Replace go-makefile-maker workflows with manually maintained ones

Stop using go-makefile-maker for GitHub Actions workflow generation.
With recent additions of custom workflows, maintaining consistency
between auto-generated and manually written pipelines became impractical.
The effort to update all workflows already requires reviewing each one,
so auto-generation provides diminishing value. Additionally, some
generated workflows like CodeQL are redundant (enabled at repo level)
while others like test-chart required manual modifications anyway.

Going forward, all workflows will be manually maintained for this
project, providing full control over CI/CD configuration.

Author: felix-kaestner

.github/workflows/checks.yaml

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  lint:
+    name: Check Go Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+  vulnerabilities:
+    name: Check Vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Run govulncheck
+        run: govulncheck -format text ./...
+  spelling:
+    name: Check Spelling Errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run typos
+        uses: crate-ci/typos@v1
+        env:
+          CLICOLOR: "1"
+  shellcheck:
+    name: Check Shell Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run shellcheck
+        uses: reviewdog/action-shellcheck@v1
+  license:
+    name: Check Licenses
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Dependency Licenses Review
+        run: make check-dependency-licenses
+      - name: Check if source code files have license header
+        run: make check-addlicense

.github/workflows/ci.yaml

@@ -5,20 +5,21 @@ name: Documentation
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
   pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  pages: write
-  id-token: write
+    branches:
+      - main
 
 concurrency:
   group: pages
   cancel-in-progress: false
 
+permissions:
+  contents: read
+  id-token: write
+  pages: write
+
 jobs:
   build:
     name: Build VitePress Site

.github/workflows/container-registry-ghcr.yaml

@@ -31,7 +31,7 @@ jobs:
       - uses: actions/checkout@v6
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v6
         with:
           images: ghcr.io/${{ github.repository }}
           tags: |
@@ -48,19 +48,25 @@ jobs:
             type=ref,event=pr
             # https://github.com/docker/metadata-action#typesha
             type=sha,format=long
+      - name: Extract build-args for Docker
+        id: build_args
+        run: |
+          echo "version=$(git describe --tags --always --abbrev=7)" >> $GITHUB_OUTPUT
+          echo "commit=$(git rev-parse --verify HEAD)" >> $GITHUB_OUTPUT
+          echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
         id: setup-buildx
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Go Cache for Docker
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         id: cache
         with:
           path: |
@@ -78,9 +84,13 @@ jobs:
           skip-extraction: ${{ steps.cache.outputs.cache-hit }}
           builder: ${{ steps.setup-buildx.outputs.name }}
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
+          build-args: |
+            BININFO_VERSION=${{ steps.build_args.outputs.version }}
+            BININFO_COMMIT_HASH=${{ steps.build_args.outputs.commit }}
+            BININFO_BUILD_DATE=${{ steps.build_args.outputs.date }}
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/lint.yml

@@ -1,33 +1,26 @@
-################################################################################
-# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
-# Edit Makefile.maker.yaml instead.                                            #
-################################################################################
-
-# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company
 # SPDX-License-Identifier: Apache-2.0
 
-name: goreleaser
-"on":
+name: Release
+
+on:
   push:
     tags:
-      - '*'
+      - 'v*'
+
 permissions:
   contents: write
   packages: write
+
 jobs:
   release:
-    name: goreleaser
+    name: Publish Release
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v6
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          check-latest: true
-          go-version: 1.26.2
+          go-version-file: 'go.mod'
       - name: Run prepare make target
         run: make generate
       - name: Install syft