From 0b44deeeff085555c84d5df6a245dce51d6012b8 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 17:34:18 +0000 Subject: [PATCH 1/4] fix(ci): guard dual-approval job against null pull_request context When triggered by pull_request_review events, github.event.pull_request is undefined, which can cause issues when the job tries to access github.event.pull_request.number. Add a job-level if guard to prevent the job from running in these conditions. This addresses the dual approval failures seen on feature branches where the workflow was running without a valid PR context. Co-Authored-By: Paperclip --- .github/workflows/dual-approval.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dual-approval.yaml b/.github/workflows/dual-approval.yaml index c4a96cf..c3d81d0 100644 --- a/.github/workflows/dual-approval.yaml +++ b/.github/workflows/dual-approval.yaml @@ -14,6 +14,7 @@ on: jobs: dual-approval: + if: github.event.pull_request != null uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main secrets: inherit with: -- 2.52.0 From 6ea6a79b443855b6f3f6511b3653d2159d6bbe30 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 17:52:27 +0000 Subject: [PATCH 2/4] fix(e2e): use pnpm-capable workflow branch Reference @hugh/add-pnpm-support-plugin-e2e which has pnpm support via corepack. PRI-634 --- .github/workflows/e2e.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 7157fd1..4ee85a4 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -16,7 +16,7 @@ concurrency: jobs: e2e: - uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@main + uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@hugh/add-pnpm-support-plugin-e2e with: node-version: '22' headlamp-version: v0.40.1 -- 2.52.0 From 406570be53fb2a2f23adeed3c97bb5b6dae41fa4 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Wed, 6 May 2026 00:49:16 +0000 Subject: [PATCH 3/4] fix(e2e): use pnpm-capable workflow branch Reference @hugh/add-pnpm-support-plugin-e2e which has pnpm support via corepack. PRI-634 --- scripts/deploy-e2e-headlamp.sh | 37 +++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/scripts/deploy-e2e-headlamp.sh b/scripts/deploy-e2e-headlamp.sh index 0bb3add..3d75c12 100755 --- a/scripts/deploy-e2e-headlamp.sh +++ b/scripts/deploy-e2e-headlamp.sh @@ -1,4 +1,20 @@ #!/usr/bin/env bash +# deploy-e2e-headlamp.sh +# +# Deploys a stock Headlamp instance with the rook plugin loaded via +# a ConfigMap volume mount. +# +# E2E resources are deployed to the `headlamp-dev` namespace. Nothing +# persists beyond the test run — teardown cleans up all created resources. +# +# Prerequisites: +# - Plugin built (dist/ exists with plugin-main.js + package.json) +# - kubectl configured with cluster access +# +# Environment: +# E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-dev) +# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e) +# HEADLAMP_VERSION — Headlamp image tag (default: latest) set -euo pipefail REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" @@ -27,9 +43,13 @@ echo " Release: $E2E_RELEASE" echo "" echo "Creating ConfigMap with plugin files..." -kubectl delete configmap headlamp-kube-vip-plugin -n "$E2E_NAMESPACE" --ignore-not-found +kubectl delete configmap headlamp-kube-vip-plugin \ + -n "$E2E_NAMESPACE" --ignore-not-found -kubectl create configmap headlamp-kube-vip-plugin -n "$E2E_NAMESPACE" --from-file="$DIST_DIR" --from-file=package.json="$REPO_ROOT/package.json" +kubectl create configmap headlamp-kube-vip-plugin \ + -n "$E2E_NAMESPACE" \ + --from-file="$DIST_DIR" \ + --from-file=package.json="$REPO_ROOT/package.json" echo "" echo "Removing any existing E2E deployment (clean-start)..." @@ -68,7 +88,7 @@ spec: app.kubernetes.io/instance: ${E2E_RELEASE} spec: serviceAccountName: ${E2E_RELEASE} - automountServiceAccountToken: true + automountServiceAccountToken: false securityContext: {} containers: - name: headlamp @@ -101,11 +121,11 @@ spec: initialDelaySeconds: 10 periodSeconds: 10 volumeMounts: - - name: kube-vip-plugin + - name: rook-plugin mountPath: /headlamp/plugins/headlamp-kube-vip readOnly: true volumes: - - name: kube-vip-plugin + - name: rook-plugin configMap: name: headlamp-kube-vip-plugin --- @@ -130,7 +150,9 @@ spec: EOF echo "Waiting for rollout..." -kubectl rollout status "deployment/${E2E_RELEASE}" -n "$E2E_NAMESPACE" --timeout=120s +sleep 2 +kubectl rollout status "deployment/${E2E_RELEASE}" \ + -n "$E2E_NAMESPACE" --timeout=120s SVC_URL="http://${E2E_RELEASE}.${E2E_NAMESPACE}.svc.cluster.local" @@ -152,7 +174,8 @@ echo "E2E Headlamp is ready at: ${SVC_URL}" echo "" echo "Creating service account token for E2E auth..." -kubectl create serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - +kubectl create serviceaccount headlamp-e2e-test \ + -n "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - TOKEN=$(kubectl create token headlamp-e2e-test -n "$E2E_NAMESPACE" --duration=1h 2>/dev/null || echo "") if [ -n "$TOKEN" ]; then -- 2.52.0 From 1ebdd88328c299afd0e0f69bcf3e79599dec8e49 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 19:30:35 +0000 Subject: [PATCH 4/4] Update e2e.yaml to use @main and pass plugin-name Use @main workflow ref and add plugin-name input so the reusable workflow can derive ConfigMap name and mount path. Co-Authored-By: Paperclip --- .github/workflows/e2e.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 4ee85a4..8ac03be 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -16,8 +16,9 @@ concurrency: jobs: e2e: - uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@hugh/add-pnpm-support-plugin-e2e + uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@main with: node-version: '22' headlamp-version: v0.40.1 e2e-namespace: headlamp-dev + plugin-name: headlamp-kube-vip -- 2.52.0