gardener · AndreasBurger · Jul 16, 2025 · Jul 15, 2025
@@ -0,0 +1,13 @@
+name: Prepare Release
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
+    - name: make-generate
+      shell: bash
+      run: |
+        set -eu
+        make generate
@@ -0,0 +1,120 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        required: true
+        type: string
+        default: snapshot
+        description: |
+          the mode to use. either `snapshot` or `release`. Will affect effective version, as well
+          as target-oci-registry.
+
+jobs:
+  prepare:
+    uses: gardener/cc-utils/.github/workflows/prepare.yaml@master
+    with:
+      mode: ${{ inputs.mode }}
+      version-commit-callback-action-path: .github/actions/prepare-release
+    permissions:
+      contents: read
+
+  oci-images:
+    name: Build OCI-Images
+    needs:
+      - prepare
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    secrets: inherit
+    uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@master
+    strategy:
+      matrix:
+        args:
+          - name: gardener-extension-provider-gcp
+            target: gardener-extension-provider-gcp
+            oci-repository: gardener/extensions/provider-gcp
+            ocm-labels:
+              name: gardener.cloud/cve-categorisation
+              value:
+                network_exposure: protected
+                authentication_enforced: false
+                user_interaction: gardener-operator
+                confidentiality_requirement: high
+                integrity_requirement: high
+                availability_requirement: high
+          - name: gardener-extension-admission-gcp
+            target: gardener-extension-provider-gcp
+            oci-repository: gardener/extensions/admission-gcp
+            ocm-labels:
+              name: gardener.cloud/cve-categorisation
+              value:
+                network_exposure: protected
+                authentication_enforced: false
+                user_interaction: end-user
+                confidentiality_requirement: high
+                integrity_requirement: high
+                availability_requirement: high
+    with:
+      name: ${{ matrix.args.name }}
+      version: ${{ needs.prepare.outputs.version }}
+      target: ${{ matrix.args.target }}
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: ${{ matrix.args.oci-repository }}
+      oci-platforms: linux/amd64,linux/arm64
+      ocm-labels: ${{ toJSON(matrix.args.ocm-labels) }}
+      extra-tags: latest
+
+  helmcharts:
+    name: Build Helmcharts
+    needs:
+      - prepare
+      - oci-images
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    uses: gardener/cc-utils/.github/workflows/helmchart-ocm.yaml@master
+    strategy:
+      matrix:
+        args:
+          - name: provider-gcp
+            dir: charts/gardener-extension-provider-gcp
+            oci-repository: charts/gardener/extensions
+            ocm-mappings:
+              - ref: ocm-resource:gardener-extension-provider-gcp.repository
+                attribute: image.repository
+              - ref: ocm-resource:gardener-extension-provider-gcp.tag
+                attribute: image.tag
+          - name: admission-gcp-application
+            dir: charts/gardener-extension-admission-gcp/charts/application
+            oci-repository: charts/gardener/extensions
+            ocm-mappings:
+              - ref: ocm-resource:gardener-extension-admission-gcp.repository
+                attribute: image.repository
+              - ref: ocm-resource:gardener-extension-admission-gcp.tag
+                attribute: image.tag
+          - name: admission-gcp-runtime
+            dir: charts/gardener-extension-admission-gcp/charts/runtime
+            oci-repository: charts/gardener/extensions
+            ocm-mappings:
+              - ref: ocm-resource:gardener-extension-admission-gcp.repository
+                attribute: image.repository
+              - ref: ocm-resource:gardener-extension-admission-gcp.tag
+                attribute: image.tag
+    with:
+      name: ${{ matrix.args.name }}
+      dir: ${{ matrix.args.dir }}
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: ${{ matrix.args.oci-repository }}
+      ocm-mappings: ${{ toJSON(matrix.args.ocm-mappings) }}
+
+  sast-lint:
+    uses: gardener/cc-utils/.github/workflows/sastlint-ocm.yaml@master
+    permissions:
+      contents: read
+    with:
+      linter: gosec
+      run: make sast-report
@@ -0,0 +1,24 @@
+name: Build
+on:
+  push:
+  pull_request_target:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    with:
+      mode: snapshot
+    secrets: inherit
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
+  component-descriptor:
+    uses: gardener/cc-utils/.github/workflows/post-build.yaml@master
+    needs:
+      - build
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: write
@@ -0,0 +1,35 @@
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      next-version:
+        type: choice
+        options:
+          - bump-minor
+          - bump-patch
+
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+    with:
+      mode: release
+
+  release-to-github-and-bump:
+    uses: gardener/cc-utils/.github/workflows/release.yaml@master
+    needs:
+      - build
+    secrets: inherit
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+    with:
+      release-commit-target: branch
+      next-version: ${{ inputs.next-version }}
+      next-version-callback-action-path: .github/actions/prepare-release
+      slack-channel-id: C9CEBQPGE # #sap-tech-gardener
@@ -0,0 +1,25 @@
+name: Integration-Tests
+description: |
+  Runs Integrationtests using TestMachinery
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  integrationtest:
+    permissions:
+      id-token: write
+      contents: read
+    uses: gardener/cc-utils/.github/workflows/run-testmachinery-tests.yaml@master
+    with:
+      test-command: |
+        ${testrunner_run} \
+         --no-execution-group \
+         --testrun-prefix tm-extension-gcp- \
+         --timeout=3600 \
+         --testruns-chart-path=.ci/testruns/default \
+         --set revision=$(git rev-parse @)
+
@@ -0,0 +1,13 @@
+name: Create Upgrade-Pull-Requests
+on:
+  schedule:
+    - cron: '*/10 * * * *'
+  workflow_dispatch:
+
+jobs:
+  upgrade-pullrequests:
+    uses: gardener/cc-utils/.github/workflows/upgrade-dependencies.yaml@master
+    secrets: inherit
+    permissions:
+      contents: write
+      pull-requests: write
@@ -0,0 +1,14 @@
+labels:
+  - name: cloud.gardener.cnudie/responsibles
+    value:
+    - type: githubTeam
+      teamname: gardener/gardener-extension-provider-gcp-maintainers
+      github_hostname: github.com
+
+main-source:
+  labels:
+    - name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
+      value:
+        policy: skip
+        comment: |
+          we use gosec for sast scanning. See attached log.