migrate CICD-Pipeline to GitHub-Actions

see: https://gardener.github.io/cc-utils/github_actions.html

Author: ccwienk

.ci/component_descriptor

@@ -0,0 +1,13 @@
+name: Prepare Release
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
+    - name: make-generate
+      shell: bash
+      run: |
+        set -eu
+        make generate

.ci/pipeline_definitions

@@ -0,0 +1,90 @@
+name: Build
+
+on:
+  workflow_call:
+    inputs:
+      mode:
+        required: true
+        type: string
+        default: snapshot
+        description: |
+          the mode to use. either `snapshot` or `release`. Will affect effective version, as well
+          as target-oci-registry.
+
+jobs:
+  prepare:
+    uses: gardener/cc-utils/.github/workflows/prepare.yaml@master
+    with:
+      mode: ${{ inputs.mode }}
+      version-commit-callback-action-path: .github/actions/prepare-release
+    permissions:
+      contents: read
+
+  oci-images:
+    name: Build OCI-Images
+    needs:
+      - prepare
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    secrets: inherit
+    uses: gardener/cc-utils/.github/workflows/oci-ocm.yaml@master
+    strategy:
+      matrix:
+        args:
+          - name: gardener-extension-shoot-networking-problemdetector
+            target: gardener-extension-shoot-networking-problemdetector
+            oci-repository: gardener/extensions/shoot-networking-problemdetector
+            ocm-labels:
+              name: gardener.cloud/cve-categorisation
+              value:
+                network_exposure: protected
+                authentication_enforced: false
+                user_interaction: gardener-operator
+                confidentiality_requirement: low
+                integrity_requirement: low
+                availability_requirement: low
+    with:
+      name: ${{ matrix.args.name }}
+      version: ${{ needs.prepare.outputs.version }}
+      target: ${{ matrix.args.target }}
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: ${{ matrix.args.oci-repository }}
+      oci-platforms: linux/amd64,linux/arm64
+      ocm-labels: ${{ toJSON(matrix.args.ocm-labels) }}
+      extra-tags: latest
+
+  helmcharts:
+    name: Build Helmcharts
+    needs:
+      - prepare
+      - oci-images
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    uses: gardener/cc-utils/.github/workflows/helmchart-ocm.yaml@master
+    strategy:
+      matrix:
+        args:
+          - name: shoot-networking-problemdetector
+            dir: charts/gardener-extension-shoot-networking-problemdetector
+            oci-repository: charts/gardener/extensions
+            ocm-mappings:
+              - ref: ocm-resource:gardener-extension-shoot-networking-problemdetector.repository
+                attribute: image.repository
+              - ref: ocm-resource:gardener-extension-shoot-networking-problemdetector.tag
+                attribute: image.tag
+    with:
+      name: ${{ matrix.args.name }}
+      dir: ${{ matrix.args.dir }}
+      oci-registry: ${{ needs.prepare.outputs.oci-registry }}
+      oci-repository: ${{ matrix.args.oci-repository }}
+      ocm-mappings: ${{ toJSON(matrix.args.ocm-mappings) }}
+
+  verify:
+    uses: gardener/cc-utils/.github/workflows/sastlint-ocm@sastlinting-workflow
+    with:
+      linter: gosec
+      run: verify

.github/actions/prepare-release/action.yaml

@@ -0,0 +1,24 @@
+name: Build
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    with:
+      mode: snapshot
+    secrets: inherit
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
+  component-descriptor:
+    uses: gardener/cc-utils/.github/workflows/post-build.yaml@master
+    needs:
+      - build
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: write

.github/workflows/build.yaml

@@ -0,0 +1,35 @@
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      next-version:
+        type: choice
+        options:
+          - bump-minor
+          - bump-patch
+
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+    with:
+      mode: release
+
+  release-to-github-and-bump:
+    uses: gardener/cc-utils/.github/workflows/release.yaml@master
+    needs:
+      - build
+    secrets: inherit
+    permissions:
+      contents: write
+      id-token: write
+      packages: write
+    with:
+      release-commit-target: branch
+      next-version: ${{ inputs.next-version }}
+      next-version-callback-action-path: .github/actions/prepare-release
+      slack-channel-id: C9CEBQPGE # #sap-tech-gardener

.github/workflows/non-release.yaml

@@ -0,0 +1,13 @@
+name: Create Upgrade-Pull-Requests
+on:
+  schedule:
+    - cron: '*/10 * * * *'
+  workflow_dispatch:
+
+jobs:
+  upgrade-pullrequests:
+    uses: gardener/cc-utils/.github/workflows/upgrade-dependencies.yaml@master
+    secrets: inherit
+    permissions:
+      contents: write
+      pull-requests: write

.github/workflows/release.yaml

@@ -0,0 +1,7 @@
+main-source:
+  labels:
+    - name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
+      value:
+        policy: skip
+        comment: |
+          we use gosec for sast scanning. See attached log.