Countess von Containerheim
6c04ca39a2
Merge pull request 'Remove agent artifacts and centralize installation policy' ( #188 ) from gandalf/cleanup-agent-artifacts into main
...
CI / ci (push) Successful in 2m46s
Merge PR #188 : Remove agent artifacts and centralize installation policy
2026-05-21 21:13:15 +00:00
Chris Farhood
1f46938da6
Update wiki link to privilegedescalation.com
Promotion Gate / Promotion Gate (pull_request) Successful in 1s
CI / ci (pull_request) Successful in 42s
CI / ci (push) Successful in 51s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 1s
2026-05-21 21:05:18 +00:00
Chris Farhood
2a68388a9a
Remove agent artifacts and centralize installation policy
...
Promotion Gate / Promotion Gate (pull_request) Failing after 0s
CI / ci (push) Successful in 44s
CI / ci (pull_request) Successful in 46s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 0s
- Delete CONTEXT.md, PROJECT_ASSESSMENT.md, SPEC-PRI-324.md, INSTALLATION_POLICY.md
- Add wiki link in README.md Installation section
cc @cpfarhood
2026-05-21 20:47:38 +00:00
Countess von Containerheim
f8eeac9b5b
Merge pull request 'Promote uat → main: artifacthub-pkg.yml v1.0.1 metadata update' ( #186 ) from uat into main
...
CI / ci (push) Successful in 42s
Promote uat to main: artifacthub-pkg.yml v1.0.1 metadata update
Fixes ArtifactHub checksum mismatch. Promotion Gate passed (pe_nancy CTO fallback approval, review ID 3395).
2026-05-21 01:18:12 +00:00
Null Pointer Nancy
f03a27bedc
Merge pull request 'Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL' ( #184 ) from promote/uat-artifacthub-v1.0.1 into uat
...
CI / ci (pull_request) Successful in 38s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 0s
Promotion Gate / Promotion Gate (pull_request) Successful in 1s
CI / ci (push) Successful in 40s
Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL (#184 )
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 00:45:09 +00:00
Chris Farhood
ec1acbb130
fix(ci): resolve merge conflict and sanitize reviews JSON
...
Promotion Gate / Promotion Gate (pull_request) Successful in 2s
CI / ci (push) Successful in 44s
CI / ci (pull_request) Successful in 46s
Merge dev workflow fix (remove container/install step) and add python3
JSON roundtrip to handle Gitea API responses with control characters
that break jq parsing.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 00:43:12 +00:00
Null Pointer Nancy
5907a494d0
chore(artifacthub): update to v1.0.1 with Gitea archive URL
...
Promotion Gate / Promotion Gate (pull_request) Failing after 8s
CI / ci (pull_request) Successful in 38s
CI / ci (push) Successful in 41s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 00:19:15 +00:00
Chris Farhood
5e6cd6603b
Merge pull request #183 from gandalf/fix-promotion-gate-ci
...
Promotion Gate / Promotion Gate (pull_request) Successful in 0s
CI / ci (pull_request) Successful in 2m45s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 1s
CI / ci (push) Successful in 39s
fix(dual-approval): remove container ubuntu:latest and Install dependencies step
2026-05-20 23:59:04 +00:00
Chris Farhood
d7cbe969fb
fix(dual-approval): remove container: ubuntu:latest and Install dependencies step
...
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 38s
The ubuntu-latest runner host already has curl, jq, and ca-certificates
pre-installed. The apt-get update call inside the Docker container was
failing due to broken container networking on the runner host (runs 577,
578), blocking PR #182 (dev→uat promotion).
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 23:56:41 +00:00
Null Pointer Nancy
2ba0751443
Merge pull request 'chore(artifacthub): update to v1.0.1' ( #181 ) from pri-1681-update-artifacthub-1.0.1 into dev
...
CI / ci (push) Successful in 43s
CI / ci (pull_request) Successful in 45s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 5s
Promotion Gate / Promotion Gate (pull_request) Failing after 7s
chore(artifacthub): update to v1.0.1 with Gitea archive URL (#181 )
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 23:35:11 +00:00
Null Pointer Nancy
e52d995123
fix: use Gitea archive URL in annotation
...
CI / ci (push) Successful in 47s
CI / ci (pull_request) Successful in 47s
The GitHub release does not exist (404). Per board all-Gitea
decision, archive URLs must point to git.farh.net.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 23:33:35 +00:00
Chris Farhood
791935947d
Fix install docs and archive URL to use GitHub (from QA review)
...
CI / ci (push) Failing after 11s
CI / ci (pull_request) Successful in 42s
- Restore install as multi-line Markdown guide (was replaced by url/digest object)
- Point annotations.archive-url to github.com instead of git.farh.net
2026-05-20 23:30:11 +00:00
Null Pointer Nancy
639e4eaa68
fix: use Gitea archive URL per board all-Gitea decision
...
CI / ci (push) Successful in 39s
CI / ci (pull_request) Successful in 40s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 5s
The GitHub release for v1.0.1 does not exist (404). Per board
decision (2026-05-16), all PE projects use Gitea releases.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 23:19:16 +00:00
Chris Farhood
69db99d3d1
chore(artifacthub): update to v1.0.1
...
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 39s
Bumps version to 1.0.1, updates createdAt date, and points
archive URL/checksum to the v1.0.1 GitHub release.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 23:04:55 +00:00
Null Pointer Nancy
a051ffafed
Merge pull request 'promote: uat → main (tarball grep fix for release workflow)' ( #180 ) from uat into main
...
CI / ci (push) Successful in 41s
Merge PR #180 : promote uat → main (tarball grep fix for release workflow)
2026-05-20 22:49:51 +00:00
Null Pointer Nancy
7f03ae6265
Merge pull request 'promote: dev → uat (tarball grep fix for release workflow)' ( #179 ) from dev into uat
...
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 40s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 7s
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
promote: dev → uat (tarball grep fix for release workflow) (#179 )
2026-05-20 22:27:08 +00:00
Null Pointer Nancy
53fce54df8
Merge pull request 'fix: match .tar.gz instead of .tgz in release workflow grep pattern' ( #178 ) from fix/release-tarball-pattern into dev
...
CI / ci (push) Successful in 39s
Promotion Gate / Promotion Gate (pull_request) Failing after 5s
CI / ci (pull_request) Successful in 41s
fix: match .tar.gz instead of .tgz in release workflow grep pattern (#178 )
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 22:25:40 +00:00
Chris Farhood
6c6e8a55ce
fix: match .tar.gz instead of .tgz in release workflow grep pattern
...
CI / ci (pull_request) Failing after 0s
Promotion Gate / promotion-gate (pull_request_review) Failing after 0s
The headlamp-plugin package command outputs filenames with .tar.gz extension,
not .tgz. This caused the "Get tarball path" step to fail (exit code 1) on
the v1.0.1 release run #554 .
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-20 22:13:45 +00:00
Countess von Containerheim
483348aef0
Merge pull request 'promote: uat → main (pnpm fix for release workflow)' ( #176 ) from uat into main
...
CI / ci (push) Successful in 39s
CEO promotion merge: uat→main for v1.0.1 pnpm fix (PR #176 )
2026-05-20 22:10:25 +00:00
Null Pointer Nancy
9502ca804d
Merge pull request 'promote: dev → uat (pnpm fix for release workflow)' ( #175 ) from dev into uat
...
CI / ci (push) Successful in 43s
CI / ci (pull_request) Successful in 46s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 8s
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
promote: dev → uat (pnpm fix for release workflow) (#175 )
2026-05-20 21:48:49 +00:00
Null Pointer Nancy
76d0e106b2
Merge pull request 'fix: add pnpm install step to release workflow' ( #174 ) from gandalf/pri-1671-pnpm-install into dev
...
Promotion Gate / Promotion Gate (pull_request) Failing after 5s
CI / ci (push) Successful in 41s
CI / ci (pull_request) Successful in 42s
fix: add pnpm install step to release workflow (#174 )
2026-05-20 21:48:24 +00:00
Chris Farhood
63050174e9
fix: add pnpm install step to release workflow
...
CI / ci (pull_request) Failing after 0s
Add explicit pnpm installation before Install dependencies step.
Without this, ubuntu-latest runner fails with 'pnpm: command not found'
since pnpm is not bundled with the Node 20 action.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-20 21:39:46 +00:00
Countess von Containerheim
cd1fa2613d
Merge pull request 'Promote uat to main (inline all workflows, trigger v1.0.1 release)' ( #171 ) from uat into main
...
CI / ci (push) Successful in 40s
Promote uat to main: fix dual-approval SOURCE_REF detection and ca-certificates
2026-05-20 21:27:59 +00:00
Chris Farhood
bfeb1068bb
fix(ci): add ca-certificates for SSL verification in promotion gate
...
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
CI / ci (push) Successful in 46s
CI / ci (pull_request) Successful in 45s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 21:20:53 +00:00
Gandalf the Greybeard
2aff05b632
fix(ci): use github.head_ref for SOURCE_REF detection in promotion gate
...
Promotion Gate / Promotion Gate (pull_request) Failing after 6s
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 42s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 6s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 21:01:16 +00:00
Null Pointer Nancy
d37431ce8c
Merge pull request 'Promote dev → uat: include PRI-1660 dual-approval fix' ( #173 ) from dev into uat
...
Promotion Gate / Promotion Gate (pull_request) Failing after 8s
CI / ci (push) Successful in 44s
CI / ci (pull_request) Successful in 45s
Promote dev → uat: include PRI-1660 dual-approval fix (#173 )
2026-05-20 20:48:31 +00:00
Gandalf the Greybeard
b2a97cdcad
Merge pull request 'fix(promotion-gate): restore inlined dual-approval to fix uat->main CI (PRI-1660)' ( #172 ) from nancy/fix-dual-approval-uat-regress into dev
CI / ci (push) Successful in 39s
Promotion Gate / Promotion Gate (pull_request) Failing after 5s
CI / ci (pull_request) Successful in 40s
2026-05-20 20:40:48 +00:00
Null Pointer Nancy
73b2baec9d
fix(promotion-gate): restore inlined dual-approval from main (PRI-1660)
...
CI / ci (push) Successful in 45s
CI / ci (pull_request) Successful in 40s
PR #170 merged conflict with old uat version instead of inlined dev version.
Restore inlined dual-approval.yaml to match main, fixing uat->main promotion gate.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 20:36:27 +00:00
Gandalf the Greybeard
36e220660d
Merge pull request 'Promote dev to uat (inline release and CI workflows)' ( #170 ) from dev into uat
Promotion Gate / promotion-gate (pull_request) Failing after 0s
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 42s
Promotion Gate / promotion-gate (pull_request_review) Failing after 0s
2026-05-20 20:24:46 +00:00
Chris Farhood
51e68b1b88
fix(promotion-gate): inline dual-approval-check workflow (PRI-1660)
Promotion Gate / promotion-gate (pull_request) Failing after 0s
CI / ci (pull_request) Successful in 47s
CI / ci (push) Successful in 42s
2026-05-20 20:22:33 +00:00
Chris Farhood
48d704a6b6
fix(promotion-gate): inline dual-approval-check workflow (PRI-1660)
Promotion Gate / promotion-gate (pull_request) Failing after 1s
CI / ci (pull_request) Successful in 43s
CI / ci (push) Successful in 45s
2026-05-20 20:20:45 +00:00
Chris Farhood
b0cefdbe24
fix: resolve ci.yaml conflict, use inlined version
2026-05-20 20:20:34 +00:00
Chris Farhood
92f8c958d8
fix(release): inline release workflow, remove broken .github reference (PRI-1660)
Promotion Gate / Promotion Gate (pull_request) Failing after 6s
CI / ci (push) Successful in 44s
CI / ci (pull_request) Successful in 46s
2026-05-20 20:19:01 +00:00
Chris Farhood
22fea9a99d
Merge remote-tracking branch 'origin/main' into dev
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 46s
Promotion Gate / Promotion Gate (pull_request) Failing after 9s
2026-05-20 20:14:59 +00:00
Gandalf the Greybeard
73fb1359ed
Merge pull request 'inline(release): replace broken reusable workflow with inlined steps' ( #168 ) from gandalf/pri-1659-inline-release-workflow into dev
Promotion Gate / promotion-gate (pull_request) Failing after 0s
CI / ci (push) Successful in 39s
CI / ci (pull_request) Successful in 42s
2026-05-20 20:04:38 +00:00
Chris Farhood
cf9e0513b9
fix(CI): inline ci.yaml, remove broken reusable workflow reference (PRI-1660)
CI / ci (pull_request) Successful in 37s
2026-05-20 19:53:35 +00:00
Chris Farhood
733cfad8d3
inline(release): replace broken reusable workflow with inlined steps
...
CI / ci (pull_request) Failing after 0s
The reusable workflow reference to privilegedescalation/.github does not
exist on Gitea, blocking the v1.0.1 release. This change inlines the
build/package/release steps directly into release.yaml.
Steps inlined:
- actions/checkout@v4
- actions/setup-node@v4 (Node 20, pnpm cache)
- pnpm install --frozen-lockfile
- pnpm run build
- pnpm run package (produces headlamp-polaris-{version}.tgz)
- Gitea API: create release + upload tarball as asset
Refs: PRI-1659, PRI-1634
2026-05-20 19:47:01 +00:00
Null Pointer Nancy
5aa54a526b
Merge pull request 'fix(CI): inline dual-approval-check, install curl/jq (PRI-1636)' ( #167 ) from gandalf/pri-1636-inline-dual-approval into main
...
CI / ci (push) Successful in 40s
Merge PR #167 : Inline dual-approval workflow (PRI-1636)
2026-05-20 13:53:45 +00:00
Chris Farhood
83aa0329b3
fix(CI): add container ubuntu:latest for apt-get (PRI-1636)
...
CI / ci (push) Successful in 43s
CI / ci (pull_request) Successful in 46s
Promotion Gate / Promotion Gate (pull_request) Failing after 8s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 5s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 13:38:46 +00:00
Chris Farhood
8f343be06d
fix(CI): inline dual-approval-check workflow, install curl/jq (PRI-1636)
...
Promotion Gate / Promotion Gate (pull_request) Failing after 0s
CI / ci (pull_request) Successful in 42s
CI / ci (push) Successful in 46s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-20 13:27:20 +00:00
Countess von Containerheim
9dc5fd673d
fix(ci): inline CI workflow, remove reusable .github dependency (PRI-1630)
Promotion Gate / promotion-gate (pull_request) Failing after 0s
CI / ci (pull_request) Successful in 50s
CI / ci (push) Successful in 46s
2026-05-20 10:45:01 +00:00
125b06734a
Merge pull request #164 from privilegedescalation/uat
...
Promote uat to main
2026-05-14 03:16:38 +00:00
Chris Farhood
def89f8d71
Merge remote-tracking branch 'origin/uat' into dev
2026-05-14 03:06:01 +00:00
90721641cc
Promote dev to uat
...
Routine dev→uat promotion approved by QA (Regression Regina). All blockers resolved, CI passing.
2026-05-14 01:44:51 +00:00
Chris Farhood
af42d9c52a
Merge origin/uat into dev to resolve promotion conflicts
...
Accept uat version for all conflicting files. Removes files deleted in uat
(e2e-ci-runner-rbac.yaml, deploy/teardown-e2e-headlamp.sh).
Resolves merge conflict blocking PR #163 . Adds trailing newline to audit-ci.jsonc.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-14 01:25:10 +00:00
61582d7534
fix: remove stale package-lock.json causing npm install failures
...
The project declares pnpm@10.32 .1 as packageManager but had a committed
package-lock.json. Running npm install produced a broken node_modules
layout. Delete the stale lockfile and add it to .gitignore.
Note: tests were failing before this change due to a missing tsconfig
for vitest.setup.ts — tracked separately as pre-existing issue.
Co-authored-by: Chris Farhood <chris@farhood.org >
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-14 00:15:30 +00:00
f6a296df1b
fix: override fast-uri to patched version to resolve 2 high severity CVEs ( #159 )
...
Upgraded @kinvolk/headlamp-plugin from ^0.13.0 to ^0.14.0 and added
fast-uri >=3.1.2 to pnpm overrides to address:
- GHSA-q3j6-qgpj-74h6 (fast-uri path traversal, patched in >=3.1.1)
- GHSA-v39h-62p7-jpjc (fast-uri host confusion, patched in >=3.1.2)
Remaining 6 vulnerabilities (1 low, 5 moderate) are in transitive deps
without direct override paths and do not affect production runtime.
Co-authored-by: Chris Farhood <chris@farhood.org >
Co-authored-by: Paperclip <noreply@paperclip.ing >
2026-05-13 17:43:20 +00:00
d593a11fd9
fix: sync CI trigger branches on dev
...
fix: sync CI trigger branches on dev
2026-05-13 13:18:34 +00:00
Chris Farhood
8fb9215933
feat(security): add audit-ci.jsonc allowlist for dev-branch CVEs
...
CTO decision (PRI-854): high-severity vulns from @kinvolk/headlamp-plugin
transitive deps (Picomatch, Vite, lodash) are dev/build-time only and do
not ship in production plugin artifacts.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-13 13:13:54 +00:00
Chris Farhood
35c09186df
fix: sync CI trigger branches on dev
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-13 13:00:27 +00:00
Countess von Containerheim
Chris Farhood
Null Pointer Nancy
Gandalf the Greybeard
privilegedescalation-engineer[bot]