diff --git a/.gitea/workflows/ai-review.yaml b/.gitea/workflows/ai-review.yaml deleted file mode 100644 index dac9f13..0000000 --- a/.gitea/workflows/ai-review.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: AI Code Review - -on: - pull_request: - branches: - - main - -jobs: - ai-review: - name: AI Code Review - runs-on: ubuntu-latest - container: - image: catthehacker/ubuntu:act-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: AI Review - uses: Nikita-Filonov/ai-review@v0.56.0 - with: - review-command: run - env: - LLM__PROVIDER: "OPENAI" - LLM__META__MODEL: ${{ vars.AI_REVIEW_MODEL }} - LLM__META__MAX_TOKENS: "15000" - LLM__META__TEMPERATURE: "0.3" - LLM__HTTP_CLIENT__API_URL: "https://api.openai.com/v1" - LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.OPENAI_API_KEY }} - VCS__PROVIDER: "GITEA" - VCS__PIPELINE__OWNER: ${{ github.repository_owner }} - VCS__PIPELINE__REPO: ${{ github.event.repository.name }} - VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }} - VCS__HTTP_CLIENT__API_URL: ${{ github.server_url }}/api/v1 - VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_GITEA_TOKEN }} diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml deleted file mode 100644 index 4f9b8cd..0000000 --- a/.gitea/workflows/ci.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: CI - -on: - push: - branches: - - main - pull_request: - -jobs: - lint: - runs-on: ubuntu-latest - container: node:20 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install dependencies - run: npm ci - - - name: Build - run: npx @kinvolk/headlamp-plugin build - - - name: Lint - run: npx eslint --ext .ts,.tsx src/ - - - name: Type-check - run: npx tsc --noEmit - - - name: Format check - run: npx prettier --check src/ diff --git a/.gitea/workflows/e2e.yaml b/.gitea/workflows/e2e.yaml deleted file mode 100644 index 2495a5e..0000000 --- a/.gitea/workflows/e2e.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: E2E - -on: - push: - branches: - - main - pull_request: - -jobs: - e2e: - runs-on: ubuntu-latest - container: node:20 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install dependencies - run: npm ci - - - name: Install Chromium - run: npx playwright install --with-deps chromium - - - name: Run E2E smoke tests - env: - HEADLAMP_URL: https://headlamp.animaniacs.farh.net - AUTHENTIK_USERNAME: ${{ secrets.AUTHENTIK_USERNAME }} - AUTHENTIK_PASSWORD: ${{ secrets.AUTHENTIK_PASSWORD }} - run: npx playwright test diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml deleted file mode 100644 index 8f83284..0000000 --- a/.gitea/workflows/release.yaml +++ /dev/null @@ -1,173 +0,0 @@ -name: Release - -on: - push: - tags: - - 'v*' - -jobs: - release: - runs-on: ubuntu-latest - container: node:20 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Check if release is already finalized - run: | - VERSION=${GITHUB_REF_NAME#v} - TARBALL_URL="https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz" - HTTP_CODE=$(curl -sL -o /tmp/release.tar.gz -w "%{http_code}" "$TARBALL_URL" 2>/dev/null) - if [ "$HTTP_CODE" = "200" ]; then - ACTUAL="sha256:$(sha256sum /tmp/release.tar.gz | awk '{print $1}')" - EXPECTED=$(grep 'archive-checksum' artifacthub-pkg.yml | awk '{print $2}') - echo "Release tarball checksum: $ACTUAL" - echo "Metadata checksum: $EXPECTED" - if [ "$ACTUAL" = "$EXPECTED" ]; then - echo "SKIP_BUILD=true" >> $GITHUB_ENV - echo "Checksums match - release is finalized, nothing to do" - fi - else - echo "No existing release (HTTP $HTTP_CODE) - will build" - fi - rm -f /tmp/release.tar.gz - - - name: Install dependencies - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - npm ci - - - name: Build plugin - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - npx @kinvolk/headlamp-plugin build - - - name: Package tarball - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - npx @kinvolk/headlamp-plugin package - - - name: Compute tarball checksum - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - TARBALL=$(ls *.tar.gz) - CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}') - echo "TARBALL=$TARBALL" >> $GITHUB_ENV - echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV - echo "Tarball: $TARBALL" - echo "Checksum: sha256:$CHECKSUM" - - - name: Install Docker CLI - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - apt-get update && apt-get install -y docker.io - - - name: Build and push Docker image - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - docker build -t git.farh.net/${{ github.repository }}:${{ github.ref_name }} -t git.farh.net/${{ github.repository }}:latest . - echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.farh.net -u ${{ github.actor }} --password-stdin - docker push git.farh.net/${{ github.repository }}:${{ github.ref_name }} - docker push git.farh.net/${{ github.repository }}:latest - - - name: Create Gitea release - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - API_URL="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}" - # Create release (or get existing) - RELEASE=$(curl -s -X POST \ - -H "Authorization: token ${{ github.token }}" \ - -H "Content-Type: application/json" \ - "${API_URL}/releases" \ - -d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\"}") - RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))") - if [ "$RELEASE_ID" = "undefined" ]; then - RELEASE=$(curl -sf \ - -H "Authorization: token ${{ github.token }}" \ - "${API_URL}/releases/tags/${GITHUB_REF_NAME}") - RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))") - fi - echo "Gitea Release ID: $RELEASE_ID" - # Delete existing assets - ASSETS=$(curl -sf \ - -H "Authorization: token ${{ github.token }}" \ - "${API_URL}/releases/${RELEASE_ID}/assets") - echo "$ASSETS" | node -e " - process.stdin.resume();let d=''; - process.stdin.on('data',c=>d+=c); - process.stdin.on('end',()=>{ - JSON.parse(d).forEach(a=>console.log(a.id)); - })" | while read -r ASSET_ID; do - curl -sf -X DELETE \ - -H "Authorization: token ${{ github.token }}" \ - "${API_URL}/releases/${RELEASE_ID}/assets/${ASSET_ID}" - done - # Upload tarball - curl -sf -X POST \ - -H "Authorization: token ${{ github.token }}" \ - -F "attachment=@${TARBALL}" \ - "${API_URL}/releases/${RELEASE_ID}/assets?name=${TARBALL}" - echo "Gitea release updated" - - - name: Create GitHub release - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - # GitHub API to create/update release - GITHUB_API="https://api.github.com/repos/privilegedescalation/headlamp-polaris-plugin" - # Check if release exists - RELEASE_DATA=$(curl -sf \ - -H "Authorization: token ${{ secrets.GH_TOKEN }}" \ - "${GITHUB_API}/releases/tags/${GITHUB_REF_NAME}" || echo "{}") - RELEASE_ID=$(echo "$RELEASE_DATA" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id||''))") - - if [ -z "$RELEASE_ID" ]; then - # Create new release - RELEASE_DATA=$(curl -sf -X POST \ - -H "Authorization: token ${{ secrets.GH_TOKEN }}" \ - -H "Content-Type: application/json" \ - "${GITHUB_API}/releases" \ - -d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\",\"draft\":false,\"prerelease\":false}") - RELEASE_ID=$(echo "$RELEASE_DATA" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))") - fi - - echo "GitHub Release ID: $RELEASE_ID" - # Upload tarball to GitHub - UPLOAD_URL=$(echo "$RELEASE_DATA" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>{const r=JSON.parse(d);console.log(r.upload_url||'https://uploads.github.com/repos/privilegedescalation/headlamp-polaris-plugin/releases/${RELEASE_ID}/assets')})" | sed 's/{.*}//') - curl -sf -X POST \ - -H "Authorization: token ${{ secrets.GH_TOKEN }}" \ - -H "Content-Type: application/gzip" \ - --data-binary "@${TARBALL}" \ - "${UPLOAD_URL}?name=${TARBALL}" - echo "GitHub release updated" - - - name: Update metadata and align tag - run: | - [ "$SKIP_BUILD" = "true" ] && exit 0 - VERSION=${GITHUB_REF_NAME#v} - git config user.name "gitea-actions[bot]" - git config user.email "gitea-actions[bot]@git.farh.net" - # Determine which Gitea branch to update based on version suffix - if [[ "$VERSION" == *"-dev."* ]]; then - GITEA_BRANCH="dev" - else - GITEA_BRANCH="main" - fi - git fetch origin ${GITEA_BRANCH} - git checkout origin/${GITEA_BRANCH} -B temp-update - sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml - sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz\"|" artifacthub-pkg.yml - sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml - git add artifacthub-pkg.yml - git diff --cached --quiet || { - git commit -m "ci: update artifact hub metadata for ${GITHUB_REF_NAME}" - git push origin temp-update:${GITEA_BRANCH} - } - # Force-move tag to the commit with correct checksum. - # This triggers a new CI run, but the guard step will detect - # that the release checksum already matches and skip the build. - git tag -f ${GITHUB_REF_NAME} - git push -f origin ${GITHUB_REF_NAME} - echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata" - echo "Note: GitHub sync handled by Gitea mirror configuration" diff --git a/CHANGELOG.md b/CHANGELOG.md index 7a5cab4..67bd017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,7 +31,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - App bar badge, settings buttons, and UI elements now use theme-aware CSS variables ### Infrastructure -- Migrated from Gitea to GitHub Actions exclusively - Added CI workflow for lint, type-check, build, and test - Enhanced E2E testing documentation with comprehensive guides - Added documentation-engineer subagent diff --git a/claude.md b/claude.md index f5ff6dd..a9466e4 100644 --- a/claude.md +++ b/claude.md @@ -104,6 +104,7 @@ Additional considerations: ## MCP Servers The project has MCP server integrations configured in `.mcp.json`: -- **Gitea** (git.farh.net): Source control via `gitea-mcp-server` +- **GitHub**: Source control via `github-mcp-server` - **Kubernetes** (local): Cluster access via `kubernetes-mcp-server` - **Flux** (local): Flux Operator access via `flux-operator-mcp` +- **Playwright**: Browser automation via `@playwright/mcp`