The Renovate workflow was failing because the token parameter
was removed in commit 0955832. This commit restores the
required GITHUB_TOKEN parameter so Renovate can authenticate
and create PRs for dependency updates.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
prettier is needed by the format:check script but was only available
as a transitive dependency of @kinvolk/headlamp-plugin.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This is a prerequisite for CI to work with pnpm --frozen-lockfile.
Missing direct devDependencies that were only available transitively:
- eslint (lint script needs it)
- typescript (tsc script needs it)
- vite (provides vite/client.d.ts type definitions)
- vite-plugin-svgr (provides vite-plugin-svgr/client.d.ts type definitions)
Also fixed: tsconfig.json was missing skipLibCheck: true which caused
errors when type definitions referenced packages not in node_modules.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
PR #8 revealed that typescript is also missing as a direct dependency.
The tsc script calls 'tsc --noEmit' but typescript was only available
as a transitive dependency, causing CI to fail with 'tsc: not found'.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
ESLint was only a transitive dependency of @kinvolk/headlamp-plugin.
Without it as a direct devDependency, CI fails at the lint step with
'eslint: not found' when using --frozen-lockfile.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaces the duplicated Renovate config with a simple extend from the
org-level preset (privilegedescalation/.github:renovate-config). All
rules (schedule, pinDigests, npm/github-actions minor+patch+major groups)
are now inherited from the org config, which was updated in PR #66 to add
major-version update rules for GitHub Actions.
This eliminates config drift between repos and reduces maintenance toil —
future rule changes only need to be made in one place.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Ensures repos created from this template start with GitHub Actions SHA pinning
configured. Matches the pinDigests: true change being applied to all existing
plugin repos (PRI-757).
Without this, new repos created from the template would need a follow-up PR
to add pinDigests.
Adds the shared dual-approval caller workflow, mirroring all other
plugin repos. Enforces the CTO + QA dual approval policy as a GitHub
required status check.
Resolves the gap identified in PRI backlog (dd33f62f).
The test script runs vitest and imports from @testing-library/react and
@testing-library/jest-dom, but none of these were listed as devDependencies.
Adds vitest ^3.0.5 and all required @testing-library packages matching other
plugin repos in the org.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The shared CI workflow runs `npm run lint` (ESLint) and `npm run format:check`
(Prettier) but neither config file was present in the template repo. ESLint
was failing with "ESLint couldn't find a configuration file."
Add both configs matching the pattern used in other plugins in the org:
- .eslintrc.js extends @headlamp-k8s/eslint-config (provided by @kinvolk/headlamp-plugin)
- .prettierrc.js uses @headlamp-k8s/eslint-config/prettier-config
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared plugin-ci.yaml workflow uses `cache: npm` in setup-node
and runs `npm ci`, both of which require a lock file. Without it,
CI fails with "Dependencies lock file is not found".
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared plugin-release.yaml reusable workflow declares pull-requests: write
and uses it to create/merge the release PR. Calling workflows must grant all
permissions declared by reusable workflows or the job fails at startup.
Also adds secrets: inherit so org-level RELEASE_APP_ID and RELEASE_APP_PRIVATE_KEY
are forwarded to the external reusable workflow — without this they arrive empty
and the release is silently skipped.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Countess von Containerheim
privilegedescalation-engineer[bot]
Chris Farhood