Refactor GitHub Actions Workflows

.github/workflows/check-codegen.yml

@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Check Codegen
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  check-codegen:
+    name: Detect Drift
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Run make generate
+        run: make generate
+      - name: Run make docs
+        run: make docs
+      - name: Run make charts
+        run: make charts
+      - name: Run fmt
+        run: make fmt
+      - name: Compare the expected and actual generated/* directories
+        run: |
+          if [ "$(git diff | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after build. Consider running 'make generate && make docs && make charts && make fmt'."
+            echo "See status below:"
+            git diff
+            exit 1
+          fi

.github/workflows/kustomize-validation.yml

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Kustomize
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  kustomize-validation:
+    name: Validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Install Kustomize
+        run: |
+          make install-kustomize
+      - name: Validate Kustomize
+        run: |
+          ./hack/validate-kustomize.sh

.github/workflows/lint.yml

@@ -0,0 +1,66 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+jobs:
+  lint:
+    name: Check Go Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest
+  vulnerabilities:
+    name: Check Vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Run govulncheck
+        run: govulncheck -format text ./...
+  spelling:
+    name: Check Spelling Errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run typos
+        uses: crate-ci/typos@v1
+        env:
+          CLICOLOR: "1"
+  shellcheck:
+    name: Check Shell Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Run shellcheck
+        uses: reviewdog/action-shellcheck@v1
+  license:
+    name: Check Licenses
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+      - name: Dependency Licenses Review
+        run: make check-dependency-licenses
+      - name: Check if source code files have license header
+        run: make check-addlicense

.github/workflows/publish-chart.yml

@@ -0,0 +1,60 @@
+# SPDX-FileCopyrightText: 2026 SAP SE or an SAP affiliate company and IronCore contributors
+# SPDX-License-Identifier: Apache-2.0
+
+name: Helm Chart
+
+on:
+  push:
+    tags:
+      - 'v*'
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push-chart:
+    name: Build and Push Helm Chart
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v4.1.0
+      - name: Determine Chart Version
+        id: chart_version
+        run: |
+          if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            # Use tag version (strip 'v' prefix)
+            CHART_VERSION="${GITHUB_REF#refs/tags/v}"
+          else
+            # Use short commit hash
+            CHART_VERSION="0.0.0-$(git rev-parse --short HEAD)"
+          fi
+          echo "version=$CHART_VERSION" >> $GITHUB_OUTPUT
+      - name: Build Helm Dependencies
+        run: |
+          helm dependency build charts/network-operator
+      - name: Package Helm Chart
+        run: |
+          helm package charts/network-operator --version ${{ steps.chart_version.outputs.version }}
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Push Helm Chart to ghcr.io
+        if: github.event_name != 'pull_request'
+        run: |
+          helm push network-operator-${{ steps.chart_version.outputs.version }}.tgz oci://ghcr.io/${{ github.repository_owner }}/charts

.github/workflows/publish-docs.yml

@@ -5,20 +5,21 @@ name: Documentation
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
   pull_request:
-    types: [ assigned, opened, synchronize, reopened ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  pages: write
-  id-token: write
+    branches:
+      - main
 
 concurrency:
   group: pages
   cancel-in-progress: false
 
+permissions:
+  contents: read
+  id-token: write
+  pages: write
+
 jobs:
   build:
     name: Build VitePress Site