Avoid recalculating per-resource counts 3x per table row by precomputing
them into a Map. Add explicit ResultCounts return type to resourceCounts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add drill-down namespace views under the Polaris sidebar entry. Each
namespace gets a sidebar sub-item registered dynamically from audit data,
linking to /polaris/:namespace with a score summary and per-resource table.
Introduces a shared PolarisDataContext so the sidebar registrar and view
components share a single data fetch. Also updates the Artifact Hub
repository ID.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Register plugin settings via registerPluginSettings so the refresh
interval is configurable from Headlamp's plugin config page instead
of being embedded in the main view header.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace inline-styled divs and native HTML elements with Headlamp's
built-in NameValueTable, StatusLabel, and HeaderLabel components so the
plugin matches the look and feel of native pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The plugin now fetches audit data from the Polaris dashboard service
via the Kubernetes service proxy instead of reading from a ConfigMap.
This works with the standard Polaris dashboard deployment without
requiring additional configuration.
- Replace ConfigMap.useGet with ApiProxy.request to /results.json
- Compute score from result counts (pass/total) since the API
response doesn't include a pre-computed score
- Update error messages for service proxy context
- Update CLAUDE.md to reflect new data source
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The default gitea/act_runner image has no Node.js, which actions/checkout@v4
requires. Use catthehacker/ubuntu:act-latest like the kubernetes repo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Headlamp's plugin discovery requires both main.js and package.json in
the plugin directory. The Dockerfile only copied dist/ (main.js),
causing the plugin to not be discovered at runtime.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ESLint, Prettier, and TypeScript config files extending the shared
Headlamp plugin configs. Add npm scripts for lint/format. Auto-fix
existing source files. Add CI workflow for PRs and main pushes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AH doesn't re-process existing versions when a tag is force-moved,
so v0.0.2 is permanently stuck with a stale checksum. Releasing v0.0.3
so AH indexes it as a new version with the correct checksum from the
aligned tag.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The CI builds a non-reproducible tarball after the tag is created, then
updates artifacthub-pkg.yml on main with the correct checksum. But
Artifact Hub reads from the tag ref, not main, so it sees the stale
checksum and Headlamp rejects the plugin with "Checksum mismatch".
Changes:
- Add guard step: if the GitHub release tarball checksum already matches
the metadata in the current commit, skip the entire build (prevents
infinite retrigger loop)
- After updating metadata on main, force-move the tag to that commit
so AH reads the correct checksum
- Push main + tag directly to GitHub to avoid mirror sync delay
- Replace akkuman/gitea-release-action with curl-based approach so all
steps use the same shell guard pattern
Release flow: tag push -> build -> publish releases -> update metadata
on main -> force-move tag -> (retriggered run hits guard -> exits)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The GitHub Actions fallback workflow raced with the Gitea CI — it ran
first and created the GitHub release with its own tarball (different
checksum), causing the Gitea CI's upload to fail and leaving a
checksum mismatch on Artifact Hub.
- Remove .github/workflows/release.yml entirely (Gitea CI handles both
Gitea and GitHub releases)
- Fix the Gitea CI's GitHub release step to delete existing assets
before uploading, so re-runs and race conditions are handled gracefully
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Gitea Contents API returned HTTP error (curl exit 22) when the CI
tried to update artifacthub-pkg.yml. Switch to using git checkout/commit/push
which reuses the auth already configured by actions/checkout. Also added
fetch-depth: 0 so the main branch is available for checkout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
## Summary
- Fix the v0.0.1 archive checksum in `artifacthub-pkg.yml` to match the actual GitHub release tarball (was causing "Checksum mismatch" on Headlamp plugin install)
- Gitea CI now computes the checksum after packaging and updates `artifacthub-pkg.yml` on `main` via the Gitea API, then uploads the **same tarball** to GitHub releases (requires `GH_PAT` secret) so both releases serve identical artifacts
- GitHub CI becomes a fallback — skips entirely if the Gitea CI already created the release, preventing a second build from producing a mismatched tarball
## Setup required
Add a `GH_PAT` secret to the Gitea repo containing a GitHub personal access token with `repo` scope. Without it, the GitHub release step gracefully skips and the GitHub Actions fallback handles it.
## Test plan
- [ ] Verify `GH_PAT` secret is set in Gitea repo settings
- [ ] Tag and push a new release (`v0.0.2`)
- [ ] Confirm Gitea CI updates `artifacthub-pkg.yml` checksum on `main`
- [ ] Confirm GitHub release is created by Gitea CI with matching tarball
- [ ] Confirm GitHub Actions fallback skips (release already exists)
- [ ] Verify Headlamp plugin installs without checksum mismatch
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Chris Farhood <chris@farhood.org>
Reviewed-on: farhoodliquor/polaris-headlamp-plugin#1
Co-authored-by: claude <no-reply.claude@farh.net>
Co-committed-by: claude <no-reply.claude@farh.net>
Artifact Hub requires a GitHub-hosted repo for Headlamp plugins.
Since Gitea push-mirrors git objects but not releases, a GitHub
Actions workflow builds and publishes GitHub Releases with the
tarball that Artifact Hub needs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Multi-stage Dockerfile produces a lightweight image with the compiled
plugin at /plugins/. Gitea Actions workflow triggers on tag push (v*),
builds the plugin, pushes to the Gitea container registry, and creates
a release with the tarball attached.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sidebar page at /polaris that reads Fairwinds Polaris audit results
from ConfigMap/polaris-dashboard in the polaris namespace. Displays
cluster score, check summary (pass/warning/danger counts), and
cluster info. Caches results with user-configurable refresh interval.
Handles 403, 404, and malformed JSON error states.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gitea-actions[bot]
Chris Farhood