fix: ci

[SirSimon04]

Steps taken here:

• Added the .github folder
• Correct the field of the PR object from github.event.pull_request.base.user.login to github.event.pull_request.head.repo.owner.login in test and performance workflow
• Not changing the behaviour of downstream gate failing on skipped: the requires-approval step is only skipped if the PR does not come from a fork by the following condition: if: github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.owner.login != 'cap-js'. The first part of the following condition is true when the PR comes from a fork and the run was approved, and the second part is true if the PR does not come from a fork: (needs.requires-approval.result == 'success' || needs.requires-approval.result == 'skipped')
• Moved the PERF_CLUSTER_KUBECON secret from workflow to step
• cf login to cf auth
• Pin actions to commit shas

[hyperspace-insights]

The PR introduces a full CI/CD setup but has several correctness and security issues that must be addressed before merging: the release.yml workflow is missing the NODE_AUTH_TOKEN secret needed to actually publish to npm and uses stale action versions; lint-prettier.yml has checkout/setup-node in the wrong order; both test.yml jobs use an outdated actions/setup-node@v2; issue.yml is missing await on the GitHub API call; CF credentials are interpolated unquoted into shell commands in both performance.yml and the composite action; and the performance workflow's cds up will block all subsequent steps while also leaving no cleanup for the deployed application.

PR Bot Information

Version: 1.20.37

• LLM: anthropic--claude-4.6-sonnet
• File Content Strategy: Full file content
• Event Trigger: pull_request.opened
• Correlation ID: ae7b0b47-2d6d-4855-8ee1-78737689c7a9

[hyperspace-insights]

Summary

The following content is AI-generated and provides a summary of the pull request:

---

Fix CI Workflows and Add GitHub Configuration

Chore

🔧 Introduced the .github folder with a full set of CI/CD workflows, automation configurations, and supporting files to properly set up the repository's GitHub Actions infrastructure.

Changes

• .github/CODEOWNERS: Added CODEOWNERS file assigning @cap-js/cdsmunich as the default owner for all files.
• .github/dependabot.yml: Added Dependabot configuration for weekly updates to both npm packages and GitHub Actions, with a 7-day cooldown.
• .github/actions/integration-tests/action.yml: New reusable composite action for running HANA integration tests. Handles CF CLI installation, authentication via cf auth (instead of cf login), CDS version-specific dependency setup, HDI container lifecycle, and cleanup.
• .github/workflows/test.yml: CI workflow for SQLite, PostgreSQL, and HANA tests. Uses pull_request_target with a fork approval gate (requires-approval job) using the corrected github.event.pull_request.head.repo.owner.login field. All actions pinned to commit SHAs.
• .github/workflows/performance.yml: Performance test workflow with the same fork approval pattern and corrected PR owner field. Moves PERF_CLUSTER_KUBECONF secret to the step level. Uses cf auth and pins actions to commit SHAs.
• .github/workflows/lint-prettier.yml: Workflow to run linting and format checks on push and pull requests.
• .github/workflows/opa.yml: Workflow for running OPA tests against the bookshop test app.
• .github/workflows/release.yml: Manual release workflow that runs tests, parses the changelog, creates a GitHub release, and publishes to npm with provenance.
• .github/workflows/issue.yml: Automatically labels new issues as "New" and posts a welcome comment.
• .github/workflows/prevent-issue-labeling.yml: Prevents non-bot users from manually applying the "New" label to issues.
• .github/workflows/stale.yml: Automatically closes issues inactive for 14 days.
• .github/workflows/reuse.yml: Manual workflow to generate REUSE license metadata.

---

• 🔄 Regenerate and Update Summary
• ✏️ Insert as PR Description (deletes this comment)
• 🗑️ Delete comment

PR Bot Information

Version: 1.20.37

• Summary Prompt: Default Prompt
• Event Trigger: pull_request.ready_for_review
• File Content Strategy: Full file content
• Correlation ID: a2134578-67f8-47b6-aa86-8c9268db1d78
• LLM: anthropic--claude-4.6-sonnet
• Output Template: Default Template

[hyperspace-insights]

The PR introduces the entire .github/ CI infrastructure. Several substantive issues were found: a broken local-action reference that will fail immediately at parse time, a step-ordering bug that causes the CDS-8 dependency overrides to be applied after npm install in the SQLite test job, insecure kubeconfig file permissions in the performance workflow, an end-of-life v3 action pair in the release workflow, and a few logic/cleanup concerns around CF undeploy error handling and package.json mutation during HANA binding.

PR Bot Information

Version: 1.20.37

• LLM: anthropic--claude-4.6-sonnet
• File Content Strategy: Full file content
• Correlation ID: a2134578-67f8-47b6-aa86-8c9268db1d78
• Event Trigger: pull_request.ready_for_review