feat(e2e): add comprehensive end-to-end tests and improve CI workflows

.github/workflows/ci.yml

@@ -1,16 +1,15 @@
 name: Continuous Integration
 
-on:
-  push:
+on: [push]
 
 permissions:
   contents: write
   packages: write
   security-events: write
 
 jobs:
-  rel:
-    name: Build, scan & push Snapshot
+  snapshot:
+    name: Build Snapshot
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -64,17 +63,17 @@ jobs:
           docker push ghcr.io/${{ github.repository }}:${{ steps.version.outputs.value }}
           docker push mtr.devops.telekom.de/sparrow/sparrow:${{ steps.version.outputs.value }}
 
-
   helm:
+    name: Build Helm Chart
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
-        with:
-          fetch-tags: true
 
+      # We don't use checkout/fetch-tags: true because it's broken
+      # For more information see: https://github.com/actions/checkout/issues/1471
       - name: Fetch tags explicitly
-        run: git fetch --tags
+        run: git fetch --prune --unshallow --tags
 
       - name: Get App Version
         id: appVersion

.github/workflows/pre-commit.yml

@@ -4,6 +4,7 @@ on: [pull_request]
 
 jobs:
   pre-commit:
+    name: Run pre-commit hooks
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

.github/workflows/prune.yml

@@ -10,10 +10,9 @@ permissions:
   security-events: write
 
 jobs:
-  prune_images:
-    name: Prune old sparrow images
+  prune:
+    name: Images and Charts
     runs-on: ubuntu-latest
-
     steps:
       - name: Prune Images
         uses: vlaurin/[email protected]

.github/workflows/release.yml

@@ -11,11 +11,10 @@ permissions:
   packages: write
 
 jobs:
-  main:
+  release:
     name: Release Sparrow
     runs-on: ubuntu-latest
     steps:
-
       - name: Checkout repository
         uses: actions/checkout@v4
 
@@ -45,8 +44,8 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   helm:
+    name: Release Helm Chart
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
@@ -66,4 +65,4 @@ jobs:
       - name: Push helm package
         run: |
           helm push $(ls ./chart/*.tgz| head -1) oci://ghcr.io/${{ github.repository_owner }}/charts
-          helm push $(ls ./chart/*.tgz| head -1) oci://mtr.devops.telekom.de/sparrow/charts
+          helm push $(ls ./chart/*.tgz| head -1) oci://mtr.devops.telekom.de/sparrow/charts

.github/workflows/test-sast.yml

@@ -0,0 +1,28 @@
+name: SAST
+
+on:
+  push:
+  schedule:
+    - cron: "0 0 * * 0"
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  go:
+    name: Go - Tests
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+      GOFLAGS: "-buildvcs=false"
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif