From 65294fa4b2143b7db878ac4d3e78c7eee8447fc2 Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 18:21:58 +0100
Subject: [PATCH 1/6] nightly test

---
 .github/workflows/nightly.yml | 58 +++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 0000000..327c7a0
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,58 @@
+name: build and push nightly image
+
+on:
+  push:
+    branches:
+      #- master
+      - "cleot/**"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+    IMAGE_NAME: "bcr-wdc-dashboard-ui"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+    - name: Login to GHCR
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+    - id: meta
+      name: Metadata
+      uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+      with:
+        images: |
+          ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=raw,value=nightly
+          type=sha
+
+    - id: push
+      name: Build & push ${{ env.IMAGE_NAME }}
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+      with:
+        context: .
+        file: ./Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha,scope=${{ github.repository }}/${{ env.IMAGE_NAME }}
+        cache-to: type=gha,mode=max,scope=${{ github.repository }}/${{ env.IMAGE_NAME }}
\ No newline at end of file

From 542ada243a773c867d4cfa8699f620568c1dfd1b Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 18:33:27 +0100
Subject: [PATCH 2/6] remove test build trigger

---
 .github/workflows/nightly.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 327c7a0..3565be2 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -3,8 +3,7 @@ name: build and push nightly image
 on:
   push:
     branches:
-      #- master
-      - "cleot/**"
+      - master
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -43,7 +42,6 @@ jobs:
           ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
         tags: |
           type=raw,value=nightly
-          type=sha
 
     - id: push
       name: Build & push ${{ env.IMAGE_NAME }}

From 81ce1bb106cfc350ca534ed9f23cf4faa2f1c9b5 Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 18:36:22 +0100
Subject: [PATCH 3/6] add tagged image release workflow

---
 .github/workflows/release.yml | 56 +++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..cb546ea
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,56 @@
+name: release tagged image
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+    IMAGE_NAME: "bcr-wdc-dashboard-ui"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+    - name: Login to GHCR
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+    - id: meta
+      name: Metadata
+      uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+      with:
+        images: |
+          ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=semver,pattern={{version}}
+
+    - id: push
+      name: Build & push ${{ env.IMAGE_NAME }}
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+      with:
+        context: .
+        file: ./Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha,scope=${{ github.repository }}/${{ env.IMAGE_NAME }}
+        cache-to: type=gha,mode=max,scope=${{ github.repository }}/${{ env.IMAGE_NAME }}
\ No newline at end of file

From 12d126576c924adbe9f21b140bde29a72d70d5e4 Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 18:49:36 +0100
Subject: [PATCH 4/6] add dependabot, optimize CI

---
 .github/dependabot.yml      | 19 ++++++++++++++++++
 .github/workflows/build.yml | 40 -------------------------------------
 .github/workflows/ci.yml    | 40 +++++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 40 deletions(-)
 create mode 100644 .github/dependabot.yml
 delete mode 100644 .github/workflows/build.yml
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..3999cfc
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      all-github-actions:
+        patterns:
+          - "*"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "08:30"
+      timezone: "Europe/Vienna"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "github-actions"
+    assignees:
+      - "cleot" # devops
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
deleted file mode 100644
index beee703..0000000
--- a/.github/workflows/build.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches: ["*"]
-  pull_request:
-    branches: ["*"]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: ['v22.11.0']
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js (${{ matrix.node-version }})
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Lint
-        run: npm run lint
-
-      - name: Run tests and generate coverage
-        run: npm run test -- --coverage
-
-      - name: Build
-        run: npm run build
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..4a66e4b
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,40 @@
+name: CI
+
+on:
+  push:
+    branches: ["*"]
+  pull_request:
+    branches: ["*"]
+
+jobs:
+  validate:
+    name: Validate (lint, test, build)
+    runs-on: ubuntu-latest
+    env:
+      NODE_VERSION: 22
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Set up Node.js (${{ env.NODE_VERSION }})
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Run tests and generate coverage
+        run: npm run test -- --coverage
+
+      - name: Build
+        run: npm run build
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
\ No newline at end of file

From 14fed3f4c9b745ecd18a0c9c74e16a9c05502fa2 Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 19:05:02 +0100
Subject: [PATCH 5/6] change CI trigger

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4a66e4b..7755bd3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: ["*"]
+    branches: ["master", "dev"]
   pull_request:
-    branches: ["*"]
+  workflow_dispatch:
 
 jobs:
   validate:

From e399a677a0d81ae66c74eb7d4e05ff1db93f8e2e Mon Sep 17 00:00:00 2001
From: Clemens Otto <id@clemens.fi>
Date: Wed, 26 Nov 2025 19:13:31 +0100
Subject: [PATCH 6/6] fix CI permissions

---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7755bd3..bd1a5f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   validate:
     name: Validate (lint, test, build)