pnpm/action-setup@v5 requires either a version key in the action config
or a packageManager field in package.json. Add the field to unblock the
release workflow.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.
Replaces the duplicated Renovate config with a simple extend from the
org-level preset (privilegedescalation/.github:renovate-config). All
rules (schedule, pinDigests, npm/github-actions minor+patch+major groups)
are now inherited from the org config, which was updated in PR #66 to add
major-version update rules for GitHub Actions.
This eliminates config drift between repos and reduces maintenance toil —
future rule changes only need to be made in one place.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds pinDigests: true so Renovate pins all GitHub Actions references to
full commit SHAs for supply-chain hardening. This repo extends
config:recommended directly, so pinDigests must be set here explicitly —
the org-level config alone is not sufficient.
Recreated from main after closing stale PR #23 (branch was created before
the dual-approval PR #22 landed).
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Calls the shared privilegedescalation/.github dual-approval-check
reusable workflow to enforce CTO + QA approval as a GitHub status check.
Once privilegedescalation/.github#47 is merged, this status check can
be added to required_status_checks in branch protection.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Resolves lockfile mismatch where undici@7.24.1 did not satisfy the
^7.24.3 override. Running npm install updated the resolved version
to undici@7.24.4.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Only the ArtifactHub/Plugin Manager installation path is supported.
Removed manual Helm-based and kubectl-based install sections.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix: add explicit dev dependencies and fix React test environment
- Add react, react-dom, vitest, jsdom, and testing-library as explicit
devDependencies instead of relying on transitive deps from
@kinvolk/headlamp-plugin
- Add peerDependencies for react/react-dom
- Set process.env.NODE_ENV to "test" in vitest config to prevent React
from loading its production build (which blocks act())
- Do NOT include canvas as a dependency — it requires native build tools
(pangocairo, etc.) not present in the CI node:22 container
Fixes CI install failures from prior PR #10 which included canvas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add react-router-dom devDep and remove unused vite types
- Add react-router-dom as explicit devDependency to fix
ServicesPage.test.tsx import resolution failure
- Remove vite/client and vite-plugin-svgr/client from tsconfig types
(not needed, aligns with polaris plugin pattern)
Addresses QA review feedback on PR#11.
---------
Co-authored-by: gandalf-the-greybeard[bot] <gandalf-the-greybeard[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Configures the reusable release workflow to fetch the latest release
tag from kube-vip/kube-vip and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
The ArtifactHub listing was renamed from kube-vip-plugin to headlamp-kube-vip.
Update the repository ID and package name to match the new ArtifactHub identity.
Ref: PRI-25
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Target main branch explicitly
- Set weekly schedule (weekends)
- Limit concurrent PRs to 10
- Group minor/patch updates for npm and github-actions to reduce PR noise
Ref: PRI-16
Co-authored-by: Null Pointer Nancy <nancy@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The merged PR had a locally-generated UUID. This updates it to the
actual ID assigned by Artifact Hub when the repo was registered
(40b1acd8-44ef-43b3-8ab7-9c09c7f1a20c).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This repo was the only plugin in our portfolio missing Artifact Hub
repository metadata. Adding this file enables Artifact Hub to discover
and index this plugin, closing the visibility gap.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood
privilegedescalation-engineer[bot]
Pawla Abdul
Hugh Hackman