The headlamp-plugin package command outputs filenames with .tar.gz extension,
not .tgz. This caused the "Get tarball path" step to fail (exit code 1) on
the v1.0.1 release run #554.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Add explicit pnpm installation before Install dependencies step.
Without this, ubuntu-latest runner fails with 'pnpm: command not found'
since pnpm is not bundled with the Node 20 action.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Configures the reusable release workflow to fetch the latest release
tag from FairwindsOps/polaris and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
Co-authored-by: Hugh Hackman <hugh@privilegedescalation.dev>
gh CLI is not installed on the self-hosted runner. Switch to
softprops/action-gh-release@v2 which was used before the
standardization broke it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove broken mv logic and use gh CLI for release creation,
matching the proven workflow from other headlamp plugins.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The headlamp-plugin package command already produces a tarball named
{pkg}-{version}.tar.gz, so the mv command fails when source and
destination are the same file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merged prepare-release and release workflows into a single workflow
that handles everything in one job. This eliminates the need for
separate tokens or manual intervention.
Single workflow now:
- Validates version format
- Updates package.json and artifacthub-pkg.yml
- Builds and packages plugin
- Computes checksum
- Updates metadata with real checksum
- Commits all changes to main
- Creates and pushes tag
- Creates GitHub release with tarball
No more tag push triggers, no separate tokens needed.
Everything runs in one workflow_dispatch job.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Replace complex draft/publish release workflow with clean two-workflow approach:
1. prepare-release.yaml (manual workflow_dispatch)
- Validates version format
- Updates package.json and artifacthub-pkg.yml
- Commits to main
- Creates and pushes tag
- Triggers release workflow automatically
2. release.yaml (automatic on tag push)
- Single build-and-release job
- Creates GitHub release with tarball in one step (no draft/publish)
- Separate update-metadata job runs after release
- Updates checksum on main branch
Benefits:
- No manual tarball upload required
- No tag force-push anti-pattern
- No draft/publish asset attachment failures
- Clear separation of concerns
- Self-documenting workflow
Eliminates:
- Guard logic for infinite loop prevention
- Post-release tag manipulation
- Manual intervention after workflow "succeeds"
- Checksum chicken-and-egg problem
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
- Changed ci.yaml from ubuntu-latest to local-ubuntu-latest
- Changed release.yaml from ubuntu-latest to local-ubuntu-latest
- e2e.yaml already using k3s-animaniacs (correct)
This ensures all CI jobs run on on-prem runners instead of GitHub-hosted runners.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
GitHub's immutable releases feature locks releases upon publication,
preventing asset uploads. This fix uses a two-step process:
1. Create draft release (mutable) and upload tarball
2. Publish release after assets are attached
Also adds validation to ensure tarball name matches package.json,
preventing future naming mismatch issues.
Changes:
- Upgrade from softprops/action-gh-release@v1 to @v2
- Create release as draft initially (draft: true)
- Add separate publish step after asset upload
- Add tarball name validation step
Fixes release workflow failures that occurred with v0.3.6 and v0.3.7.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* ci: fix checksum for manually created GitHub release v0.2.0
The GitHub release was created manually with gh CLI, so the checksum
in metadata didn't match. This updates the checksum to match the actual
tarball on GitHub.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* refactor: migrate to GitHub as primary repository
- Move release workflow from Gitea Actions to GitHub Actions
- Update checksum to match manually created GitHub v0.2.0 release
- Simplify workflow by removing Gitea-specific steps
- Use softprops/action-gh-release for easier release management
This eliminates the complexity of Gitea mirroring and the issues
with GH_TOKEN authentication in Gitea Actions.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Happy <yesreply@happy.engineering>
Chris Farhood
privilegedescalation-paperclip[bot]