switch to gha

.ci/lint

@@ -12,13 +12,9 @@ npm --prefix $src_dir install --include=dev --omit=peer --no-audit
 echo 'Running eslint for all javascript modules..'
 echo ''
 
-if eslint . \
-    --max-warnings 0 \
-    -c "${src_dir}/${eslint_cfg_filename}" \
-    "${src_dir}"; then
-    echo 'eslint succeeded'
-    exit 0
-else
-    echo 'eslint found errors (see above)'
-    exit 1
-fi
+npx --no-install eslint . \
+  --max-warnings 0 \
+  -c "${src_dir}/${eslint_cfg_filename}" \
+  "${src_dir}"
+
+echo 'eslint succeeded'

.ci/read-version

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+cat "$(dirname "$0")/../VERSION"

.ci/write-version

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+read -r next_version
+
+echo "$next_version" > "$(dirname "$0")/../VERSION"
+
+extension_definitions="$(dirname "$0")/../extension-definitions.yaml"
+
+# pass env-var inline to make it available in yq subprocess
+NEXT_VERSION="$next_version" yq -i '
+    .installation.ocm_references[].version = strenv(NEXT_VERSION) |
+    .installation.ocm_references[].artefact.version = strenv(NEXT_VERSION) |
+    .installation.ocm_references[].mappings[].version = strenv(NEXT_VERSION)
+' "${extension_definitions}"

.github/workflows/build.yaml

@@ -0,0 +1,153 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        required: true
+        type: string
+        description:
+          mode as expected by `cc-utils/.github/workflows/prepare`
+          either of
+          - snapshot
+          - release
+
+jobs:
+  prepare:
+    uses: gardener/cc-utils/.github/workflows/prepare.yaml@master
+    with:
+      mode: ${{ inputs.mode }}
+
+  odg-extension-definitions:
+    runs-on: ubuntu-latest
+    needs:
+    - prepare
+    steps:
+    - uses: actions/checkout@v4
+    - name: Export odg-extension-definitions
+      run: |
+        export version=${{ needs.prepare.outputs.version }}
+        blobs_dir=blobs.d
+        mkdir $blobs_dir
+        extension_definitions="extension-definitions.yaml"
+
+        yq -i '
+          .installation.ocm_references[].version = strenv(version) |
+          .installation.ocm_references[].artefact.version = strenv(version) |
+          .installation.ocm_references[].mappings[].version = strenv(version)
+        ' ${extension_definitions}
+
+        tar czf ${blobs_dir}/extension_definitions.tar.gz ${extension_definitions}
+
+    - uses: gardener/cc-utils/.github/actions/export-ocm-fragments@master
+      with:
+        ocm-resources: |
+          name: odg-extension-definitions
+          type: odg-extension
+          relation: local
+          access:
+            type: localBlob
+            localReference: extension_definitions.tar.gz
+        blobs-directory: blobs.d
+
+  lint:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: latest
+
+      - name: Run ESLint
+        run: |
+          .ci/lint
+
+      - name: Run ESLint (SAST) and collect evidence
+        run: |
+          set -euo pipefail
+          blobs_dir=blobs.d
+          mkdir -p $blobs_dir
+          eslint_logfile=eslint-sast.log
+          eslint_evidence="${blobs_dir}/eslint-sast.tar.gz"
+
+          .ci/lint eslint.sast.config.mjs 2>&1 | tee $eslint_logfile
+
+          tar czf $eslint_evidence $eslint_logfile eslint.sast.config.mjs
+
+      - name: Export ESLint SAST evidence to component descriptor
+        uses: gardener/cc-utils/.github/actions/export-ocm-fragments@master
+        with:
+          blobs-directory: blobs.d
+          ocm-resources: |
+            name: sast-linting-evidence
+            relation: local
+            access:
+              type: localBlob
+              localReference: eslint-sast.tar.gz
+            labels:
+              - name: gardener.cloud/purposes
+                value:
+                  - lint
+                  - sast
+                  - eslint
+
+              - name: gardener.cloud/comment
+                value: |
+                  we use eslint with "eslint-plugin-security" for SAST scans
+                  see: https://github.com/eslint-community/eslint-plugin-security
+
+  oci-image:
+    name: Build OCI Image
+    needs:
+      - prepare
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@master
+    with:
+      name: delivery-dashboard
+      version: ${{ needs.prepare.outputs.version }}
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: odg/delivery-dashboard
+      dockerfile: Dockerfile
+      ctx: oci-images
+      oci-platforms: linux/amd64,linux/arm64
+      ocm-labels: |
+        name: gardener.cloud/cve-categorisation
+        value:
+          network_exposure: public
+          authentication_enforced: false
+          user_interaction: end-user
+          confidentiality_requirement: none
+          integrity_requirement: high
+          availability_requirement: high
+
+  helmchart:
+    name: Build Helmchart
+    needs:
+      - prepare
+      - oci-image
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    uses: gardener/cc-utils/.github/workflows/helmchart-ocm.yaml@master
+    with:
+      name: delivery-dashboard
+      dir: charts/delivery-dashboard
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: charts/odg
+      ocm-mappings: |
+        - ref: ocm-resource:delivery-dashboard.repository
+          attribute: image.repository
+        - ref: ocm-resource:delivery-dashboard.tag
+          attribute: image.tag
+        - ref: ocm-resource:busybox.repository
+          attribute: busybox.image.repository
+        - ref: ocm-resource:busybox.tag
+          attribute: busybox.image.tag

.github/workflows/non-release.yaml

@@ -0,0 +1,24 @@
+name: CI (non-release)
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    secrets: inherit
+    with:
+      mode: snapshot
+
+  component-descriptor:
+    uses: gardener/cc-utils/.github/workflows/post-build.yaml@master
+    needs:
+      - build
+    secrets: inherit
+    permissions:
+      contents: write
+      id-token: write

.github/workflows/release.yaml

@@ -0,0 +1,27 @@
+name: Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    secrets: inherit
+    with:
+      mode: release
+
+  release-to-github-and-bump:
+    uses: gardener/cc-utils/.github/workflows/release.yaml@master
+    needs: build
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+    secrets: inherit
+    with:
+      release-commit-target: branch
+      next-version: bump-minor

.ocm/base-component.yaml

@@ -0,0 +1,17 @@
+name: ocm.software/ocm-gear/delivery-dashboard
+resources:
+  - name: busybox
+    version: 1.37.0
+    type: ociImage
+    access:
+      type: ociRegistry
+      imageReference: docker.io/library/busybox:1.37.0
+    relation: external
+labels:
+  - name: cloud.gardener.cnudie/responsibles
+    value:
+      - type: githubTeam
+        teamname: open-component-model/odg-maintainers
+        github_hostname: github.com
+sources: []
+componentReferences: []

extension-definitions.yaml

@@ -0,0 +1,42 @@
+name: delivery-dashboard
+installation:
+  ocm_references:
+    - helm_chart_name: delivery-dashboard
+      name: ocm.software/ocm-gear/delivery-dashboard
+      version: 0.399.0-dev
+      artefact:
+        name: delivery-dashboard
+        version: 0.399.0-dev
+      mappings:
+        - name: delivery-dashboard
+          version: 0.399.0-dev
+          artefact_type: helmchart-imagemap
+  value_templates:
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: target_namespace
+      value: ${target_namespace}
+      value_type: python-string-template
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: ingress.hosts
+      value:
+        - delivery-dashboard.${base_url}
+      value_type: python-string-template
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: envVars.REACT_APP_DELIVERY_SERVICE_API_URL
+      value: dependencies.delivery-service.outputs.delivery-service-url
+      value_type: jsonpath
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: ingress.annotations."cert.gardener.cloud/purpose"
+      value: managed
+      value_type: literal
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: ingress.annotations."dns.gardener.cloud/class"
+      value: garden
+      value_type: literal
+    - helm_chart_name: delivery-dashboard
+      helm_attribute: ingress.annotations."dns.gardener.cloud/dnsnames"
+      value: '"*"'
+      value_type: literal
+outputs: []
+dependencies:
+  - delivery-service