fix: update pnpm-lock.yaml for @playwright/test (PRI-726)

- Adds E2E workflow with deploy/teardown scripts
- Adds Playwright smoke tests for ArgoCD sidebar and app list
- Uses unique release name to avoid collision with shared runner

.github/FUNDING.yml

@@ -0,0 +1 @@
+github_sponsors: [privilegedescalation]

.github/workflows/ci.yaml

@@ -2,9 +2,13 @@ name: CI
 
 on:
   push:
-    branches: [main]
+    branches: ['**']
   pull_request:
-    branches: [main]
+    branches: [main, dev]
+  workflow_dispatch:
+
+permissions:
+  contents: read
 
 jobs:
   ci:

.github/workflows/e2e.yaml

@@ -0,0 +1,150 @@
+name: E2E Tests
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: e2e-${{ github.repository }}
+  cancel-in-progress: false
+
+env:
+  E2E_NAMESPACE: headlamp-dev
+  E2E_RELEASE: headlamp-e2e-argocd
+  HEADLAMP_VERSION: v0.40.1
+
+jobs:
+  e2e:
+    runs-on: runners-privilegedescalation
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Detect package manager
+        id: pkg-manager
+        run: |
+          if [ -f "pnpm-lock.yaml" ]; then
+            echo "manager=pnpm" >> $GITHUB_OUTPUT
+            PM=$(python3 -c "import json,sys; d=json.load(open('package.json')); print('true' if d.get('packageManager','').startswith('pnpm@') else 'false')" 2>/dev/null || echo "false")
+            echo "has_package_manager=$PM" >> $GITHUB_OUTPUT
+          else
+            echo "manager=npm" >> $GITHUB_OUTPUT
+            echo "has_package_manager=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22'
+          cache: ${{ steps.pkg-manager.outputs.manager == 'npm' && 'npm' || '' }}
+
+      - name: Setup pnpm (Corepack, respects packageManager field)
+        if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'true'
+        run: |
+          npm install -g corepack
+          corepack enable pnpm
+          corepack prepare $(node -p "require('./package.json').packageManager") --activate
+
+      - name: Setup pnpm (version latest, no packageManager field)
+        if: steps.pkg-manager.outputs.manager == 'pnpm' && steps.pkg-manager.outputs.has_package_manager == 'false'
+        uses: pnpm/action-setup@v5
+        with:
+          run_install: false
+          version: latest
+
+      - name: Get pnpm store directory
+        id: pnpm-store
+        if: steps.pkg-manager.outputs.manager == 'pnpm'
+        run: echo "dir=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
+
+      - name: Cache pnpm store
+        if: steps.pkg-manager.outputs.manager == 'pnpm'
+        uses: actions/cache@v5
+        with:
+          path: ${{ steps.pnpm-store.outputs.dir }}
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-
+
+      - name: Setup kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Install dependencies
+        run: |
+          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
+            pnpm install --frozen-lockfile
+          else
+            npm ci
+          fi
+
+      - name: Build plugin
+        run: npx @kinvolk/headlamp-plugin build
+
+      - name: Deploy E2E Headlamp instance
+        run: scripts/deploy-e2e-headlamp.sh
+
+      - name: Load E2E environment
+        run: |
+          if [ -f .env.e2e ]; then
+            cat .env.e2e >> "$GITHUB_ENV"
+          else
+            echo "::error::deploy-e2e-headlamp.sh did not produce .env.e2e"
+            exit 1
+          fi
+
+      - name: Install Playwright browsers
+        run: |
+          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
+            pnpm exec playwright install --with-deps chromium
+          else
+            npx playwright install --with-deps chromium
+          fi
+
+      - name: Run E2E tests
+        run: |
+          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
+            pnpm run e2e
+          else
+            npm run e2e
+          fi
+        env:
+          HEADLAMP_URL: ${{ env.HEADLAMP_URL }}
+          HEADLAMP_TOKEN: ${{ env.HEADLAMP_TOKEN }}
+
+      - name: Collect deployment diagnostics on failure
+        if: failure()
+        run: |
+          echo "=== Pod state ==="
+          kubectl get pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
+          echo "=== Pod describe ==="
+          kubectl describe pods -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
+          echo "=== Recent namespace events ==="
+          kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -20 || true
+
+      - name: Teardown E2E instance
+        if: always()
+        run: scripts/teardown-e2e-headlamp.sh
+
+      - name: Upload Playwright report
+        uses: actions/upload-artifact@v7
+        if: failure()
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 7
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v7
+        if: failure()
+        with:
+          name: test-results
+          path: test-results/
+          retention-days: 7

.markdownlint-cli2.jsonc

@@ -0,0 +1,53 @@
+{
+  "config": {
+    // Line length — not enforced for docs with code examples
+    "MD013": false,
+    // First line heading — files use YAML frontmatter, not headings
+    "MD041": false,
+    // Emphasis as heading — common pattern for Option 1/2/3 sections
+    "MD036": false,
+    // No duplicate heading — changelog files repeat section names intentionally
+    "MD024": false,
+    // Fenced code language — not always applicable for diagram blocks
+    "MD040": false,
+    // Table column style — table alignment is visual, not semantic
+    "MD060": false,
+    // Ordered list item prefix — number resets are intentional in documents
+    "MD029": false,
+    // No inline HTML — each elements are valid in valid Markdown
+    "MD033": false,
+    // List marker space — spacing after list markers varies by editor
+    "MD030": false,
+    // Blanks around headings — not always needed in compact docs
+    "MD022": false,
+    // Blanks around lists — not always needed in compact docs
+    "MD032": false,
+    // Blanks around fences — not always needed between adjacent blocks
+    "MD031": false,
+    // Multiple blanks — editor artifacts, not semantic
+    "MD012": false,
+    // Single title — files may have multiple H1 sections
+    "MD025": false,
+    // Trailing spaces — editor artifacts
+    "MD009": false,
+    // Bare URLs — URL shortening not always needed
+    "MD034": false,
+    // Single trailing newline — editor artifacts
+    "MD047": false,
+    // Trailing punctuation — heading punctuation is intentional
+    "MD026": false,
+    // Space in emphasis — double-asterisk bold spacing varies by renderer
+    "MD037": false,
+    // No hard tabs — some generated docs use tabs for indentation
+    "MD010": false,
+    // Code block style — generated docs may use inconsistent styles
+    "MD046": false,
+    // Comment style — generated docs have no comments
+    "MD048": false,
+    // Commands show output — shell examples intentionally show only commands
+    "MD014": false
+  },
+  "ignores": [
+    "docs/api-reference/generated/**"
+  ]
+}

.markdownlintignore

@@ -0,0 +1 @@
+docs/api-reference/generated/**

README.md

@@ -32,3 +32,4 @@ gh workflow run Release --field version=0.1.0
 ## License
 
 Apache-2.0
+

artifacthub-pkg.yml

@@ -1,4 +1,4 @@
-version: "0.1.0"
+version: "0.1.2"
 name: headlamp-argocd
 displayName: ArgoCD Headlamp Plugin
 createdAt: "2026-04-21T00:00:00Z"
@@ -26,8 +26,8 @@ maintainers:
 provider:
   name: privilegedescalation
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-argocd-plugin/releases/download/v0.1.0/headlamp-argocd-0.1.0.tar.gz"
-  headlamp/plugin/archive-checksum: "sha256:1f4df43f79b795bdf4f70e1e3aa5bacadf689ea5584fdadf92fb677faab21c2c"
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-argocd-plugin/releases/download/v0.1.2/privilegedescalation-headlamp-argocd-plugin-0.1.2.tar.gz"
+  headlamp/plugin/archive-checksum: sha256:e71f84913eed1fd7e2d074912e3bfa668c4b1fefcbb069731a4e4277a998ca28
   headlamp/plugin/version-compat: ">=0.26"
   headlamp/plugin/distro-compat: "in-cluster"
 changes:

e2e/argocd.spec.ts

@@ -0,0 +1,18 @@
+import { test, expect } from '@playwright/test';
+
+test.describe('ArgoCD plugin smoke tests', () => {
+  test('sidebar contains ArgoCD entry', async ({ page }) => {
+    await page.goto('/');
+    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
+    await expect(sidebar).toBeVisible({ timeout: 15_000 });
+    await expect(sidebar.getByRole('button', { name: 'ArgoCD' })).toBeVisible();
+  });
+
+  test('applications list page loads', async ({ page }) => {
+    await page.goto('/c/main/argocd');
+
+    await expect(
+      page.getByRole('heading', { name: /argo.*cd/i })
+    ).toBeVisible({ timeout: 15_000 });
+  });
+});

e2e/auth.setup.ts

@@ -0,0 +1,34 @@
+import { test as setup, expect, Page } from '@playwright/test';
+
+const AUTH_STATE_PATH = 'e2e/.auth/state.json';
+
+async function authenticateWithToken(page: Page, token: string): Promise<void> {
+  await page.goto('/');
+  await page.waitForURL(/\/(login|token)$/);
+
+  if (page.url().includes('/login')) {
+    const useTokenBtn = page.getByRole('button', { name: /use a token/i });
+    await useTokenBtn.waitFor({ state: 'visible', timeout: 15_000 });
+    await useTokenBtn.click();
+    await page.waitForURL('**/token');
+  }
+
+  await page.getByRole('textbox', { name: /id token/i }).fill(token);
+  await page.getByRole('button', { name: /authenticate/i }).click();
+
+  await expect(page.getByRole('navigation', { name: 'Navigation' })).toBeVisible({
+    timeout: 15_000,
+  });
+}
+
+setup('authenticate with Headlamp', async ({ page }) => {
+  const token = process.env.HEADLAMP_TOKEN;
+
+  if (!token) {
+    throw new Error('Set HEADLAMP_TOKEN for token auth');
+  }
+
+  await authenticateWithToken(page, token);
+
+  await page.context().storageState({ path: AUTH_STATE_PATH });
+});

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@privilegedescalation/headlamp-argocd-plugin",
-  "version": "0.1.0",
-  "description": "Headlamp plugin for ArgoCD visibility — monitors ArgoCD Applications, Rollouts, and health status",
+  "version": "0.1.2",
+  "description": "Headlamp plugin for ArgoCD visibility \u2014 monitors ArgoCD Applications, Rollouts, and health status",
   "repository": {
     "type": "git",
     "url": "https://github.com/privilegedescalation/headlamp-argocd-plugin.git"
@@ -23,7 +23,9 @@
     "format": "prettier --write src/",
     "format:check": "prettier --check src/",
     "test": "vitest run",
-    "test:watch": "vitest"
+    "test:watch": "vitest",
+    "e2e": "playwright test",
+    "e2e:headed": "playwright test --headed"
   },
   "peerDependencies": {
     "react": "^18.0.0",
@@ -33,7 +35,8 @@
     "overrides": {
       "tar": "^7.5.11",
       "undici": "^7.24.3",
-      "flatted": "^3.4.2"
+      "flatted": "^3.4.2",
+      "elliptic": ">=6.6.1"
     }
   },
   "devDependencies": {
@@ -52,9 +55,8 @@
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-router-dom": "^5.3.0",
-    "tar": "^7.5.11",
     "typescript": "~5.6.2",
-    "undici": "^7.24.3",
-    "vitest": "^3.0.5"
+    "vitest": "^3.0.5",
+    "@playwright/test": "^1.58.2"
   }
-}
+}

playwright.config.ts

@@ -0,0 +1,27 @@
+import { defineConfig, devices } from '@playwright/test';
+
+export default defineConfig({
+  testDir: './e2e',
+  timeout: 30_000,
+  expect: { timeout: 10_000 },
+  fullyParallel: false,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 1 : 0,
+  reporter: 'list',
+  use: {
+    baseURL: process.env.HEADLAMP_URL || 'http://headlamp-e2e-argocd.headlamp-dev.svc.cluster.local',
+    trace: 'on-first-retry',
+    screenshot: 'only-on-failure',
+  },
+  projects: [
+    { name: 'setup', testMatch: /auth\.setup\.ts/, timeout: 60_000 },
+    {
+      name: 'chromium',
+      use: {
+        ...devices['Desktop Chrome'],
+        storageState: 'e2e/.auth/state.json',
+      },
+      dependencies: ['setup'],
+    },
+  ],
+});

pnpm-lock.yaml

@@ -8,6 +8,7 @@ overrides:
   tar: ^7.5.11
   undici: ^7.24.3
   flatted: ^3.4.2
+  elliptic: '>=6.6.1'
 
 importers:
 
@@ -22,6 +23,9 @@ importers:
       '@mui/material':
         specifier: ^5.15.14
         version: 5.18.0(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react@18.3.1))(@types/react@19.2.14)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      '@playwright/test':
+        specifier: ^1.58.2
+        version: 1.59.1
       '@testing-library/jest-dom':
         specifier: ^6.4.8
         version: 6.9.1
@@ -58,15 +62,9 @@ importers:
       react-router-dom:
         specifier: ^5.3.0
         version: 5.3.4(react@18.3.1)
-      tar:
-        specifier: ^7.5.11
-        version: 7.5.13
       typescript:
         specifier: ~5.6.2
         version: 5.6.3
-      undici:
-        specifier: ^7.24.3
-        version: 7.25.0
       vitest:
         specifier: ^3.0.5
         version: 3.2.4(@types/debug@4.1.13)(@types/node@20.19.39)(jsdom@24.1.3)(msw@2.4.9(typescript@5.6.3))(terser@5.46.1)(yaml@2.8.3)
@@ -1007,6 +1005,11 @@ packages:
     resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
     engines: {node: '>=14'}
 
+  '@playwright/test@1.59.1':
+    resolution: {integrity: sha512-PG6q63nQg5c9rIi4/Z5lR5IVF7yU5MqmKaPOe0HSc0O2cX1fPi96sUQu5j7eo4gKCkB2AnNGoWt7y4/Xx3Kcqg==}
+    engines: {node: '>=18'}
+    hasBin: true
+
   '@popperjs/core@2.11.8':
     resolution: {integrity: sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==}
 
@@ -3088,6 +3091,11 @@ packages:
   fs.realpath@1.0.0:
     resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
 
+  fsevents@2.3.2:
+    resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+
   fsevents@2.3.3:
     resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
     engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
@@ -4227,6 +4235,16 @@ packages:
     resolution: {integrity: sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==}
     engines: {node: '>=10'}
 
+  playwright-core@1.59.1:
+    resolution: {integrity: sha512-HBV/RJg81z5BiiZ9yPzIiClYV/QMsDCKUyogwH9p3MCP6IYjUFu/MActgYAvK0oWyV9NlwM3GLBjADyWgydVyg==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  playwright@1.59.1:
+    resolution: {integrity: sha512-C8oWjPR3F81yljW9o5OxcWzfh6avkVwDD2VYdwIGqTkl+OGFISgypqzfu7dOe4QNLL2aqcWBmI3PMtLIK233lw==}
+    engines: {node: '>=18'}
+    hasBin: true
+
   possible-typed-array-names@1.1.0:
     resolution: {integrity: sha512-/+5VFTchJDoVj3bhoqi6UeymcD00DAwb1nJwamzPvHEszJ4FpF6SNNbUbOS8yI56qHzdV8eK0qEfOSiodkTdxg==}
     engines: {node: '>= 0.4'}
@@ -6235,7 +6253,7 @@ snapshots:
       jsdom: 24.1.3
       jsonpath-plus: 10.4.0
       lodash: 4.18.1
-      material-react-table: 2.13.3(330725fe5432f245d076f0c0dda1a7a7)
+      material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e)
       monaco-editor: 0.52.2
       msw: 2.4.9(typescript@5.6.2)
       msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.3))
@@ -6633,6 +6651,10 @@ snapshots:
   '@pkgjs/parseargs@0.11.0':
     optional: true
 
+  '@playwright/test@1.59.1':
+    dependencies:
+      playwright: 1.59.1
+
   '@popperjs/core@2.11.8': {}
 
   '@reduxjs/toolkit@2.11.2(react-redux@9.2.0(@types/react@18.3.28)(react@18.3.1)(redux@5.0.1))(react@18.3.1)':
@@ -9191,6 +9213,9 @@ snapshots:
 
   fs.realpath@1.0.0: {}
 
+  fsevents@2.3.2:
+    optional: true
+
   fsevents@2.3.3:
     optional: true
 
@@ -9937,7 +9962,7 @@ snapshots:
       '@types/minimatch': 3.0.5
       minimatch: 3.1.5
 
-  material-react-table@2.13.3(330725fe5432f245d076f0c0dda1a7a7):
+  material-react-table@2.13.3(0078ddeddc9e779fa84c03996c1db10e):
     dependencies:
       '@emotion/react': 11.14.0(@types/react@18.3.28)(react@18.3.1)
       '@emotion/styled': 11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@18.3.28)(react@18.3.1)
@@ -10573,6 +10598,14 @@ snapshots:
     dependencies:
       find-up: 5.0.0
 
+  playwright-core@1.59.1: {}
+
+  playwright@1.59.1:
+    dependencies:
+      playwright-core: 1.59.1
+    optionalDependencies:
+      fsevents: 2.3.2
+
   possible-typed-array-names@1.1.0: {}
 
   postcss-modules-extract-imports@3.1.0(postcss@8.5.10):

renovate.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>privilegedescalation/.github:renovate-config"]
+}

scripts/deploy-e2e-headlamp.sh

@@ -0,0 +1,173 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+DIST_DIR="$REPO_ROOT/dist"
+
+E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
+E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e-argocd}"
+HEADLAMP_VERSION="${HEADLAMP_VERSION:-v0.40.1}"
+
+if [ ! -d "$DIST_DIR" ]; then
+  echo "ERROR: dist/ not found. Run 'npm run build' first." >&2
+  exit 1
+fi
+
+echo "Checking RBAC permissions in namespace '${E2E_NAMESPACE}'..."
+if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/null; then
+  echo "ERROR: Missing RBAC — cannot delete configmaps in namespace '${E2E_NAMESPACE}'." >&2
+  exit 1
+fi
+
+echo "=== E2E Headlamp Deployment ==="
+echo "  Image:     ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}"
+echo "  Namespace: $E2E_NAMESPACE"
+echo "  Release:   $E2E_RELEASE"
+
+echo ""
+echo "Creating ConfigMap with plugin files..."
+
+kubectl delete configmap headlamp-argocd-plugin \
+  -n "$E2E_NAMESPACE" --ignore-not-found
+
+kubectl create configmap headlamp-argocd-plugin \
+  -n "$E2E_NAMESPACE" \
+  --from-file="$DIST_DIR" \
+  --from-file=package.json="$REPO_ROOT/package.json"
+
+echo ""
+echo "Removing any existing E2E deployment (clean-start)..."
+kubectl delete deployment "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
+kubectl delete service "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
+kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
+
+echo ""
+echo "Deploying Headlamp E2E instance..."
+
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ${E2E_RELEASE}
+  namespace: ${E2E_NAMESPACE}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ${E2E_RELEASE}
+  namespace: ${E2E_NAMESPACE}
+  labels:
+    app.kubernetes.io/name: headlamp
+    app.kubernetes.io/instance: ${E2E_RELEASE}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: headlamp
+      app.kubernetes.io/instance: ${E2E_RELEASE}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: headlamp
+        app.kubernetes.io/instance: ${E2E_RELEASE}
+    spec:
+      serviceAccountName: ${E2E_RELEASE}
+      automountServiceAccountToken: true
+      securityContext: {}
+      containers:
+        - name: headlamp
+          image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsNonRoot: true
+            privileged: false
+            runAsUser: 100
+            runAsGroup: 101
+          args:
+            - "-in-cluster"
+            - "-in-cluster-context-name=main"
+            - "-plugins-dir=/headlamp/plugins"
+          ports:
+            - name: http
+              containerPort: 4466
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          volumeMounts:
+            - name: argocd-plugin
+              mountPath: /headlamp/plugins/headlamp-argocd
+              readOnly: true
+      volumes:
+        - name: argocd-plugin
+          configMap:
+            name: headlamp-argocd-plugin
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ${E2E_RELEASE}
+  namespace: ${E2E_NAMESPACE}
+  labels:
+    app.kubernetes.io/name: headlamp
+    app.kubernetes.io/instance: ${E2E_RELEASE}
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: headlamp
+    app.kubernetes.io/instance: ${E2E_RELEASE}
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
+EOF
+
+echo "Waiting for rollout..."
+kubectl rollout status "deployment/${E2E_RELEASE}" \
+  -n "$E2E_NAMESPACE" --timeout=120s
+
+SVC_URL="http://${E2E_RELEASE}.${E2E_NAMESPACE}.svc.cluster.local"
+
+echo ""
+echo "Waiting for ${SVC_URL} to be reachable..."
+ATTEMPTS=0
+MAX_ATTEMPTS=24
+until curl -sf --max-time 5 "${SVC_URL}" -o /dev/null 2>/dev/null; do
+  ATTEMPTS=$((ATTEMPTS + 1))
+  if [ "$ATTEMPTS" -ge "$MAX_ATTEMPTS" ]; then
+    echo "ERROR: ${SVC_URL} not reachable after $((MAX_ATTEMPTS * 5))s" >&2
+    exit 1
+  fi
+  echo "  [${ATTEMPTS}/${MAX_ATTEMPTS}] not yet reachable, retrying in 5s..."
+  sleep 5
+done
+echo ""
+echo "E2E Headlamp is ready at: ${SVC_URL}"
+
+echo ""
+echo "Creating service account token for E2E auth..."
+kubectl create serviceaccount headlamp-e2e-test \
+  -n "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
+
+TOKEN=$(kubectl create token headlamp-e2e-test -n "$E2E_NAMESPACE" --duration=1h 2>/dev/null || echo "")
+if [ -n "$TOKEN" ]; then
+  echo "HEADLAMP_URL=${SVC_URL}" > "$REPO_ROOT/.env.e2e"
+  echo "HEADLAMP_TOKEN=${TOKEN}" >> "$REPO_ROOT/.env.e2e"
+  echo "Wrote .env.e2e with HEADLAMP_URL and HEADLAMP_TOKEN"
+else
+  echo "  WARNING: Could not generate token."
+fi
+
+echo ""
+echo "E2E deployment complete."

scripts/teardown-e2e-headlamp.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
+E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e-argocd}"
+
+echo "=== E2E Teardown ==="
+echo "  Namespace: $E2E_NAMESPACE"
+echo "  Release:   $E2E_RELEASE"
+
+kubectl delete deployment "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found || true
+kubectl delete service "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found || true
+kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found || true
+kubectl delete serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --ignore-not-found || true
+kubectl delete configmap headlamp-argocd-plugin -n "$E2E_NAMESPACE" --ignore-not-found || true
+
+echo "Teardown complete."

src/__tests__/PageInjections.test.tsx

@@ -0,0 +1,142 @@
+import { describe, expect, it } from "vitest";
+import type { ArgoCDApplication } from "../api/argocd";
+
+// --- Matching helpers (copied for unit testing) ---
+
+function appsForNamespace(
+  apps: ArgoCDApplication[],
+  namespace: string
+): ArgoCDApplication[] {
+  return apps.filter((app) => app.spec?.destination?.namespace === namespace);
+}
+
+function appsForDeployment(
+  apps: ArgoCDApplication[],
+  deploymentName: string
+): ArgoCDApplication[] {
+  return apps.filter((app) =>
+    (app.status?.resources ?? []).some(
+      (res) => res.kind === "Deployment" && res.name === deploymentName
+    )
+  );
+}
+
+// --- Fixture factory ---
+
+function makeApp(
+  overrides: Partial<ArgoCDApplication> = {}
+): ArgoCDApplication {
+  return {
+    metadata: { name: "test-app", namespace: "argocd" },
+    spec: { project: "default" },
+    status: {},
+    ...overrides,
+  } as ArgoCDApplication;
+}
+
+// --- appsForNamespace tests ---
+
+describe("appsForNamespace", () => {
+  it("returns apps whose destination.namespace matches", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        spec: { project: "default", destination: { namespace: "web" } },
+      }),
+      makeApp({
+        metadata: { name: "app-b", namespace: "argocd" },
+        spec: { project: "default", destination: { namespace: "data" } },
+      }),
+    ];
+    expect(appsForNamespace(apps, "web").map((a) => a.metadata.name)).toEqual([
+      "app-a",
+    ]);
+  });
+
+  it("returns empty array when no match", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        spec: { project: "default", destination: { namespace: "web" } },
+      }),
+    ];
+    expect(appsForNamespace(apps, "data")).toEqual([]);
+  });
+
+  it("returns empty array for empty app list", () => {
+    expect(appsForNamespace([], "web")).toEqual([]);
+  });
+
+  it("returns empty array when destination is undefined", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        spec: { project: "default" },
+      }),
+    ];
+    expect(appsForNamespace(apps, "web")).toEqual([]);
+  });
+});
+
+// --- appsForDeployment tests ---
+
+describe("appsForDeployment", () => {
+  it("returns apps that manage the deployment via status.resources", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        status: {
+          resources: [{ kind: "Deployment", name: "nginx", namespace: "web" }],
+        },
+      }),
+      makeApp({
+        metadata: { name: "app-b", namespace: "argocd" },
+        status: {
+          resources: [{ kind: "Service", name: "nginx", namespace: "web" }],
+        },
+      }),
+    ];
+    expect(
+      appsForDeployment(apps, "nginx").map((a) => a.metadata.name)
+    ).toEqual(["app-a"]);
+  });
+
+  it("returns empty array when no deployment resource matches", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        status: {
+          resources: [{ kind: "Service", name: "nginx", namespace: "web" }],
+        },
+      }),
+    ];
+    expect(appsForDeployment(apps, "nginx")).toEqual([]);
+  });
+
+  it("returns empty array for empty app list", () => {
+    expect(appsForDeployment([], "nginx")).toEqual([]);
+  });
+
+  it("returns empty array when resources is undefined", () => {
+    const apps = [
+      makeApp({ metadata: { name: "app-a", namespace: "argocd" }, status: {} }),
+    ];
+    expect(appsForDeployment(apps, "nginx")).toEqual([]);
+  });
+
+  it("returns multiple apps that manage the same deployment", () => {
+    const apps = [
+      makeApp({
+        metadata: { name: "app-a", namespace: "argocd" },
+        status: { resources: [{ kind: "Deployment", name: "nginx" }] },
+      }),
+      makeApp({
+        metadata: { name: "app-b", namespace: "argocd" },
+        status: { resources: [{ kind: "Deployment", name: "nginx" }] },
+      }),
+    ];
+    expect(
+      appsForDeployment(apps, "nginx").map((a) => a.metadata.name)
+    ).toEqual(["app-a", "app-b"]);
+  });
+});

src/components/DeploymentArgoBadge.tsx

@@ -0,0 +1,101 @@
+import { ApiProxy } from "@kinvolk/headlamp-plugin/lib";
+import {
+  Link,
+  StatusLabel,
+} from "@kinvolk/headlamp-plugin/lib/CommonComponents";
+import React, { useEffect, useState } from "react";
+import { ArgoCDApplication, ArgoCDApplicationsList } from "../api/argocd";
+import { syncStatusToColor } from "./ApplicationsList";
+
+// --- API ---
+
+const ARGOCD_API_PATH =
+  "/api/v1/namespaces/argocd/services/argocd-server/proxy/api/v1/applications";
+
+async function fetchApplications(): Promise<ArgoCDApplicationsList> {
+  const response = (await ApiProxy.request(
+    ARGOCD_API_PATH
+  )) as ArgoCDApplicationsList;
+  return response;
+}
+
+// --- Matching helper ---
+
+/**
+ * Returns ArgoCD applications that manage the given Deployment by matching
+ * kind=Deployment and name in Application.status.resources[].
+ */
+export function appsForDeployment(
+  apps: ArgoCDApplication[],
+  deploymentName: string
+): ArgoCDApplication[] {
+  return apps.filter((app) =>
+    (app.status?.resources ?? []).some(
+      (res) => res.kind === "Deployment" && res.name === deploymentName
+    )
+  );
+}
+
+// --- Component ---
+
+interface DeploymentArgoBadgeProps {
+  deploymentName: string;
+}
+
+export default function DeploymentArgoBadge({
+  deploymentName,
+}: DeploymentArgoBadgeProps) {
+  const [apps, setApps] = useState<ArgoCDApplication[] | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+    fetchApplications()
+      .then((data) => {
+        if (cancelled) return;
+        const matched = appsForDeployment(data.items ?? [], deploymentName);
+        setApps(matched);
+        setLoading(false);
+      })
+      .catch((err: unknown) => {
+        if (cancelled) return;
+        setError(err instanceof Error ? err.message : String(err));
+        setLoading(false);
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [deploymentName]);
+
+  if (loading || error || !apps || apps.length === 0) {
+    return null; // Show nothing when no matching application
+  }
+
+  const app = apps[0]; // Show first matching app
+  const lastSynced = app.status?.history?.length
+    ? app.status.history[app.status.history.length - 1]?.dexKey
+    : null;
+  const lastSyncedStr = lastSynced
+    ? new Date(lastSynced).toLocaleString()
+    : "—";
+
+  return (
+    <span>
+      &nbsp;
+      <Link to={`/argocd/applications/${app.metadata.name}`}>
+        ArgoCD: {app.metadata.name}
+      </Link>
+      &nbsp;
+      <StatusLabel
+        status={syncStatusToColor(app.status?.sync?.status ?? "Unknown")}
+      >
+        {app.status?.sync?.status ?? "Unknown"}
+      </StatusLabel>
+      &nbsp;
+      <span style={{ fontSize: "0.85em", opacity: 0.8 }}>
+        Last sync: {lastSyncedStr}
+      </span>
+    </span>
+  );
+}

src/components/NamespaceArgoSection.tsx

@@ -0,0 +1,120 @@
+import { ApiProxy } from "@kinvolk/headlamp-plugin/lib";
+import {
+  Link,
+  SectionBox,
+  StatusLabel,
+} from "@kinvolk/headlamp-plugin/lib/CommonComponents";
+import React, { useEffect, useState } from "react";
+import { ArgoCDApplication, ArgoCDApplicationsList } from "../api/argocd";
+import {
+  healthStatusToColor,
+  healthStatusToLabel,
+  syncStatusToColor,
+} from "./ApplicationsList";
+
+// --- API ---
+
+const ARGOCD_API_PATH =
+  "/api/v1/namespaces/argocd/services/argocd-server/proxy/api/v1/applications";
+
+async function fetchApplications(): Promise<ArgoCDApplicationsList> {
+  const response = (await ApiProxy.request(
+    ARGOCD_API_PATH
+  )) as ArgoCDApplicationsList;
+  return response;
+}
+
+// --- Matching helper ---
+
+/**
+ * Returns ArgoCD applications whose spec.destination.namespace matches
+ * the given namespace name.
+ */
+export function appsForNamespace(
+  apps: ArgoCDApplication[],
+  namespace: string
+): ArgoCDApplication[] {
+  return apps.filter((app) => app.spec?.destination?.namespace === namespace);
+}
+
+// --- Component ---
+
+interface NamespaceArgoSectionProps {
+  namespaceName: string;
+}
+
+export default function NamespaceArgoSection({
+  namespaceName,
+}: NamespaceArgoSectionProps) {
+  const [apps, setApps] = useState<ArgoCDApplication[] | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+    fetchApplications()
+      .then((data) => {
+        if (cancelled) return;
+        const matched = appsForNamespace(data.items ?? [], namespaceName);
+        setApps(matched);
+        setLoading(false);
+      })
+      .catch((err: unknown) => {
+        if (cancelled) return;
+        setError(err instanceof Error ? err.message : String(err));
+        setLoading(false);
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [namespaceName]);
+
+  if (loading) {
+    return (
+      <SectionBox title="ArgoCD">
+        <StatusLabel status="warning">Loading...</StatusLabel>
+      </SectionBox>
+    );
+  }
+
+  if (error || !apps) {
+    return (
+      <SectionBox title="ArgoCD">
+        <StatusLabel status="error">ArgoCD unreachable</StatusLabel>
+      </SectionBox>
+    );
+  }
+
+  if (apps.length === 0) {
+    return null; // Show nothing when no matching application
+  }
+
+  return (
+    <SectionBox title="ArgoCD">
+      <StatusLabel status="success">{apps.length} application(s)</StatusLabel>
+      <ul style={{ paddingLeft: 20, margin: "8px 0" }}>
+        {apps.map((app) => (
+          <li key={app.metadata.name} style={{ marginBottom: 8 }}>
+            <Link to={`/argocd/applications/${app.metadata.name}`}>
+              {app.metadata.name}
+            </Link>
+            &nbsp;
+            <StatusLabel
+              status={healthStatusToColor(
+                app.status?.health?.status ?? "Unknown"
+              )}
+            >
+              {healthStatusToLabel(app.status?.health?.status ?? "Unknown")}
+            </StatusLabel>
+            &nbsp;
+            <StatusLabel
+              status={syncStatusToColor(app.status?.sync?.status ?? "Unknown")}
+            >
+              {app.status?.sync?.status ?? "Unknown"}
+            </StatusLabel>
+          </li>
+        ))}
+      </ul>
+    </SectionBox>
+  );
+}

src/components/PageInjections.tsx

@@ -0,0 +1,207 @@
+/**
+ * Page injection registrations for ArgoCD plugin.
+ * Registers detail view sections on Namespace and Deployment pages.
+ */
+import { ApiProxy } from "@kinvolk/headlamp-plugin/lib";
+import { KubeObject } from "@kinvolk/headlamp-plugin/lib/lib/k8s/KubeObject";
+import { registerDetailsViewSection } from "@kinvolk/headlamp-plugin/lib";
+import {
+  SectionBox,
+  StatusLabel,
+} from "@kinvolk/headlamp-plugin/lib/CommonComponents";
+import { Link } from "react-router-dom";
+import React, { useEffect, useState } from "react";
+import { ArgoCDApplication, ArgoCDApplicationsList } from "../api/argocd";
+import {
+  healthStatusToColor,
+  healthStatusToLabel,
+  syncStatusToColor,
+} from "./ApplicationsList";
+
+// --- API ---
+
+const ARGOCD_API_PATH =
+  "/api/v1/namespaces/argocd/services/argocd-server/proxy/api/v1/applications";
+
+async function fetchApplications(): Promise<ArgoCDApplicationsList> {
+  const response = (await ApiProxy.request(
+    ARGOCD_API_PATH
+  )) as ArgoCDApplicationsList;
+  return response;
+}
+
+// --- Namespace section ---
+
+function NamespaceArgoSection({ resource }: { resource: KubeObject }) {
+  const namespaceName = resource.metadata.name;
+  const [apps, setApps] = useState<ArgoCDApplication[] | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+    fetchApplications()
+      .then((data) => {
+        if (cancelled) return;
+        const matched = (data.items ?? []).filter(
+          (app) => app.spec?.destination?.namespace === namespaceName
+        );
+        setApps(matched);
+        setLoading(false);
+      })
+      .catch((err: unknown) => {
+        if (cancelled) return;
+        setError(err instanceof Error ? err.message : String(err));
+        setLoading(false);
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [namespaceName]);
+
+  if (loading) {
+    return (
+      <SectionBox title="ArgoCD">
+        <StatusLabel status="warning">Loading...</StatusLabel>
+      </SectionBox>
+    );
+  }
+
+  if (error || !apps) {
+    return (
+      <SectionBox title="ArgoCD">
+        <StatusLabel status="error">ArgoCD unreachable</StatusLabel>
+      </SectionBox>
+    );
+  }
+
+  if (apps.length === 0) {
+    return null;
+  }
+
+  return (
+    <SectionBox title="ArgoCD">
+      <StatusLabel status="success">{apps.length} application(s)</StatusLabel>
+      <ul style={{ paddingLeft: 20, margin: "8px 0" }}>
+        {apps.map((app) => (
+          <li key={app.metadata.name} style={{ marginBottom: 8 }}>
+            <Link to={`/argocd/applications/${app.metadata.name}`}>
+              {app.metadata.name}
+            </Link>
+            &nbsp;
+            <StatusLabel
+              status={healthStatusToColor(
+                (app.status?.health?.status as
+                  | "Healthy"
+                  | "Degraded"
+                  | "Progressing"
+                  | "Missing"
+                  | "Unknown") ?? "Unknown"
+              )}
+            >
+              {healthStatusToLabel(
+                (app.status?.health?.status as
+                  | "Healthy"
+                  | "Degraded"
+                  | "Progressing"
+                  | "Missing"
+                  | "Unknown") ?? "Unknown"
+              )}
+            </StatusLabel>
+            &nbsp;
+            <StatusLabel
+              status={syncStatusToColor(
+                (app.status?.sync?.status as
+                  | "Synced"
+                  | "OutOfSync"
+                  | "Unknown") ?? "Unknown"
+              )}
+            >
+              {app.status?.sync?.status ?? "Unknown"}
+            </StatusLabel>
+          </li>
+        ))}
+      </ul>
+    </SectionBox>
+  );
+}
+
+// --- Deployment badge ---
+
+function DeploymentArgoBadge({ resource }: { resource: KubeObject }) {
+  const deploymentName = resource.metadata.name;
+  const [apps, setApps] = useState<ArgoCDApplication[] | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+    fetchApplications()
+      .then((data) => {
+        if (cancelled) return;
+        const matched = (data.items ?? []).filter((app) =>
+          (app.status?.resources ?? []).some(
+            (res) => res.kind === "Deployment" && res.name === deploymentName
+          )
+        );
+        setApps(matched);
+        setLoading(false);
+      })
+      .catch((err: unknown) => {
+        if (cancelled) return;
+        setError(err instanceof Error ? err.message : String(err));
+        setLoading(false);
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [deploymentName]);
+
+  if (loading || error || !apps || apps.length === 0) {
+    return null;
+  }
+
+  const app = apps[0];
+  const lastSynced = app.status?.history?.length
+    ? app.status.history[app.status.history.length - 1]?.dexKey
+    : null;
+  const lastSyncedStr = lastSynced
+    ? new Date(lastSynced).toLocaleString()
+    : "—";
+
+  return (
+    <span>
+      &nbsp;
+      <Link to={`/argocd/applications/${app.metadata.name}`}>
+        ArgoCD: {app.metadata.name}
+      </Link>
+      &nbsp;
+      <StatusLabel
+        status={syncStatusToColor(
+          (app.status?.sync?.status as "Synced" | "OutOfSync" | "Unknown") ??
+            "Unknown"
+        )}
+      >
+        {app.status?.sync?.status ?? "Unknown"}
+      </StatusLabel>
+      &nbsp;
+      <span style={{ fontSize: "0.85em", opacity: 0.8 }}>
+        Last sync: {lastSyncedStr}
+      </span>
+    </span>
+  );
+}
+
+// --- Registration ---
+
+registerDetailsViewSection(({ resource }: { resource: KubeObject }) => {
+  if (resource.kind === "Namespace") {
+    return <NamespaceArgoSection resource={resource} />;
+  }
+
+  if (resource.kind === "Deployment") {
+    return <DeploymentArgoBadge resource={resource} />;
+  }
+
+  return null;
+});

src/index.tsx

@@ -9,6 +9,7 @@ import {
 import React from "react";
 import ApplicationDetail from "./components/ApplicationDetail";
 import ApplicationsList from "./components/ApplicationsList";
+import "./components/PageInjections"; // side-effect: registers detail view sections
 
 // --- Error boundary for plugin components ---