ##
==========================================
+ Coverage   53.65%   53.75%   +0.10%     
==========================================
  Files          91       91              
  Lines       18285    18342      +57     
==========================================
+ Hits         9811     9860      +49     
- Misses       7963     7967       +4     
- Partials      511      515       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vepatel]

can be removed?

[pdabelf5]

I'd like to keep it as it's part of the assertion doc job which is likely to come back soon.