Documents how to install dev preview versions using direct URLs since
they are not published to ArtifactHub. Includes sidecar pattern example
and manual download instructions.
Dev releases should not update the GitHub main branch to preserve
the latest stable version metadata for ArtifactHub discovery.
Changes:
- Add conditional check for version suffix before pushing to GitHub main
- Stable releases (v*): push to GitHub main branch
- Dev releases (v*-dev.*): skip GitHub main branch, only push tag
- This keeps GitHub main branch showing latest stable metadata
Switch from dual-repo (stable + dev) to single-repo pattern where both
stable and dev releases are published to the same GitHub repository.
Changes:
- Remove GITHUB_REPO routing logic (was causing releases to wrong repo)
- Hardcode all GitHub URLs to cpfarhood/headlamp-polaris-plugin
- Update dev branch metadata to point to main repo
- Keep prerelease flag in metadata for ArtifactHub differentiation
- Workflow pushes both stable and dev releases to same repo
- ArtifactHub will show dev releases under "Include prereleases" toggle
This follows the standard mono-repo release pattern (like Node.js, K8s)
where users see one package with stable/prerelease versions.
The metadata update step was hardcoded to push to the stable repo,
causing dev releases to pollute the stable repo's main branch.
Changes:
- Use ${GITHUB_REPO} in archive-url instead of hardcoded stable repo
- Use ${GITHUB_REPO} in git remote instead of hardcoded stable repo
- Determine GITEA_BRANCH dynamically (dev/namespace-drawer for dev, main for stable)
- Push the correct Gitea branch to GitHub main branch
- Use temp branch to avoid conflicts
Now dev releases only touch the dev repo, and stable releases only
touch the stable repo.
Ensures the tag exists on the correct GitHub repo before attempting
to create a release. This prevents the release from being created on
the wrong repo when the tag doesn't exist yet.
The fix adds a git push of the tag to the target GitHub repo
(determined by ${GITHUB_REPO}) before calling the GitHub API to
create the release.
Previously the workflow was pushing 'main' to GitHub instead of the
determined GITEA_BRANCH (either 'main' for stable or 'dev/namespace-drawer'
for dev releases). This caused both repos to get mixed up content.
Now it explicitly pushes :main to ensure:
- Dev releases: Gitea dev/namespace-drawer → GitHub dev repo main
- Stable releases: Gitea main → GitHub stable repo main
Release dev preview version with drawer-based namespace navigation.
Changes:
- Version bumped to 0.2.0-dev.1 in package.json
- Added prerelease: true flag in artifacthub-pkg.yml
- Updated archive URL to v0.2.0-dev.1
- Added [DEV PREVIEW] prefix to description
- Checksum placeholder (will be updated by release workflow)
This is a development release for testing the new drawer navigation
pattern before merging to main.
Update Playwright e2e tests to match the new drawer-based namespace
detail navigation instead of the old full-page route pattern.
Changes:
- Update "namespaces page" test: expect buttons instead of links
- Update "namespace detail" test: expect drawer to open instead of page navigation
- Add test for URL hash in drawer
- Add test for Escape key closing drawer
- Add test for opening drawer directly from URL hash
All tests now validate the drawer UX pattern with hash-based navigation.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Enhance the namespace detail drawer with URL-aware navigation and
keyboard accessibility features.
Changes:
- URL hash support: /polaris/namespaces#alpha opens alpha drawer
- Deep linking: URLs can be bookmarked and shared
- Browser back/forward: Navigate drawer history with browser buttons
- Keyboard navigation: Escape key closes the drawer
- URL synchronization: Hash updates when drawer opens/closes
Technical implementation:
- Use React Router v5 useHistory/useLocation hooks
- Initialize drawer state from location.hash on mount
- Sync drawer state when hash changes (back/forward navigation)
- Update hash when drawer opens/closes via history.push()
- Add global keydown listener for Escape key
Tests:
- Added test for clicking namespace button opens drawer
- Added test for initializing drawer from URL hash
- All 50 tests passing
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Replace the standalone namespace detail route with an inline drawer panel
that slides in from the right when clicking a namespace in the list view.
This provides a more fluid UX without full page navigation.
Changes:
- Namespace detail now opens in a fixed-position right-side panel (600px width)
- Added semi-transparent backdrop that closes the panel when clicked
- Converted namespace links to buttons with proper click handlers
- Removed /polaris/ns/:namespace route and NamespaceDetailView import
- Updated tests to check for buttons instead of links
- Panel includes close button (×) in header
Technical details:
- Uses React state (selectedNamespace) instead of route params
- Panel styled with fixed positioning, z-index layering, and box shadow
- Backdrop at z-index 1100, panel at 1200 to overlay content
- No MUI imports (stays within Headlamp CommonComponents constraint)
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Added "Known Limitations" section explaining that the skipped count
only reflects Severity=ignore checks and does not include
annotation-based exemptions.
Explains why (exempted checks omitted from results.json) and what
would be required to support exemption counting (direct K8s resource
queries with broader RBAC).
Points users to the "View in Polaris Dashboard" link as a workaround.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
The skipped count only reflects checks with Severity=ignore from
the Polaris API. Annotation-based exemptions (e.g.,
polaris.fairwinds.com/*-exempt) are not included because:
1. Exempted checks are completely omitted from results.json
2. The Polaris dashboard UI counts exemptions client-side by
querying Kubernetes resources for annotations
3. Our plugin only has access to the processed audit results
Added HTML title tooltip to explain this limitation to users.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
The POLARIS_DASHBOARD_PROXY constant was missing :80, causing
dashboard links in the UI to fail with "no endpoints available".
This matches the fix already applied to POLARIS_API_PATH.
Fixes external dashboard link in namespace detail view.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
The removal of :80 in commit 39d85a3 broke service proxy requests.
Kubernetes API requires explicit port specification when services
have named ports. Without it, the API server returns "no endpoints
available" even though endpoints exist.
Root cause: polaris-dashboard service defines port as named
"http-dashboard" on port 80. The proxy sub-resource requires
either :80 or :http-dashboard suffix to resolve correctly.
Fixes the "Polaris dashboard not reachable" error on v0.1.4.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
When the proxy URL includes `:80`, Kubernetes checks the RBAC
resourceName as `polaris-dashboard:80` which doesn't match the
Role's resourceNames `["polaris-dashboard"]`. Dropping the port
suffix uses the service's default port and matches the RBAC correctly.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix getNamespaces() to skip cluster-scoped resources (Namespace: "")
that caused Router.createRouteURL to throw TypeError on the Namespaces
page. Add Playwright E2E smoke tests with Authentik OIDC auth for CI
and K8s token fallback for local dev. Add Gitea Actions E2E workflow,
vitest unit test infrastructure, and test-utils fixtures.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix skipped count showing empty by rendering as plain text instead
of StatusLabel with empty status (which renders near-invisible)
- Fix namespace link crash by using Router.createRouteURL to generate
cluster-prefixed URLs with react-router-dom Link, instead of
Headlamp's Link component which crashes on plugin-registered routes
- Redesign overview page with PercentageCircle score chart and
PercentageBar check distribution for a better visual experience
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove references to deleted Full Audit page and DynamicSidebarRegistrar.
Add Namespaces page, skipped checks, test commands, and NamespacesListView
to project structure. Fix stale version numbers in install examples.
Consolidate CI/release docs to match single Gitea Actions workflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gitea-actions[bot]
Chris Farhood