Replace go-makefile-maker workflows with manually maintained ones

Stop using go-makefile-maker for GitHub Actions workflow generation.
With recent additions of custom workflows, maintaining consistency
between auto-generated and manually written pipelines became impractical.
The effort to update all workflows already requires reviewing each one,
so auto-generation provides diminishing value. Additionally, some
generated workflows like CodeQL are redundant (enabled at repo level)
while others like test-chart required manual modifications anyway.

Going forward, all workflows will be manually maintained for this
project, providing full control over CI/CD configuration.

Author: felix-kaestner

.github/workflows/checks.yaml

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  lint:
+    name: Check Go Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+  vulnerabilities:
+    name: Check Vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Run govulncheck
+        run: govulncheck -format text ./...
+  spelling:
+    name: Check Spelling Errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run typos
+        uses: crate-ci/typos@v1
+        env:
+          CLICOLOR: "1"
+  shellcheck:
+    name: Check Shell Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run shellcheck
+        uses: reviewdog/action-shellcheck@v1
+  license:
+    name: Check Licenses
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Dependency Licenses Review
+        run: make check-dependency-licenses
+      - name: Check if source code files have license header
+        run: make check-addlicense

.github/workflows/ci.yaml

@@ -5,20 +5,21 @@ name: Documentation
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
   pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  pages: write
-  id-token: write
+    branches:
+      - main
 
 concurrency:
   group: pages
   cancel-in-progress: false
 
+permissions:
+  contents: read
+  id-token: write
+  pages: write
+
 jobs:
   build:
     name: Build VitePress Site

.github/workflows/lint.yml

@@ -1,33 +1,26 @@
-################################################################################
-# This file is AUTOGENERATED with <https://github.com/sapcc/go-makefile-maker> #
-# Edit Makefile.maker.yaml instead.                                            #
-################################################################################
-
-# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company
 # SPDX-License-Identifier: Apache-2.0
 
-name: goreleaser
-"on":
+name: Release
+
+on:
   push:
     tags:
-      - '*'
+      - 'v*'
+
 permissions:
   contents: write
   packages: write
+
 jobs:
   release:
-    name: goreleaser
+    name: Publish Release
     runs-on: ubuntu-latest
     steps:
-      - name: Check out code
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v6
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
         with:
-          check-latest: true
-          go-version: 1.25.7
+          go-version-file: 'go.mod'
       - name: Run prepare make target
         run: make generate
       - name: Install syft

.github/workflows/publish-docs.yml

@@ -1,22 +1,27 @@
-# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
 # SPDX-License-Identifier: Apache-2.0
 
-name: REUSE Compliance
+name: REUSE
+
 on:
   push:
     branches:
       - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
   pull_request:
     branches:
-      - '*'
-  workflow_dispatch: {}
-permissions:
-  contents: read
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
 jobs:
-  test:
-    name: Check
+  compliance-check:
+    name: Compliance Check
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: REUSE Compliance Check
-      uses: fsfe/reuse-action@v5
+      - uses: actions/checkout@v6
+      - name: Compliance Check
+        uses: fsfe/reuse-action@v5

.github/workflows/goreleaser.yaml .github/workflows/release.yaml.github/workflows/goreleaser.yaml renamed to .github/workflows/release.yaml

@@ -1,17 +1,21 @@
-# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
 # SPDX-License-Identifier: Apache-2.0
 
-name: Close inactive issues
+name: Stale
+
 on:
   schedule:
     - cron: "35 1 * * *"
 
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 jobs:
   close-issues:
+    name: Close Inactive Issues and PRs
     runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
     steps:
       - uses: actions/stale@v9
         with: