workflow_call reusable workflow that exposes a GitHub App installation
token. Mend Renovate will use this token to push commits.
Refs: PRI-413
Co-authored-by: Chris Farhood <chris@farhood.org>
Calls the shared privilegedescalation/.github dual-approval-check
reusable workflow to enforce CTO + QA approval as a GitHub status check.
Once privilegedescalation/.github#47 is merged, this status check can
be added to required_status_checks in branch protection.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Configures the reusable release workflow to fetch the latest release
tag from kube-vip/kube-vip and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
Self-hosted runner does not have gh CLI installed, causing
"gh: command not found" in the Create GitHub Release step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
headlamp-plugin package already produces the tarball named
${PKG_NAME}-${VERSION}.tar.gz, so the mv was renaming the file
to itself and failing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Headlamp plugin providing visibility into kube-vip virtual IP and load
balancer deployments. Features:
- Overview dashboard with deployment status, VIP mode, leader election
- Services page with LoadBalancer VIP assignments and detail panels
- Nodes page showing kube-vip pod status and leader designation
- Configuration page with DaemonSet config, IP pools, leases
- Service detail section injected into native Headlamp Service views
Read-only plugin — no cluster write operations. Uses standard K8s
resources (no CRDs): Services, Nodes, Pods, DaemonSets, Leases,
ConfigMaps with kube-vip.io/* annotations.
74 tests across 7 test files. All tsc/lint/format/test checks pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
privilegedescalation-engineer[bot]