Compare commits

...

8 Commits

Author SHA1 Message Date
Null Pointer Nancy 5907a494d0 chore(artifacthub): update to v1.0.1 with Gitea archive URL
Promotion Gate / Promotion Gate (pull_request) Failing after 8s
CI / ci (pull_request) Successful in 38s
CI / ci (push) Successful in 41s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-21 00:19:15 +00:00
Null Pointer Nancy 7f03ae6265 Merge pull request 'promote: dev → uat (tarball grep fix for release workflow)' (#179) from dev into uat
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 40s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 7s
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
promote: dev → uat (tarball grep fix for release workflow) (#179)
2026-05-20 22:27:08 +00:00
Null Pointer Nancy 9502ca804d Merge pull request 'promote: dev → uat (pnpm fix for release workflow)' (#175) from dev into uat
CI / ci (push) Successful in 43s
CI / ci (pull_request) Successful in 46s
Promotion Gate / Promotion Gate (pull_request_review) Successful in 8s
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
promote: dev → uat (pnpm fix for release workflow) (#175)
2026-05-20 21:48:49 +00:00
Chris Farhood bfeb1068bb fix(ci): add ca-certificates for SSL verification in promotion gate
Promotion Gate / Promotion Gate (pull_request) Successful in 8s
CI / ci (push) Successful in 46s
CI / ci (pull_request) Successful in 45s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-20 21:20:53 +00:00
Gandalf the Greybeard 2aff05b632 fix(ci): use github.head_ref for SOURCE_REF detection in promotion gate
Promotion Gate / Promotion Gate (pull_request) Failing after 6s
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 42s
Promotion Gate / Promotion Gate (pull_request_review) Failing after 6s
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-20 21:01:16 +00:00
Null Pointer Nancy d37431ce8c Merge pull request 'Promote dev → uat: include PRI-1660 dual-approval fix' (#173) from dev into uat
Promotion Gate / Promotion Gate (pull_request) Failing after 8s
CI / ci (push) Successful in 44s
CI / ci (pull_request) Successful in 45s
Promote dev → uat: include PRI-1660 dual-approval fix (#173)
2026-05-20 20:48:31 +00:00
Gandalf the Greybeard 36e220660d Merge pull request 'Promote dev to uat (inline release and CI workflows)' (#170) from dev into uat
Promotion Gate / promotion-gate (pull_request) Failing after 0s
CI / ci (push) Successful in 42s
CI / ci (pull_request) Successful in 42s
Promotion Gate / promotion-gate (pull_request_review) Failing after 0s
2026-05-20 20:24:46 +00:00
Chris Farhood 48d704a6b6 fix(promotion-gate): inline dual-approval-check workflow (PRI-1660)
Promotion Gate / promotion-gate (pull_request) Failing after 1s
CI / ci (pull_request) Successful in 43s
CI / ci (push) Successful in 45s
2026-05-20 20:20:45 +00:00
2 changed files with 52 additions and 49 deletions
+4 -6
View File
@@ -20,7 +20,7 @@ jobs:
steps: steps:
- name: Install dependencies - name: Install dependencies
run: apt-get update -qq && apt-get install -y --no-install-recommends curl jq run: apt-get update -qq && apt-get install -y --no-install-recommends ca-certificates curl jq
- name: Check promotion approval - name: Check promotion approval
env: env:
@@ -28,6 +28,7 @@ jobs:
PR_NUMBER: ${{ github.event.pull_request.number }} PR_NUMBER: ${{ github.event.pull_request.number }}
REPO: ${{ github.repository }} REPO: ${{ github.repository }}
BASE_REF: ${{ github.base_ref }} BASE_REF: ${{ github.base_ref }}
HEAD_REF: ${{ github.head_ref }}
run: | run: |
if [ -z "${PR_NUMBER}" ] || [ "${PR_NUMBER}" = "null" ]; then if [ -z "${PR_NUMBER}" ] || [ "${PR_NUMBER}" = "null" ]; then
echo "::notice::No PR number in context. Skipping promotion gate." echo "::notice::No PR number in context. Skipping promotion gate."
@@ -59,10 +60,7 @@ jobs:
GATE_NAME="QA" GATE_NAME="QA"
# For plugin repos (Pipeline A), UAT approval is needed for uat→main # For plugin repos (Pipeline A), UAT approval is needed for uat→main
# Check if the source branch is uat # Check if the source branch is uat
SOURCE_REF=$(curl -sf \ SOURCE_REF="${HEAD_REF}"
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Accept: application/json" \
"https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref')
if [ "${SOURCE_REF}" = "uat" ]; then if [ "${SOURCE_REF}" = "uat" ]; then
REQUIRED_REVIEWER="pe_patty" REQUIRED_REVIEWER="pe_patty"
@@ -113,4 +111,4 @@ jobs:
else else
echo "Promotion gate failed: waiting for ${GATE_NAME} approval from ${REQUIRED_REVIEWER}." echo "Promotion gate failed: waiting for ${GATE_NAME} approval from ${REQUIRED_REVIEWER}."
exit 1 exit 1
fi fi
+48 -43
View File
@@ -1,30 +1,28 @@
version: "1.0.0" version: 1.0.1
name: headlamp-polaris name: headlamp-polaris
displayName: Polaris displayName: Polaris
createdAt: "2026-02-05T19:00:00Z" createdAt: '2026-05-20T00:00:00Z'
description: >- description: Surfaces Fairwinds Polaris audit results inside the Headlamp UI. Shows
Surfaces Fairwinds Polaris audit results inside the Headlamp UI. cluster score, check summary, and per-namespace drill-downs with per-resource pass/warning/danger
Shows cluster score, check summary, and per-namespace drill-downs breakdowns. Data is fetched read-only via the Kubernetes service proxy to the Polaris
with per-resource pass/warning/danger breakdowns. Data is fetched dashboard. Requires a Role granting `get` on `services/proxy` for the `polaris-dashboard`
read-only via the Kubernetes service proxy to the Polaris dashboard. service in the `polaris` namespace.
Requires a Role granting `get` on `services/proxy` for the
`polaris-dashboard` service in the `polaris` namespace.
license: Apache-2.0 license: Apache-2.0
homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin" homeURL: https://github.com/privilegedescalation/headlamp-polaris-plugin
appVersion: "10.1.6" appVersion: 10.1.6
category: security category: security
keywords: keywords:
- polaris - polaris
- fairwinds - fairwinds
- security - security
- audit - audit
- headlamp - headlamp
- kubernetes - kubernetes
links: links:
- name: Source - name: Source
url: "https://github.com/privilegedescalation/headlamp-polaris-plugin" url: https://github.com/privilegedescalation/headlamp-polaris-plugin
- name: Polaris - name: Polaris
url: "https://polaris.docs.fairwinds.com/" url: https://polaris.docs.fairwinds.com/
install: | install: |
## Installation ## Installation
@@ -50,27 +48,34 @@ install: |
For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md). For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
changes: changes:
- kind: security - kind: security
description: Patched 8 npm audit vulnerabilities via pnpm.overrides description: Patched 8 npm audit vulnerabilities via pnpm.overrides
- kind: added - kind: added
description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge description: Dual-approval required CI check — PRs must be approved by both CTO
- kind: added and QA before merge
description: ExemptionManager test suite — full coverage of annotation-based exemption flows - kind: added
- kind: fixed description: ExemptionManager test suite — full coverage of annotation-based exemption
description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace flows
- kind: fixed - kind: fixed
description: E2E workflow uses token auth and waits for HTTP reachability before running tests description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based
- kind: fixed approach, tests run in privilegedescalation-dev namespace
description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures - kind: fixed
- kind: changed description: E2E workflow uses token auth and waits for HTTP reachability before
description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests running tests
- kind: changed - kind: fixed
description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump description: Added explicit direct devDependencies (typescript, eslint, prettier,
@headlamp-k8s/eslint-config) to prevent phantom dep failures
- kind: changed
description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned
via Renovate pinDigests
- kind: changed
description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema,
app bar action) is stable and will not change without a major version bump
maintainers: maintainers:
- name: privilegedescalation - name: privilegedescalation
email: "chris@farhood.org" email: chris@farhood.org
annotations: annotations:
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz" headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz
headlamp/plugin/version-compat: ">=0.26" headlamp/plugin/version-compat: '>=0.26'
headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e
headlamp/plugin/distro-compat: "in-cluster,web,desktop" headlamp/plugin/distro-compat: in-cluster,web,desktop