From faf9052bd071c71db2f61a00b00bd8ba05fcbafe Mon Sep 17 00:00:00 2001
From: Nicolae Nicora <n.nicora@sap.com>
Date: Wed, 23 Jul 2025 19:47:29 +0200
Subject: [PATCH 1/4] feat: update the github actions

---
 .github/workflows/codeql.yaml                 | 21 +++++++
 .github/workflows/labeler.yaml                | 10 ++++
 .../{release.yaml => release.automatic.yaml}  | 10 ++--
 .github/workflows/release.triggered.yaml      | 14 +++++
 .release-please-manifest.json                 |  3 +
 release-please-config.json                    | 56 +++++++++++++++++++
 6 files changed, 108 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/codeql.yaml
 create mode 100644 .github/workflows/labeler.yaml
 rename .github/workflows/{release.yaml => release.automatic.yaml} (58%)
 create mode 100644 .github/workflows/release.triggered.yaml
 create mode 100644 .release-please-manifest.json
 create mode 100644 release-please-config.json

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..e111a9c
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,21 @@
+name: "CodeQL::Analyze"
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+  schedule:
+    - cron: '16 11 * * 5'
+
+permissions:
+  contents: read
+  actions: read
+  security-events: write
+
+jobs:
+  analyze:
+    uses: openkcm/build/.github/workflows/codeql.yaml@main
+    secrets: inherit
diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
new file mode 100644
index 0000000..87e866e
--- /dev/null
+++ b/.github/workflows/labeler.yaml
@@ -0,0 +1,10 @@
+name: Labeler
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  do:
+    uses: openkcm/build/.github/workflows/labeler.yaml@main
+    secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.automatic.yaml
similarity index 58%
rename from .github/workflows/release.yaml
rename to .github/workflows/release.automatic.yaml
index c7c7dc7..0264cdc 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.automatic.yaml
@@ -1,14 +1,12 @@
-name: Git
+name: Release New Version
 
 on:
   pull_request:
-    types: [ closed ]
-    branches:
-      - main
+    types:
+      - closed
 
 permissions:
-  contents: read
-  pull-requests: write
+  contents: write
 
 jobs:
   release:
diff --git a/.github/workflows/release.triggered.yaml b/.github/workflows/release.triggered.yaml
new file mode 100644
index 0000000..5f617f1
--- /dev/null
+++ b/.github/workflows/release.triggered.yaml
@@ -0,0 +1,14 @@
+name: New Release (Manual Trigger)
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  release:
+    uses: openkcm/build/.github/workflows/release.manual.yaml@main
+    secrets: inherit
+
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
new file mode 100644
index 0000000..2be9c43
--- /dev/null
+++ b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.2.0"
+}
diff --git a/release-please-config.json b/release-please-config.json
new file mode 100644
index 0000000..3663f36
--- /dev/null
+++ b/release-please-config.json
@@ -0,0 +1,56 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "draft": false,
+  "prerelease": false,
+  "release-type": "go",
+  "include-v-in-tag": true,
+  "always-update": true,
+  "changelog-type": "github",
+  "changelog-host": "github.com",
+  "group-pull-request-title-pattern": "chore${scope}: releases ${version}",
+  "pull-request-header": ":rocket: A new release is on the way! This PR includes all changes since the last version.",
+  "pull-request-footer": "This PR was generated using [release-please](https://github.com/googleapis/release-please).",
+  "changelog-sections": [
+    {
+      "type": "feat",
+      "section": "🚀 Features",
+      "hidden": false
+    },
+    {
+      "type": "fix",
+      "section": "🐛 Bug Fixes",
+      "hidden": false
+    },
+    {
+      "type": "docs",
+      "section": "📝 Documentation",
+      "hidden": false
+    },
+    {
+      "type": "chore",
+      "section": "🧰 Maintenance",
+      "hidden": false
+    },
+    {
+      "type": "ci",
+      "section": "🔧 CI/CD",
+      "hidden": false
+    },
+    {
+      "type": "build",
+      "section": "🧱 Build / Dependencies",
+      "hidden": false
+    }
+  ],
+  "commit-search-depth": 500,
+  "release-search-depth": 400,
+  "packages": {
+    ".": {
+      "release-type": "go"
+    }
+  },
+  "changelog": {
+    "template": "## Changelog\n\n{{#each commits}}\n- {{this.message}} (#{{this.pullRequestNumber}})\n{{/each}}",
+    "include-vcs-changes": true
+  }
+}

From 9684e2a9f33a20b9e68b948983da3996f18fe16f Mon Sep 17 00:00:00 2001
From: Nicolae Nicora <75667951+nnicora@users.noreply.github.com>
Date: Wed, 23 Jul 2025 19:50:13 +0200
Subject: [PATCH 2/4] Potential fix for code scanning alert no. 6: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/labeler.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
index 87e866e..fb6ad6f 100644
--- a/.github/workflows/labeler.yaml
+++ b/.github/workflows/labeler.yaml
@@ -1,5 +1,9 @@
 name: Labeler
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   pull_request:
     types: [opened, synchronize, reopened]

From 72b9d9039273235266456a8000a63757443b32e3 Mon Sep 17 00:00:00 2001
From: Nicolae Nicora <n.nicora@sap.com>
Date: Wed, 23 Jul 2025 19:50:59 +0200
Subject: [PATCH 3/4] add permissions

---
 .github/workflows/labeler.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
index fb6ad6f..1b5ccb6 100644
--- a/.github/workflows/labeler.yaml
+++ b/.github/workflows/labeler.yaml
@@ -1,13 +1,13 @@
 name: Labeler
 
-permissions:
-  contents: read
-  pull-requests: write
-
 on:
   pull_request:
     types: [opened, synchronize, reopened]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   do:
     uses: openkcm/build/.github/workflows/labeler.yaml@main

From 1dee6f495897c9d8ed2a0c5a75b9bec1446e230e Mon Sep 17 00:00:00 2001
From: Nicolae Nicora <n.nicora@sap.com>
Date: Wed, 23 Jul 2025 19:55:20 +0200
Subject: [PATCH 4/4] remove the codeql

---
 .github/workflows/codeql.yaml | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 .github/workflows/codeql.yaml

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
deleted file mode 100644
index e111a9c..0000000
--- a/.github/workflows/codeql.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: "CodeQL::Analyze"
-
-on:
-  push:
-    branches:
-      - "main"
-  pull_request:
-    branches:
-      - "main"
-  schedule:
-    - cron: '16 11 * * 5'
-
-permissions:
-  contents: read
-  actions: read
-  security-events: write
-
-jobs:
-  analyze:
-    uses: openkcm/build/.github/workflows/codeql.yaml@main
-    secrets: inherit