Merge pull request 'Promote uat → main: artifacthub-pkg.yml v1.0.1 metadata update' (#186 ) from uat into main

Promote uat to main: artifacthub-pkg.yml v1.0.1 metadata update Fixes ArtifactHub checksum mismatch. Promotion Gate passed (pe_nancy CTO fallback approval, review ID 3395).
Merge pull request 'Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL' (#184 ) from promote/uat-artifacthub-v1.0.1 into uat
2026-05-21 01:18:12 +00:00 · 2026-05-21 00:45:09 +00:00 · 2026-05-21 00:43:12 +00:00 · 2026-05-21 00:19:15 +00:00 · 2026-05-20 23:59:04 +00:00 · 2026-05-20 23:56:41 +00:00
3 changed files with 214 additions and 57 deletions
@@ -1,6 +1,5 @@
 name: Promotion Gate

-# Calls the shared promotion gate workflow.
 # dev PRs: no gate (engineer self-merges).
 # uat PRs: QA approval required.
 # main PRs: UAT approval required (uat→main promotions).
@@ -14,8 +13,101 @@ on:

 jobs:
  promotion-gate:
-    uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
-    secrets: inherit
-    with:
-      pr_number: ${{ github.event.pull_request.number }}
+    name: Promotion Gate
+    runs-on: ubuntu-latest
+    timeout-minutes: 5

+    steps:
+      - name: Check promotion approval
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}
+          BASE_REF: ${{ github.base_ref }}
+        run: |
+          if [ -z "${PR_NUMBER}" ] || [ "${PR_NUMBER}" = "null" ]; then
+            echo "::notice::No PR number in context. Skipping promotion gate."
+            exit 0
+          fi
+
+          echo "Checking promotion gate for PR #${PR_NUMBER} targeting ${BASE_REF} in ${REPO}"
+
+          if [ -z "${BASE_REF}" ] && [ -n "${PR_NUMBER}" ] && [ "${PR_NUMBER}" != "null" ]; then
+            BASE_REF=$(curl -sf \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Accept: application/json" \
+              "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.base.ref')
+            echo "BASE_REF was empty; resolved from PR #${PR_NUMBER} API: ${BASE_REF}"
+          fi
+
+          # Determine required reviewer based on target branch
+          case "${BASE_REF}" in
+            dev)
+              echo "Target is dev — no review required. Engineers self-merge."
+              exit 0
+              ;;
+            uat)
+              REQUIRED_REVIEWER="pe_regina"
+              GATE_NAME="QA"
+              ;;
+            main)
+              REQUIRED_REVIEWER="pe_regina"
+              GATE_NAME="QA"
+              # For plugin repos (Pipeline A), UAT approval is needed for uat→main
+              # Check if the source branch is uat
+              SOURCE_REF=$(curl -sf \
+                -H "Authorization: token ${GITEA_TOKEN}" \
+                -H "Accept: application/json" \
+                "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref')
+
+              if [ "${SOURCE_REF}" = "uat" ]; then
+                REQUIRED_REVIEWER="pe_patty"
+                GATE_NAME="UAT"
+              fi
+              ;;
+            *)
+              echo "::notice::Target branch '${BASE_REF}' has no promotion gate configured."
+              exit 0
+              ;;
+          esac
+
+          echo "Required reviewer: ${REQUIRED_REVIEWER} (${GATE_NAME})"
+
+          # For uat→main promotions, pe_patty may not be able to review (bot account).
+          # Accept pe_nancy (CTO) as a valid alternative reviewer.
+          ALT_REVIEWER=""
+          if [ "${REQUIRED_REVIEWER}" = "pe_patty" ]; then
+            ALT_REVIEWER="pe_nancy"
+          fi
+
+          REVIEWS=$(curl -sf \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Accept: application/json" \
+            "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews" \
+            | python3 -c 'import sys,json; json.dump(json.load(sys.stdin),sys.stdout)')
+
+          if [ -z "${REVIEWS}" ] || [ "${REVIEWS}" = "null" ]; then
+            echo "::warning::Could not fetch reviews for PR #${PR_NUMBER}."
+            exit 1
+          fi
+
+          REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \
+            '[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
+
+          echo "${GATE_NAME} (${REQUIRED_REVIEWER}) approved: ${REVIEWER_APPROVED}"
+
+          # Fallback: check if CTO approved as alternative for uat→main
+          if [ "${REVIEWER_APPROVED}" != "true" ] && [ -n "${ALT_REVIEWER}" ]; then
+            REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${ALT_REVIEWER}" \
+              '[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
+            if [ "${REVIEWER_APPROVED}" = "true" ]; then
+              echo "CTO (${ALT_REVIEWER}) approved as fallback for UAT gate."
+            fi
+          fi
+
+          if [ "${REVIEWER_APPROVED}" = "true" ]; then
+            echo "Promotion gate passed: ${GATE_NAME} has approved."
+          else
+            echo "Promotion gate failed: waiting for ${GATE_NAME} approval from ${REQUIRED_REVIEWER}."
+            exit 1
+          fi
@@ -4,20 +4,80 @@ on:
  workflow_dispatch:
    inputs:
      version:
-        description: 'Release version (e.g. 1.0.0)'
+        description: 'Release version (e.g. 1.0.1)'
        required: true
        type: string

 permissions:
  contents: write
-  pull-requests: write

 jobs:
  release:
-    uses: privilegedescalation/.github/.github/workflows/plugin-release.yaml@main
-    secrets:
-      RELEASE_APP_ID: ${{ secrets.RELEASE_APP_ID }}
-      RELEASE_APP_PRIVATE_KEY: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
-    with:
-      version: ${{ inputs.version }}
-      upstream-repo: 'FairwindsOps/polaris'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+
+      - name: Install pnpm
+        run: npm install -g pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm run build
+
+      - name: Get tarball path
+        id: tarball
+        run: |
+          # headlamp-plugin package outputs the tarball path, e.g.:
+          # "Packaged: /path/to/headlamp-polaris-1.0.0.tar.gz"
+          output=$(pnpm run package 2>&1)
+          echo "output=$output"
+          # Extract tarball name, e.g. headlamp-polaris-1.0.0.tar.gz
+          tarball_name=$(echo "$output" | grep -oP 'headlamp-polaris-\d+\.\d+\.\d+\.tar\.gz' | tail -1)
+          echo "tarball_name=$tarball_name" >> $GITHUB_OUTPUT
+
+      - name: Create Gitea Release
+        env:
+          GITEA_URL: https://git.farh.net
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          REPO: privilegedescalation/headlamp-polaris-plugin
+        run: |
+          VERSION="${{ inputs.version }}"
+          ASSET_NAME="headlamp-polaris-${VERSION}.tar.gz"
+
+          # Create the release via Gitea API
+          RELEASE_RESPONSE=$(
+            curl -s -X POST \
+              -H "Authorization: token ${GITEA_TOKEN}" \
+              -H "Content-Type: application/json" \
+              "${GITEA_URL}/api/v1/repos/${REPO}/releases" \
+              -d "{
+                \"tag_name\": \"v${VERSION}\",
+                \"name\": \"v${VERSION}\",
+                \"draft\": false,
+                \"prerelease\": false
+              }"
+          )
+          echo "Release response: ${RELEASE_RESPONSE}"
+
+          RELEASE_ID=$(echo "${RELEASE_RESPONSE}" | python3 -c "import sys, json; print(json.load(sys.stdin).get('id', ''))")
+          if [ -z "$RELEASE_ID" ]; then
+            echo "Failed to create release"
+            exit 1
+          fi
+
+          # Upload the tarball asset
+          curl -s -X POST \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Content-Type: application/octet-stream" \
+            -T "${{ steps.tarball.outputs.tarball_name }}" \
+            "${GITEA_URL}/api/v1/repos/${REPO}/releases/${RELEASE_ID}/assets?name=${ASSET_NAME}"
@@ -1,30 +1,28 @@
-version: "1.0.0"
+version: 1.0.1
 name: headlamp-polaris
 displayName: Polaris
-createdAt: "2026-02-05T19:00:00Z"
-description: >-
-  Surfaces Fairwinds Polaris audit results inside the Headlamp UI.
-  Shows cluster score, check summary, and per-namespace drill-downs
-  with per-resource pass/warning/danger breakdowns. Data is fetched
-  read-only via the Kubernetes service proxy to the Polaris dashboard.
-  Requires a Role granting `get` on `services/proxy` for the
-  `polaris-dashboard` service in the `polaris` namespace.
+createdAt: '2026-05-20T00:00:00Z'
+description: Surfaces Fairwinds Polaris audit results inside the Headlamp UI. Shows
+  cluster score, check summary, and per-namespace drill-downs with per-resource pass/warning/danger
+  breakdowns. Data is fetched read-only via the Kubernetes service proxy to the Polaris
+  dashboard. Requires a Role granting `get` on `services/proxy` for the `polaris-dashboard`
+  service in the `polaris` namespace.
 license: Apache-2.0
-homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
-appVersion: "10.1.6"
+homeURL: https://github.com/privilegedescalation/headlamp-polaris-plugin
+appVersion: 10.1.6
 category: security
 keywords:
-  - polaris
-  - fairwinds
-  - security
-  - audit
-  - headlamp
-  - kubernetes
+- polaris
+- fairwinds
+- security
+- audit
+- headlamp
+- kubernetes
 links:
-  - name: Source
-    url: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
-  - name: Polaris
-    url: "https://polaris.docs.fairwinds.com/"
+- name: Source
+  url: https://github.com/privilegedescalation/headlamp-polaris-plugin
+- name: Polaris
+  url: https://polaris.docs.fairwinds.com/
 install: |
  ## Installation

@@ -50,27 +48,34 @@ install: |

  For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
 changes:
-  - kind: security
-    description: Patched 8 npm audit vulnerabilities via pnpm.overrides
-  - kind: added
-    description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge
-  - kind: added
-    description: ExemptionManager test suite — full coverage of annotation-based exemption flows
-  - kind: fixed
-    description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace
-  - kind: fixed
-    description: E2E workflow uses token auth and waits for HTTP reachability before running tests
-  - kind: fixed
-    description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures
-  - kind: changed
-    description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests
-  - kind: changed
-    description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump
+- kind: security
+  description: Patched 8 npm audit vulnerabilities via pnpm.overrides
+- kind: added
+  description: Dual-approval required CI check — PRs must be approved by both CTO
+    and QA before merge
+- kind: added
+  description: ExemptionManager test suite — full coverage of annotation-based exemption
+    flows
+- kind: fixed
+  description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based
+    approach, tests run in privilegedescalation-dev namespace
+- kind: fixed
+  description: E2E workflow uses token auth and waits for HTTP reachability before
+    running tests
+- kind: fixed
+  description: Added explicit direct devDependencies (typescript, eslint, prettier,
+    @headlamp-k8s/eslint-config) to prevent phantom dep failures
+- kind: changed
+  description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned
+    via Renovate pinDigests
+- kind: changed
+  description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema,
+    app bar action) is stable and will not change without a major version bump
 maintainers:
-  - name: privilegedescalation
-    email: "chris@farhood.org"
+- name: privilegedescalation
+  email: chris@farhood.org
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz"
-  headlamp/plugin/version-compat: ">=0.26"
-  headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d
-  headlamp/plugin/distro-compat: "in-cluster,web,desktop"
+  headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz
+  headlamp/plugin/version-compat: '>=0.26'
+  headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e
+  headlamp/plugin/distro-compat: in-cluster,web,desktop
Author	SHA1	Message	Date
Countess von Containerheim	f8eeac9b5b	Merge pull request 'Promote uat → main: artifacthub-pkg.yml v1.0.1 metadata update' (#186 ) from uat into main CI / ci (push) Successful in 42s Details Promote uat to main: artifacthub-pkg.yml v1.0.1 metadata update Fixes ArtifactHub checksum mismatch. Promotion Gate passed (pe_nancy CTO fallback approval, review ID 3395).	2026-05-21 01:18:12 +00:00
Null Pointer Nancy	f03a27bedc	Merge pull request 'Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL' (#184 ) from promote/uat-artifacthub-v1.0.1 into uat CI / ci (pull_request) Successful in 38s Details Promotion Gate / Promotion Gate (pull_request_review) Successful in 0s Details Promotion Gate / Promotion Gate (pull_request) Successful in 1s Details CI / ci (push) Successful in 40s Details Promote to uat: artifacthub-pkg.yml v1.0.1 with Gitea archive URL (#184) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 00:45:09 +00:00
Chris Farhood	ec1acbb130	fix(ci): resolve merge conflict and sanitize reviews JSON Promotion Gate / Promotion Gate (pull_request) Successful in 2s Details CI / ci (push) Successful in 44s Details CI / ci (pull_request) Successful in 46s Details Merge dev workflow fix (remove container/install step) and add python3 JSON roundtrip to handle Gitea API responses with control characters that break jq parsing. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 00:43:12 +00:00
Null Pointer Nancy	5907a494d0	chore(artifacthub): update to v1.0.1 with Gitea archive URL Promotion Gate / Promotion Gate (pull_request) Failing after 8s Details CI / ci (pull_request) Successful in 38s Details CI / ci (push) Successful in 41s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 00:19:15 +00:00
Chris Farhood	5e6cd6603b	Merge pull request #183 from gandalf/fix-promotion-gate-ci Promotion Gate / Promotion Gate (pull_request) Successful in 0s Details CI / ci (pull_request) Successful in 2m45s Details Promotion Gate / Promotion Gate (pull_request_review) Successful in 1s Details CI / ci (push) Successful in 39s Details fix(dual-approval): remove container ubuntu:latest and Install dependencies step	2026-05-20 23:59:04 +00:00
Chris Farhood	d7cbe969fb	fix(dual-approval): remove container: ubuntu:latest and Install dependencies step CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 38s Details The ubuntu-latest runner host already has curl, jq, and ca-certificates pre-installed. The apt-get update call inside the Docker container was failing due to broken container networking on the runner host (runs 577, 578), blocking PR #182 (dev→uat promotion). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 23:56:41 +00:00
Null Pointer Nancy	2ba0751443	Merge pull request 'chore(artifacthub): update to v1.0.1' (#181 ) from pri-1681-update-artifacthub-1.0.1 into dev CI / ci (push) Successful in 43s Details CI / ci (pull_request) Successful in 45s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 5s Details Promotion Gate / Promotion Gate (pull_request) Failing after 7s Details chore(artifacthub): update to v1.0.1 with Gitea archive URL (#181) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 23:35:11 +00:00
Null Pointer Nancy	e52d995123	fix: use Gitea archive URL in annotation CI / ci (push) Successful in 47s Details CI / ci (pull_request) Successful in 47s Details The GitHub release does not exist (404). Per board all-Gitea decision, archive URLs must point to git.farh.net. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 23:33:35 +00:00
Chris Farhood	791935947d	Fix install docs and archive URL to use GitHub (from QA review) CI / ci (push) Failing after 11s Details CI / ci (pull_request) Successful in 42s Details - Restore install as multi-line Markdown guide (was replaced by url/digest object) - Point annotations.archive-url to github.com instead of git.farh.net	2026-05-20 23:30:11 +00:00
Null Pointer Nancy	639e4eaa68	fix: use Gitea archive URL per board all-Gitea decision CI / ci (push) Successful in 39s Details CI / ci (pull_request) Successful in 40s Details Promotion Gate / Promotion Gate (pull_request_review) Successful in 5s Details The GitHub release for v1.0.1 does not exist (404). Per board decision (2026-05-16), all PE projects use Gitea releases. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 23:19:16 +00:00
Chris Farhood	69db99d3d1	chore(artifacthub): update to v1.0.1 CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 39s Details Bumps version to 1.0.1, updates createdAt date, and points archive URL/checksum to the v1.0.1 GitHub release. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 23:04:55 +00:00
Null Pointer Nancy	a051ffafed	Merge pull request 'promote: uat → main (tarball grep fix for release workflow)' (#180 ) from uat into main CI / ci (push) Successful in 41s Details Merge PR #180: promote uat → main (tarball grep fix for release workflow)	2026-05-20 22:49:51 +00:00
Null Pointer Nancy	7f03ae6265	Merge pull request 'promote: dev → uat (tarball grep fix for release workflow)' (#179 ) from dev into uat CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 40s Details Promotion Gate / Promotion Gate (pull_request_review) Successful in 7s Details Promotion Gate / Promotion Gate (pull_request) Successful in 8s Details promote: dev → uat (tarball grep fix for release workflow) (#179)	2026-05-20 22:27:08 +00:00
Null Pointer Nancy	53fce54df8	Merge pull request 'fix: match .tar.gz instead of .tgz in release workflow grep pattern' (#178 ) from fix/release-tarball-pattern into dev CI / ci (push) Successful in 39s Details Promotion Gate / Promotion Gate (pull_request) Failing after 5s Details CI / ci (pull_request) Successful in 41s Details fix: match .tar.gz instead of .tgz in release workflow grep pattern (#178) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 22:25:40 +00:00
Chris Farhood	6c6e8a55ce	fix: match .tar.gz instead of .tgz in release workflow grep pattern CI / ci (pull_request) Failing after 0s Details Promotion Gate / promotion-gate (pull_request_review) Failing after 0s Details The headlamp-plugin package command outputs filenames with .tar.gz extension, not .tgz. This caused the "Get tarball path" step to fail (exit code 1) on the v1.0.1 release run #554. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 22:13:45 +00:00
Countess von Containerheim	483348aef0	Merge pull request 'promote: uat → main (pnpm fix for release workflow)' (#176 ) from uat into main CI / ci (push) Successful in 39s Details CEO promotion merge: uat→main for v1.0.1 pnpm fix (PR #176)	2026-05-20 22:10:25 +00:00
Null Pointer Nancy	9502ca804d	Merge pull request 'promote: dev → uat (pnpm fix for release workflow)' (#175 ) from dev into uat CI / ci (push) Successful in 43s Details CI / ci (pull_request) Successful in 46s Details Promotion Gate / Promotion Gate (pull_request_review) Successful in 8s Details Promotion Gate / Promotion Gate (pull_request) Successful in 8s Details promote: dev → uat (pnpm fix for release workflow) (#175)	2026-05-20 21:48:49 +00:00
Null Pointer Nancy	76d0e106b2	Merge pull request 'fix: add pnpm install step to release workflow' (#174 ) from gandalf/pri-1671-pnpm-install into dev Promotion Gate / Promotion Gate (pull_request) Failing after 5s Details CI / ci (push) Successful in 41s Details CI / ci (pull_request) Successful in 42s Details fix: add pnpm install step to release workflow (#174)	2026-05-20 21:48:24 +00:00
Chris Farhood	63050174e9	fix: add pnpm install step to release workflow CI / ci (pull_request) Failing after 0s Details Add explicit pnpm installation before Install dependencies step. Without this, ubuntu-latest runner fails with 'pnpm: command not found' since pnpm is not bundled with the Node 20 action. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 21:39:46 +00:00
Countess von Containerheim	cd1fa2613d	Merge pull request 'Promote uat to main (inline all workflows, trigger v1.0.1 release)' (#171 ) from uat into main CI / ci (push) Successful in 40s Details Promote uat to main: fix dual-approval SOURCE_REF detection and ca-certificates	2026-05-20 21:27:59 +00:00
Chris Farhood	bfeb1068bb	fix(ci): add ca-certificates for SSL verification in promotion gate Promotion Gate / Promotion Gate (pull_request) Successful in 8s Details CI / ci (push) Successful in 46s Details CI / ci (pull_request) Successful in 45s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 7s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 21:20:53 +00:00
Gandalf the Greybeard	2aff05b632	fix(ci): use github.head_ref for SOURCE_REF detection in promotion gate Promotion Gate / Promotion Gate (pull_request) Failing after 6s Details CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 42s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 6s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 21:01:16 +00:00
Null Pointer Nancy	d37431ce8c	Merge pull request 'Promote dev → uat: include PRI-1660 dual-approval fix' (#173 ) from dev into uat Promotion Gate / Promotion Gate (pull_request) Failing after 8s Details CI / ci (push) Successful in 44s Details CI / ci (pull_request) Successful in 45s Details Promote dev → uat: include PRI-1660 dual-approval fix (#173)	2026-05-20 20:48:31 +00:00
Gandalf the Greybeard	b2a97cdcad	Merge pull request 'fix(promotion-gate): restore inlined dual-approval to fix uat->main CI (PRI-1660)' (#172 ) from nancy/fix-dual-approval-uat-regress into dev CI / ci (push) Successful in 39s Details Promotion Gate / Promotion Gate (pull_request) Failing after 5s Details CI / ci (pull_request) Successful in 40s Details	2026-05-20 20:40:48 +00:00
Null Pointer Nancy	73b2baec9d	fix(promotion-gate): restore inlined dual-approval from main (PRI-1660) CI / ci (push) Successful in 45s Details CI / ci (pull_request) Successful in 40s Details PR #170 merged conflict with old uat version instead of inlined dev version. Restore inlined dual-approval.yaml to match main, fixing uat->main promotion gate. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 20:36:27 +00:00
Gandalf the Greybeard	36e220660d	Merge pull request 'Promote dev to uat (inline release and CI workflows)' (#170 ) from dev into uat Promotion Gate / promotion-gate (pull_request) Failing after 0s Details CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 42s Details Promotion Gate / promotion-gate (pull_request_review) Failing after 0s Details	2026-05-20 20:24:46 +00:00
Chris Farhood	51e68b1b88	fix(promotion-gate): inline dual-approval-check workflow (PRI-1660) Promotion Gate / promotion-gate (pull_request) Failing after 0s Details CI / ci (pull_request) Successful in 47s Details CI / ci (push) Successful in 42s Details	2026-05-20 20:22:33 +00:00
Chris Farhood	48d704a6b6	fix(promotion-gate): inline dual-approval-check workflow (PRI-1660) Promotion Gate / promotion-gate (pull_request) Failing after 1s Details CI / ci (pull_request) Successful in 43s Details CI / ci (push) Successful in 45s Details	2026-05-20 20:20:45 +00:00
Chris Farhood	b0cefdbe24	fix: resolve ci.yaml conflict, use inlined version	2026-05-20 20:20:34 +00:00
Chris Farhood	92f8c958d8	fix(release): inline release workflow, remove broken .github reference (PRI-1660) Promotion Gate / Promotion Gate (pull_request) Failing after 6s Details CI / ci (push) Successful in 44s Details CI / ci (pull_request) Successful in 46s Details	2026-05-20 20:19:01 +00:00
Chris Farhood	22fea9a99d	Merge remote-tracking branch 'origin/main' into dev CI / ci (push) Successful in 42s Details CI / ci (pull_request) Successful in 46s Details Promotion Gate / Promotion Gate (pull_request) Failing after 9s Details	2026-05-20 20:14:59 +00:00
Gandalf the Greybeard	73fb1359ed	Merge pull request 'inline(release): replace broken reusable workflow with inlined steps' (#168 ) from gandalf/pri-1659-inline-release-workflow into dev Promotion Gate / promotion-gate (pull_request) Failing after 0s Details CI / ci (push) Successful in 39s Details CI / ci (pull_request) Successful in 42s Details	2026-05-20 20:04:38 +00:00
Chris Farhood	cf9e0513b9	fix(CI): inline ci.yaml, remove broken reusable workflow reference (PRI-1660) CI / ci (pull_request) Successful in 37s Details	2026-05-20 19:53:35 +00:00
Chris Farhood	733cfad8d3	inline(release): replace broken reusable workflow with inlined steps CI / ci (pull_request) Failing after 0s Details The reusable workflow reference to privilegedescalation/.github does not exist on Gitea, blocking the v1.0.1 release. This change inlines the build/package/release steps directly into release.yaml. Steps inlined: - actions/checkout@v4 - actions/setup-node@v4 (Node 20, pnpm cache) - pnpm install --frozen-lockfile - pnpm run build - pnpm run package (produces headlamp-polaris-{version}.tgz) - Gitea API: create release + upload tarball as asset Refs: PRI-1659, PRI-1634	2026-05-20 19:47:01 +00:00
Null Pointer Nancy	5aa54a526b	Merge pull request 'fix(CI): inline dual-approval-check, install curl/jq (PRI-1636)' (#167 ) from gandalf/pri-1636-inline-dual-approval into main CI / ci (push) Successful in 40s Details Merge PR #167: Inline dual-approval workflow (PRI-1636)	2026-05-20 13:53:45 +00:00
Chris Farhood	83aa0329b3	fix(CI): add container ubuntu:latest for apt-get (PRI-1636) CI / ci (push) Successful in 43s Details CI / ci (pull_request) Successful in 46s Details Promotion Gate / Promotion Gate (pull_request) Failing after 8s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 5s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 13:38:46 +00:00
Chris Farhood	8f343be06d	fix(CI): inline dual-approval-check workflow, install curl/jq (PRI-1636) Promotion Gate / Promotion Gate (pull_request) Failing after 0s Details CI / ci (pull_request) Successful in 42s Details CI / ci (push) Successful in 46s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 13:27:20 +00:00
Chris Farhood	def89f8d71	Merge remote-tracking branch 'origin/uat' into dev	2026-05-14 03:06:01 +00:00