Merge pull request 'Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL' (#184) from promote/uat-artifacthub-v1.0.1 into uat
Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL (#184) Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #184.
This commit is contained in:
@@ -15,20 +15,15 @@ jobs:
|
||||
promotion-gate:
|
||||
name: Promotion Gate
|
||||
runs-on: ubuntu-latest
|
||||
container: ubuntu:latest
|
||||
timeout-minutes: 5
|
||||
|
||||
steps:
|
||||
- name: Install dependencies
|
||||
run: apt-get update -qq && apt-get install -y --no-install-recommends ca-certificates curl jq
|
||||
|
||||
- name: Check promotion approval
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
PR_NUMBER: ${{ github.event.pull_request.number }}
|
||||
REPO: ${{ github.repository }}
|
||||
BASE_REF: ${{ github.base_ref }}
|
||||
HEAD_REF: ${{ github.head_ref }}
|
||||
run: |
|
||||
if [ -z "${PR_NUMBER}" ] || [ "${PR_NUMBER}" = "null" ]; then
|
||||
echo "::notice::No PR number in context. Skipping promotion gate."
|
||||
@@ -60,7 +55,10 @@ jobs:
|
||||
GATE_NAME="QA"
|
||||
# For plugin repos (Pipeline A), UAT approval is needed for uat→main
|
||||
# Check if the source branch is uat
|
||||
SOURCE_REF="${HEAD_REF}"
|
||||
SOURCE_REF=$(curl -sf \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||
-H "Accept: application/json" \
|
||||
"https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref')
|
||||
|
||||
if [ "${SOURCE_REF}" = "uat" ]; then
|
||||
REQUIRED_REVIEWER="pe_patty"
|
||||
@@ -85,7 +83,8 @@ jobs:
|
||||
REVIEWS=$(curl -sf \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||
-H "Accept: application/json" \
|
||||
"https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews")
|
||||
"https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews" \
|
||||
| python3 -c 'import sys,json; json.dump(json.load(sys.stdin),sys.stdout)')
|
||||
|
||||
if [ -z "${REVIEWS}" ] || [ "${REVIEWS}" = "null" ]; then
|
||||
echo "::warning::Could not fetch reviews for PR #${PR_NUMBER}."
|
||||
|
||||
+48
-43
@@ -1,30 +1,28 @@
|
||||
version: "1.0.0"
|
||||
version: 1.0.1
|
||||
name: headlamp-polaris
|
||||
displayName: Polaris
|
||||
createdAt: "2026-02-05T19:00:00Z"
|
||||
description: >-
|
||||
Surfaces Fairwinds Polaris audit results inside the Headlamp UI.
|
||||
Shows cluster score, check summary, and per-namespace drill-downs
|
||||
with per-resource pass/warning/danger breakdowns. Data is fetched
|
||||
read-only via the Kubernetes service proxy to the Polaris dashboard.
|
||||
Requires a Role granting `get` on `services/proxy` for the
|
||||
`polaris-dashboard` service in the `polaris` namespace.
|
||||
createdAt: '2026-05-20T00:00:00Z'
|
||||
description: Surfaces Fairwinds Polaris audit results inside the Headlamp UI. Shows
|
||||
cluster score, check summary, and per-namespace drill-downs with per-resource pass/warning/danger
|
||||
breakdowns. Data is fetched read-only via the Kubernetes service proxy to the Polaris
|
||||
dashboard. Requires a Role granting `get` on `services/proxy` for the `polaris-dashboard`
|
||||
service in the `polaris` namespace.
|
||||
license: Apache-2.0
|
||||
homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
|
||||
appVersion: "10.1.6"
|
||||
homeURL: https://github.com/privilegedescalation/headlamp-polaris-plugin
|
||||
appVersion: 10.1.6
|
||||
category: security
|
||||
keywords:
|
||||
- polaris
|
||||
- fairwinds
|
||||
- security
|
||||
- audit
|
||||
- headlamp
|
||||
- kubernetes
|
||||
- polaris
|
||||
- fairwinds
|
||||
- security
|
||||
- audit
|
||||
- headlamp
|
||||
- kubernetes
|
||||
links:
|
||||
- name: Source
|
||||
url: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
|
||||
- name: Polaris
|
||||
url: "https://polaris.docs.fairwinds.com/"
|
||||
- name: Source
|
||||
url: https://github.com/privilegedescalation/headlamp-polaris-plugin
|
||||
- name: Polaris
|
||||
url: https://polaris.docs.fairwinds.com/
|
||||
install: |
|
||||
## Installation
|
||||
|
||||
@@ -50,27 +48,34 @@ install: |
|
||||
|
||||
For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
|
||||
changes:
|
||||
- kind: security
|
||||
description: Patched 8 npm audit vulnerabilities via pnpm.overrides
|
||||
- kind: added
|
||||
description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge
|
||||
- kind: added
|
||||
description: ExemptionManager test suite — full coverage of annotation-based exemption flows
|
||||
- kind: fixed
|
||||
description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace
|
||||
- kind: fixed
|
||||
description: E2E workflow uses token auth and waits for HTTP reachability before running tests
|
||||
- kind: fixed
|
||||
description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures
|
||||
- kind: changed
|
||||
description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests
|
||||
- kind: changed
|
||||
description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump
|
||||
- kind: security
|
||||
description: Patched 8 npm audit vulnerabilities via pnpm.overrides
|
||||
- kind: added
|
||||
description: Dual-approval required CI check — PRs must be approved by both CTO
|
||||
and QA before merge
|
||||
- kind: added
|
||||
description: ExemptionManager test suite — full coverage of annotation-based exemption
|
||||
flows
|
||||
- kind: fixed
|
||||
description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based
|
||||
approach, tests run in privilegedescalation-dev namespace
|
||||
- kind: fixed
|
||||
description: E2E workflow uses token auth and waits for HTTP reachability before
|
||||
running tests
|
||||
- kind: fixed
|
||||
description: Added explicit direct devDependencies (typescript, eslint, prettier,
|
||||
@headlamp-k8s/eslint-config) to prevent phantom dep failures
|
||||
- kind: changed
|
||||
description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned
|
||||
via Renovate pinDigests
|
||||
- kind: changed
|
||||
description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema,
|
||||
app bar action) is stable and will not change without a major version bump
|
||||
maintainers:
|
||||
- name: privilegedescalation
|
||||
email: "chris@farhood.org"
|
||||
- name: privilegedescalation
|
||||
email: chris@farhood.org
|
||||
annotations:
|
||||
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz"
|
||||
headlamp/plugin/version-compat: ">=0.26"
|
||||
headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d
|
||||
headlamp/plugin/distro-compat: "in-cluster,web,desktop"
|
||||
headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz
|
||||
headlamp/plugin/version-compat: '>=0.26'
|
||||
headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e
|
||||
headlamp/plugin/distro-compat: in-cluster,web,desktop
|
||||
|
||||
Reference in New Issue
Block a user