From 28f2c5ff46c7d2a812e4a6eb1eb4826e1b4c3415 Mon Sep 17 00:00:00 2001
From: Guezels <guzelsev@hs-pforzheim.de>
Date: Mon, 27 Oct 2025 11:09:41 +0100
Subject: [PATCH 1/2] export testresults as inlined ocm-resource

export testresults as inlined ocm-resource

 commits.

Add unit-test job and attach test results to component descriptor

Add verify job and attach test-results + gosec-report to component descriptor
---
 .github/workflows/build.yaml | 56 +++++++++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 7380863f..e13486b0 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -20,6 +20,50 @@ jobs:
     permissions:
       contents: read
 
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+      - uses: gardener/cc-utils/.github/actions/trusted-checkout@master
+      - name: run-verify
+        run: |
+          set -eu
+          mkdir /tmp/blobs.d
+          .ci/verify |& tee /tmp/blobs.d/verify-log.txt
+          tar czf /tmp/blobs.d/gosec-report.tar.gz gosec-report.sarif
+          tar czf /tmp/blobs.d/verify-log.tar.gz -C /tmp/blobs.d verify-log.txt
+      - name: add-reports-to-component-descriptor
+        uses: gardener/cc-utils/.github/actions/export-ocm-fragments@master
+        with:
+          blobs-directory: /tmp/blobs.d
+          ocm-resources: |
+            - name: gosec-report
+              relation: local
+              access:
+                type: localBlob
+                localReference: gosec-report.tar.gz
+              labels:
+                - name: gardener.cloud/purposes
+                    value:
+                    - lint
+                    - sast
+                    - gosec
+                - name: gardener.cloud/comment
+                  value: |
+                    we use gosec (linter) for SAST scans
+                    see: https://github.com/securego/gosec
+                    enabled by: https://github.com/gardener/apiserver-proxy/pull/143
+            - name: test-results
+              relation: local
+              access:
+                type: localBlob
+                localReference: verify-log.tar.gz
+              labels:
+                - name: gardener.cloud/purposes
+                  value:
+                    - test   
   oci-images:
     name: Build OCI-Images
     needs:
@@ -53,14 +97,4 @@ jobs:
       oci-repository: ${{ matrix.args.oci-repository }}
       oci-platforms: linux/amd64,linux/arm64
       ocm-labels: ${{ toJSON(matrix.args.ocm-labels) }}
-      extra-tags: latest
-
-  sast-lint:
-    uses: gardener/cc-utils/.github/workflows/sastlint-ocm.yaml@master
-    with:
-      go-version: '1.25'
-      linter: gosec
-      run: .ci/verify
-    permissions:
-      contents: read
-
+      extra-tags: latest
\ No newline at end of file

From ba29c83309ecd7522ce39377baeb67649514a3c9 Mon Sep 17 00:00:00 2001
From: I764805 <sevdenur.guezel@sap.com>
Date: Thu, 4 Dec 2025 15:13:32 +0100
Subject: [PATCH 2/2] fix: small adjustment

---
 .github/workflows/build.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index e13486b0..13f49b14 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -54,7 +54,6 @@ jobs:
                   value: |
                     we use gosec (linter) for SAST scans
                     see: https://github.com/securego/gosec
-                    enabled by: https://github.com/gardener/apiserver-proxy/pull/143
             - name: test-results
               relation: local
               access: