ci: update artifact hub checksum for v0.0.5

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.eslintrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+  extends: ['@headlamp-k8s/eslint-config'],
+};

.gitea/workflows/ai-review.yaml

@@ -0,0 +1,36 @@
+name: AI Code Review
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  ai-review:
+    name: AI Code Review
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: AI Review
+        uses: Nikita-Filonov/ai-review@v0.56.0
+        with:
+          review-command: run
+        env:
+          LLM__PROVIDER: "OPENAI"
+          LLM__META__MODEL: ${{ vars.AI_REVIEW_MODEL }}
+          LLM__META__MAX_TOKENS: "15000"
+          LLM__META__TEMPERATURE: "0.3"
+          LLM__HTTP_CLIENT__API_URL: "https://api.openai.com/v1"
+          LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.OPENAI_API_KEY }}
+          VCS__PROVIDER: "GITEA"
+          VCS__PIPELINE__OWNER: ${{ github.repository_owner }}
+          VCS__PIPELINE__REPO: ${{ github.event.repository.name }}
+          VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }}
+          VCS__HTTP_CLIENT__API_URL: ${{ github.server_url }}/api/v1
+          VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_GITEA_TOKEN }}

.gitea/workflows/ci.yaml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    container: node:20
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npx eslint --ext .ts,.tsx src/
+
+      - name: Type-check
+        run: npx tsc --noEmit
+
+      - name: Format check
+        run: npx prettier --check src/

.gitea/workflows/release.yaml

@@ -12,31 +12,173 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if release is already finalized
+        run: |
+          VERSION=${GITHUB_REF_NAME#v}
+          TARBALL_URL="https://github.com/cpfarhood/polaris-headlamp-plugin/releases/download/${GITHUB_REF_NAME}/polaris-headlamp-plugin-${VERSION}.tar.gz"
+          HTTP_CODE=$(curl -sL -o /tmp/release.tar.gz -w "%{http_code}" "$TARBALL_URL" 2>/dev/null)
+          if [ "$HTTP_CODE" = "200" ]; then
+            ACTUAL="sha256:$(sha256sum /tmp/release.tar.gz | awk '{print $1}')"
+            EXPECTED=$(grep 'archive-checksum' artifacthub-pkg.yml | awk '{print $2}')
+            echo "Release tarball checksum: $ACTUAL"
+            echo "Metadata checksum:        $EXPECTED"
+            if [ "$ACTUAL" = "$EXPECTED" ]; then
+              echo "SKIP_BUILD=true" >> $GITHUB_ENV
+              echo "Checksums match - release is finalized, nothing to do"
+            fi
+          else
+            echo "No existing release (HTTP $HTTP_CODE) - will build"
+          fi
+          rm -f /tmp/release.tar.gz
 
       - name: Install dependencies
-        run: npm ci
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          npm ci
 
       - name: Build plugin
-        run: npx @kinvolk/headlamp-plugin build
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          npx @kinvolk/headlamp-plugin build
 
       - name: Package tarball
-        run: npx @kinvolk/headlamp-plugin package
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          npx @kinvolk/headlamp-plugin package
+
+      - name: Compute tarball checksum
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          TARBALL=$(ls *.tar.gz)
+          CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
+          echo "TARBALL=$TARBALL" >> $GITHUB_ENV
+          echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV
+          echo "Tarball: $TARBALL"
+          echo "Checksum: sha256:$CHECKSUM"
 
       - name: Install Docker CLI
-        run: apt-get update && apt-get install -y docker.io
-
-      - name: Build Docker image
-        run: docker build -t git.farh.net/${{ github.repository }}:${{ github.ref_name }} -t git.farh.net/${{ github.repository }}:latest .
-
-      - name: Push Docker image
         run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          apt-get update && apt-get install -y docker.io
+
+      - name: Build and push Docker image
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          docker build -t git.farh.net/${{ github.repository }}:${{ github.ref_name }} -t git.farh.net/${{ github.repository }}:latest .
           echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.farh.net -u ${{ github.actor }} --password-stdin
           docker push git.farh.net/${{ github.repository }}:${{ github.ref_name }}
           docker push git.farh.net/${{ github.repository }}:latest
 
-      - name: Create release
-        uses: akkuman/gitea-release-action@v1
-        with:
-          files: |
-            *.tar.gz
-          token: ${{ github.token }}
+      - name: Create Gitea release
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          API_URL="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+          # Create release (or get existing)
+          RELEASE=$(curl -s -X POST \
+            -H "Authorization: token ${{ github.token }}" \
+            -H "Content-Type: application/json" \
+            "${API_URL}/releases" \
+            -d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\"}")
+          RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
+          if [ "$RELEASE_ID" = "undefined" ]; then
+            RELEASE=$(curl -sf \
+              -H "Authorization: token ${{ github.token }}" \
+              "${API_URL}/releases/tags/${GITHUB_REF_NAME}")
+            RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
+          fi
+          echo "Gitea Release ID: $RELEASE_ID"
+          # Delete existing assets
+          ASSETS=$(curl -sf \
+            -H "Authorization: token ${{ github.token }}" \
+            "${API_URL}/releases/${RELEASE_ID}/assets")
+          echo "$ASSETS" | node -e "
+            process.stdin.resume();let d='';
+            process.stdin.on('data',c=>d+=c);
+            process.stdin.on('end',()=>{
+              JSON.parse(d).forEach(a=>console.log(a.id));
+            })" | while read -r ASSET_ID; do
+            curl -sf -X DELETE \
+              -H "Authorization: token ${{ github.token }}" \
+              "${API_URL}/releases/${RELEASE_ID}/assets/${ASSET_ID}"
+          done
+          # Upload tarball
+          curl -sf -X POST \
+            -H "Authorization: token ${{ github.token }}" \
+            -F "attachment=@${TARBALL}" \
+            "${API_URL}/releases/${RELEASE_ID}/assets?name=${TARBALL}"
+          echo "Gitea release updated"
+
+      - name: Create GitHub release
+        continue-on-error: true
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          GH_API="https://api.github.com/repos/cpfarhood/polaris-headlamp-plugin"
+          # Create release or fetch existing one
+          BODY=$(curl -s -X POST \
+            -H "Authorization: token ${{ secrets.GH_PAT }}" \
+            -H "Accept: application/vnd.github+json" \
+            "${GH_API}/releases" \
+            -d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\",\"generate_release_notes\":true}")
+          RELEASE_ID=$(echo "$BODY" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
+          if [ "$RELEASE_ID" = "undefined" ]; then
+            echo "Release already exists, fetching it..."
+            BODY=$(curl -sf \
+              -H "Authorization: token ${{ secrets.GH_PAT }}" \
+              -H "Accept: application/vnd.github+json" \
+              "${GH_API}/releases/tags/${GITHUB_REF_NAME}")
+            RELEASE_ID=$(echo "$BODY" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
+          fi
+          echo "GitHub Release ID: $RELEASE_ID"
+          # Delete existing assets with the same name
+          ASSETS=$(curl -sf \
+            -H "Authorization: token ${{ secrets.GH_PAT }}" \
+            -H "Accept: application/vnd.github+json" \
+            "${GH_API}/releases/${RELEASE_ID}/assets")
+          echo "$ASSETS" | node -e "
+            process.stdin.resume();let d='';
+            process.stdin.on('data',c=>d+=c);
+            process.stdin.on('end',()=>{
+              const assets=JSON.parse(d);
+              assets.filter(a=>a.name==='${TARBALL}').forEach(a=>console.log(a.id));
+            })" | while read -r ASSET_ID; do
+            echo "Deleting existing asset $ASSET_ID..."
+            curl -sf -X DELETE \
+              -H "Authorization: token ${{ secrets.GH_PAT }}" \
+              "${GH_API}/releases/assets/${ASSET_ID}"
+          done
+          # Upload tarball
+          curl -sf -X POST \
+            -H "Authorization: token ${{ secrets.GH_PAT }}" \
+            -H "Content-Type: application/gzip" \
+            "https://uploads.github.com/repos/cpfarhood/polaris-headlamp-plugin/releases/${RELEASE_ID}/assets?name=${TARBALL}" \
+            --data-binary "@${TARBALL}"
+          echo "GitHub release updated with same tarball"
+
+      - name: Update metadata and align tag
+        run: |
+          [ "$SKIP_BUILD" = "true" ] && exit 0
+          VERSION=${GITHUB_REF_NAME#v}
+          git checkout main
+          sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
+          sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"https://github.com/cpfarhood/polaris-headlamp-plugin/releases/download/${GITHUB_REF_NAME}/polaris-headlamp-plugin-${VERSION}.tar.gz\"|" artifacthub-pkg.yml
+          sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
+          git config user.name "gitea-actions[bot]"
+          git config user.email "gitea-actions[bot]@git.farh.net"
+          git add artifacthub-pkg.yml
+          git diff --cached --quiet || {
+            git commit -m "ci: update artifact hub metadata for ${GITHUB_REF_NAME}"
+            git push origin main
+          }
+          # Force-move tag to the commit with correct checksum.
+          # This triggers a new CI run, but the guard step will detect
+          # that the release checksum already matches and skip the build.
+          git tag -f ${GITHUB_REF_NAME}
+          git push -f origin ${GITHUB_REF_NAME}
+          # Also push to GitHub directly to avoid waiting for mirror sync
+          git remote add github https://x-access-token:${{ secrets.GH_PAT }}@github.com/cpfarhood/polaris-headlamp-plugin.git 2>/dev/null || true
+          git push github main 2>/dev/null || true
+          git push -f github ${GITHUB_REF_NAME} 2>/dev/null || true
+          echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata"

.github/workflows/release.yml

@@ -1,37 +0,0 @@
-name: GitHub Release
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-permissions:
-  contents: write
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build plugin
-        run: npx @kinvolk/headlamp-plugin build
-
-      - name: Package tarball
-        run: npx @kinvolk/headlamp-plugin package
-
-      - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: "*.tar.gz"
-          generate_release_notes: true

.prettierrc.js

@@ -0,0 +1 @@
+module.exports = require('@headlamp-k8s/eslint-config/prettier-config');

Dockerfile

@@ -7,3 +7,4 @@ RUN npx @kinvolk/headlamp-plugin build
 
 FROM alpine:3.20
 COPY --from=build /app/dist/ /plugins/polaris-headlamp-plugin/
+COPY --from=build /app/package.json /plugins/polaris-headlamp-plugin/

README.md

@@ -1,5 +1,7 @@
 # polaris-headlamp-plugin
 
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/polaris-headlamp-plugin)](https://artifacthub.io/packages/headlamp/polaris-headlamp-plugin/polaris-headlamp-plugin)
+
 A [Headlamp](https://headlamp.dev/) plugin that surfaces [Fairwinds Polaris](https://polaris.docs.fairwinds.com/) audit results directly in the Headlamp UI.
 
 ## What It Does
@@ -22,12 +24,95 @@ Error states are handled explicitly: RBAC denied (403), Polaris not installed (4
 - **Polaris** installed via the [official Helm chart](https://github.com/FairwindsOps/polaris) with the dashboard component enabled
 - The Headlamp service account must have RBAC permission to `get` ConfigMaps in the `polaris` namespace
 
+## Installing
+
+### Option 1: Artifact Hub + Headlamp plugin manager (recommended)
+
+The plugin is published on [Artifact Hub](https://artifacthub.io/packages/headlamp/polaris-headlamp-plugin/polaris-headlamp-plugin). Configure Headlamp's `pluginsManager` in your Helm values to install it automatically:
+
+```yaml
+pluginsManager:
+  sources:
+    - url: https://artifacthub.io/packages/headlamp/polaris-headlamp-plugin/polaris-headlamp-plugin
+```
+
+Headlamp will fetch and install the plugin on startup.
+
+### Option 2: Docker init container
+
+The plugin ships as a container image at `git.farh.net/farhoodliquor/polaris-headlamp-plugin`.
+
+Add it as an init container in your Headlamp Helm values:
+
+```yaml
+initContainers:
+  - name: polaris-plugin
+    image: git.farh.net/farhoodliquor/polaris-headlamp-plugin:v0.0.1
+    command: ["sh", "-c", "cp -r /plugins/* /headlamp/plugins/"]
+    volumeMounts:
+      - name: plugins
+        mountPath: /headlamp/plugins
+
+volumes:
+  - name: plugins
+    emptyDir: {}
+
+volumeMounts:
+  - name: plugins
+    mountPath: /headlamp/plugins
+```
+
+### Option 3: Manual tarball install
+
+Download the `.tar.gz` from the [GitHub releases page](https://github.com/cpfarhood/polaris-headlamp-plugin/releases) or the [Gitea releases page](https://git.farh.net/farhoodliquor/polaris-headlamp-plugin/releases), then extract into Headlamp's plugin directory:
+
+```bash
+tar xzf polaris-headlamp-plugin-0.0.1.tar.gz -C /headlamp/plugins/
+```
+
+### Option 4: Build from source
+
+```bash
+npm install
+npm run build
+npx @kinvolk/headlamp-plugin extract . /headlamp/plugins
+```
+
+## RBAC
+
+The plugin reads a single ConfigMap. Minimum RBAC required for the Headlamp service account:
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: headlamp-polaris-reader
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["polaris-dashboard"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: headlamp-polaris-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: headlamp-polaris-reader
+subjects:
+  - kind: ServiceAccount
+    name: headlamp
+    namespace: headlamp
+```
+
 ## Development
 
 ### Setup
 
 ```bash
-git clone https://git.farh.net/farhoodliquor/polaris-headlamp-plugin.git
+git clone https://github.com/cpfarhood/polaris-headlamp-plugin.git
 cd polaris-headlamp-plugin
 npm install
 ```
@@ -67,104 +152,6 @@ src/
                                 cluster info, error states, refresh interval selector.
 ```
 
-## Deploying to Headlamp
-
-### Option 1: Docker init container (recommended for Kubernetes)
-
-The plugin ships as a container image at `git.farh.net/farhoodliquor/polaris-headlamp-plugin`.
-
-Add it as an init container in your Headlamp Helm values:
-
-```yaml
-initContainers:
-  - name: polaris-plugin
-    image: git.farh.net/farhoodliquor/polaris-headlamp-plugin:v0.0.1
-    command: ["sh", "-c", "cp -r /plugins/* /headlamp/plugins/"]
-    volumeMounts:
-      - name: plugins
-        mountPath: /headlamp/plugins
-
-volumes:
-  - name: plugins
-    emptyDir: {}
-
-volumeMounts:
-  - name: plugins
-    mountPath: /headlamp/plugins
-```
-
-### Option 2: Manual tarball install
-
-Download the `.tar.gz` from the [releases page](https://git.farh.net/farhoodliquor/polaris-headlamp-plugin/releases), then extract into Headlamp's plugin directory:
-
-```bash
-tar xzf polaris-headlamp-plugin-0.0.1.tar.gz -C /headlamp/plugins/
-```
-
-### Option 3: Build from source
-
-```bash
-npm install
-npm run build
-npx @kinvolk/headlamp-plugin extract . /headlamp/plugins
-```
-
-## Releasing
-
-Releases are automated via Gitea Actions. To cut a release:
-
-```bash
-# Bump version in package.json, then:
-git add package.json package-lock.json
-git commit -m "chore: bump version to 0.0.2"
-git tag v0.0.2
-git push origin main v0.0.2
-```
-
-The CI pipeline (`.gitea/workflows/release.yaml`) will:
-
-1. Build the plugin in a `node:20` container
-2. Package a `.tar.gz` tarball
-3. Build and push a Docker image to `git.farh.net/farhoodliquor/polaris-headlamp-plugin:{tag}` and `:latest`
-4. Create a Gitea release with the tarball attached
-
-### CI secrets
-
-| Secret | Purpose |
-|---|---|
-| `REGISTRY_TOKEN` | Gitea personal access token with `package:write` scope, used to push Docker images to the container registry |
-
-The release creation itself uses the built-in `github.token` -- no extra secret needed for that.
-
-## RBAC
-
-The plugin reads a single ConfigMap. Minimum RBAC required for the Headlamp service account:
-
-```yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: headlamp-polaris-reader
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    resourceNames: ["polaris-dashboard"]
-    verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: headlamp-polaris-reader
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: headlamp-polaris-reader
-subjects:
-  - kind: ServiceAccount
-    name: headlamp
-    namespace: headlamp
-```
-
 ## Data Source
 
 The plugin reads from:
@@ -189,6 +176,55 @@ AuditData
 
 Each check in a `ResultSet` has `Success` (bool) and `Severity` (`"warning"` or `"danger"`).
 
+## Releasing
+
+Releases are automated via CI. To cut a release:
+
+```bash
+# Bump version in package.json and artifacthub-pkg.yml, then:
+git add package.json package-lock.json artifacthub-pkg.yml
+git commit -m "chore: bump version to 0.0.2"
+git tag v0.0.2
+git push origin main v0.0.2
+```
+
+This triggers two CI pipelines:
+
+**Gitea Actions** (`.gitea/workflows/release.yaml`):
+1. Build the plugin in a `node:20` container
+2. Package a `.tar.gz` tarball
+3. Build and push a Docker image to `git.farh.net/farhoodliquor/polaris-headlamp-plugin:{tag}` and `:latest`
+4. Create a Gitea release with the tarball attached
+
+**GitHub Actions** (`.github/workflows/release.yml`):
+1. Build and package the plugin
+2. Create a GitHub release with the tarball attached (required for Artifact Hub)
+
+The Gitea repo push-mirrors to GitHub automatically, so both pipelines trigger from a single `git push`.
+
+### CI secrets
+
+| Secret | Where | Purpose |
+|---|---|---|
+| `REGISTRY_TOKEN` | Gitea | Personal access token with `package:write` scope for Docker image push |
+
+The Gitea release uses the built-in `github.token`. The GitHub release uses the default `GITHUB_TOKEN` with `contents: write` permission.
+
+### Updating Artifact Hub
+
+When releasing a new version, update `artifacthub-pkg.yml`:
+- `version` field
+- `headlamp/plugin/archive-url` annotation (update the version in the download URL)
+- `headlamp/plugin/archive-checksum` annotation (SHA256 of the new tarball, printed by the CI build)
+
+## Links
+
+- [Artifact Hub](https://artifacthub.io/packages/headlamp/polaris-headlamp-plugin/polaris-headlamp-plugin)
+- [GitHub (mirror)](https://github.com/cpfarhood/polaris-headlamp-plugin)
+- [Gitea (source of truth)](https://git.farh.net/farhoodliquor/polaris-headlamp-plugin)
+- [Headlamp](https://headlamp.dev/)
+- [Fairwinds Polaris](https://polaris.docs.fairwinds.com/)
+
 ## License
 
 MIT

artifacthub-pkg.yml

@@ -1,4 +1,4 @@
-version: 0.0.1
+version: 0.0.5
 name: polaris-headlamp-plugin
 displayName: Polaris
 createdAt: "2026-02-05T19:00:00Z"
@@ -20,9 +20,9 @@ links:
     url: "https://polaris.docs.fairwinds.com/"
 maintainers:
   - name: cpfarhood
-    email: ""
+    email: "chris@farhood.org"
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/cpfarhood/polaris-headlamp-plugin/releases/download/v0.0.1/polaris-headlamp-plugin-0.0.1.tar.gz"
+  headlamp/plugin/archive-url: "https://github.com/cpfarhood/polaris-headlamp-plugin/releases/download/v0.0.5/polaris-headlamp-plugin-0.0.5.tar.gz"
   headlamp/plugin/version-compat: ">=0.26"
-  headlamp/plugin/archive-checksum: sha256:456f09cf8b126816b80c723b6c6f300b2af0c2e1288ee67da13f435b0e35c04d
+  headlamp/plugin/archive-checksum: sha256:afc57a1e869898b0197364e568205426f32572b703c638246463bb5c7898f4d2
   headlamp/plugin/distro-compat: in-cluster

artifacthub-repo.yml

@@ -1,4 +1,4 @@
-repositoryID: polaris-headlamp-plugin
+repositoryID: fb4c3789-de2b-4667-8fff-34f22e5648da
 owners:
   - name: cpfarhood
-    email: ""
+    email: "chris@farhood.org"

claude.md

@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Project Overview
 
-Headlamp plugin that surfaces Fairwinds Polaris audit results inside the Headlamp UI. Reads from `ConfigMap/polaris-dashboard` in the `polaris` namespace (key: `dashboard.json`). Target Headlamp ≥ v0.26.
+Headlamp plugin that surfaces Fairwinds Polaris audit results inside the Headlamp UI. Queries the Polaris dashboard API via the Kubernetes service proxy (`/api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json`). Target Headlamp ≥ v0.26.
 
 ## Build & Development Commands
 
@@ -36,11 +36,11 @@ src/
     └── PolarisView.tsx           # Main page: score badge, check summary, cluster info, error states, refresh interval selector
 ```
 
-Single sidebar page at `/polaris`. Data is cached in React state and refreshed on a user-configurable interval (stored in localStorage under `polaris-plugin-refresh-interval`, default 5 minutes). The `usePolarisData` hook wraps `ConfigMap.useGet` with caching so stale data is shown while refreshing.
+Single sidebar page at `/polaris`. Data is fetched via `ApiProxy.request` to the Polaris dashboard service proxy and refreshed on a user-configurable interval (stored in localStorage under `polaris-plugin-refresh-interval`, default 5 minutes). Score is computed from result counts (pass/total).
 
 ## Key Constraints
 
-- **Data source**: `ConfigMap/polaris-dashboard` in `polaris` namespace, key `dashboard.json`. No CRDs, no external API calls, no cluster write operations.
+- **Data source**: Polaris dashboard API via K8s service proxy. Requires Polaris deployed in the `polaris` namespace with a `polaris-dashboard` service. No CRDs, no cluster write operations.
 - **UI components**: Use only Headlamp-provided components (`@kinvolk/headlamp-plugin/lib/CommonComponents`). Do not import raw MUI packages. No custom theming.
 - **Error handling**: Must handle 403 (RBAC denied), 404 (Polaris not installed), malformed JSON, and loading states with distinct visual states.
 - **TypeScript strictness**: No `any`, no implicit `unknown` casting, no dead code, no unused imports.

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "polaris-headlamp-plugin",
-  "version": "0.0.1",
+  "version": "0.0.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "polaris-headlamp-plugin",
-      "version": "0.0.1",
+      "version": "0.0.3",
       "devDependencies": {
         "@kinvolk/headlamp-plugin": "^0.13.0"
       }

package.json

@@ -1,12 +1,16 @@
 {
   "name": "polaris-headlamp-plugin",
-  "version": "0.0.1",
+  "version": "0.0.5",
   "description": "Headlamp plugin for Fairwinds Polaris audit results",
   "scripts": {
     "start": "headlamp-plugin start",
     "build": "headlamp-plugin build",
     "package": "headlamp-plugin package",
-    "tsc": "tsc --noEmit"
+    "tsc": "tsc --noEmit",
+    "lint": "eslint --ext .ts,.tsx src/",
+    "lint:fix": "eslint --ext .ts,.tsx --fix src/",
+    "format": "prettier --write src/",
+    "format:check": "prettier --check src/"
   },
   "devDependencies": {
     "@kinvolk/headlamp-plugin": "^0.13.0"

src/api/polaris.ts

@@ -1,4 +1,4 @@
-import { K8s } from '@kinvolk/headlamp-plugin/lib';
+import { ApiProxy } from '@kinvolk/headlamp-plugin/lib';
 import React from 'react';
 
 // --- Polaris AuditData schema (matches pkg/validator/output.go) ---
@@ -52,7 +52,6 @@ export interface AuditData {
   DisplayName: string;
   ClusterInfo: ClusterInfo;
   Results: Result[];
-  Score: number;
 }
 
 // --- Result counting ---
@@ -112,8 +111,18 @@ export function setRefreshInterval(seconds: number): void {
   localStorage.setItem(STORAGE_KEY, String(seconds));
 }
 
+// --- Score computation ---
+
+export function computeScore(counts: ResultCounts): number {
+  if (counts.total === 0) return 0;
+  return Math.round((counts.pass / counts.total) * 100);
+}
+
 // --- Data fetching hook ---
 
+const POLARIS_API_PATH =
+  '/api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json';
+
 interface PolarisDataState {
   data: AuditData | null;
   loading: boolean;
@@ -121,87 +130,54 @@ interface PolarisDataState {
 }
 
 export function usePolarisData(refreshIntervalSeconds: number): PolarisDataState {
-  const [configMap, fetchError] = K8s.ResourceClasses.ConfigMap.useGet(
-    'polaris-dashboard',
-    'polaris'
-  );
-  const [cachedData, setCachedData] = React.useState<AuditData | null>(null);
-  const [parseError, setParseError] = React.useState<string | null>(null);
-  const [lastFetchTime, setLastFetchTime] = React.useState<number>(0);
-  const [, setTick] = React.useState(0);
+  const [data, setData] = React.useState<AuditData | null>(null);
+  const [loading, setLoading] = React.useState(true);
+  const [error, setError] = React.useState<string | null>(null);
+  const [tick, setTick] = React.useState(0);
 
-  // Parse ConfigMap data when it arrives
   React.useEffect(() => {
-    if (!configMap) {
-      return;
-    }
-    const dataMap = configMap.data as Record<string, string> | undefined;
-    const raw = dataMap?.['dashboard.json'];
-    if (!raw) {
-      setParseError('ConfigMap exists but dashboard.json key is missing.');
-      return;
-    }
-    try {
-      const parsed: AuditData = JSON.parse(raw);
-      setCachedData(parsed);
-      setParseError(null);
-      setLastFetchTime(Date.now());
-    } catch {
-      setParseError('Failed to parse dashboard.json: malformed JSON.');
-    }
-  }, [configMap]);
+    let cancelled = false;
 
-  // Periodic refresh via re-render trigger
-  React.useEffect(() => {
-    if (refreshIntervalSeconds <= 0) {
-      return;
+    async function fetchData() {
+      try {
+        const result: AuditData = await ApiProxy.request(POLARIS_API_PATH);
+        if (!cancelled) {
+          setData(result);
+          setError(null);
+          setLoading(false);
+        }
+      } catch (err: unknown) {
+        if (cancelled) return;
+        const status = (err as { status?: number }).status;
+        if (status === 403) {
+          setError(
+            'Access denied (403). Check that your RBAC permissions allow proxying to the Polaris service.'
+          );
+        } else if (status === 404 || status === 503) {
+          setError(
+            'Polaris dashboard not reachable. Ensure Polaris is installed in the polaris namespace.'
+          );
+        } else {
+          setError(`Failed to fetch Polaris data: ${String(err)}`);
+        }
+        setLoading(false);
+      }
     }
+
+    fetchData();
+    return () => {
+      cancelled = true;
+    };
+  }, [tick]);
+
+  // Periodic refresh
+  React.useEffect(() => {
+    if (refreshIntervalSeconds <= 0) return;
     const intervalId = window.setInterval(() => {
-      setTick((t) => t + 1);
+      setTick(t => t + 1);
     }, refreshIntervalSeconds * 1000);
     return () => window.clearInterval(intervalId);
   }, [refreshIntervalSeconds]);
 
-  // Determine error state
-  if (fetchError) {
-    const status = (fetchError as { status?: number }).status;
-    if (status === 403) {
-      return {
-        data: cachedData,
-        loading: false,
-        error:
-          'Access denied (403). Check that your RBAC permissions allow reading ConfigMaps in the polaris namespace.',
-      };
-    }
-    if (status === 404) {
-      return {
-        data: cachedData,
-        loading: false,
-        error:
-          'Polaris dashboard ConfigMap not found (404). Ensure Polaris is installed in the polaris namespace.',
-      };
-    }
-    return {
-      data: cachedData,
-      loading: false,
-      error: `Failed to fetch Polaris data: ${String(fetchError)}`,
-    };
-  }
-
-  if (parseError) {
-    return { data: cachedData, loading: false, error: parseError };
-  }
-
-  const isLoading = !configMap && !fetchError;
-
-  // Return cached data while loading if we have it
-  if (isLoading && cachedData && lastFetchTime > 0) {
-    return { data: cachedData, loading: false, error: null };
-  }
-
-  return {
-    data: cachedData,
-    loading: isLoading,
-    error: null,
-  };
+  return { data, loading, error };
 }

src/components/PolarisView.tsx

@@ -1,11 +1,8 @@
-import {
-  Loader,
-  SectionBox,
-  SectionHeader,
-} from '@kinvolk/headlamp-plugin/lib/CommonComponents';
+import { Loader, SectionBox, SectionHeader } from '@kinvolk/headlamp-plugin/lib/CommonComponents';
 import React from 'react';
 import {
   AuditData,
+  computeScore,
   countResults,
   getRefreshInterval,
   ResultCounts,
@@ -20,19 +17,16 @@ const INTERVAL_OPTIONS = [
   { label: '30 minutes', value: 1800 },
 ];
 
-function RefreshSettings(props: {
-  interval: number;
-  onChange: (seconds: number) => void;
-}) {
+function RefreshSettings(props: { interval: number; onChange: (seconds: number) => void }) {
   return (
     <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
       <label htmlFor="polaris-refresh-interval">Refresh interval:</label>
       <select
         id="polaris-refresh-interval"
         value={props.interval}
-        onChange={(e) => props.onChange(Number(e.target.value))}
+        onChange={e => props.onChange(Number(e.target.value))}
       >
-        {INTERVAL_OPTIONS.map((opt) => (
+        {INTERVAL_OPTIONS.map(opt => (
           <option key={opt.value} value={opt.value}>
             {opt.label}
           </option>
@@ -69,19 +63,18 @@ function ScoreBadge(props: { score: number }) {
   const color = props.score >= 80 ? '#4caf50' : props.score >= 50 ? '#ff9800' : '#f44336';
   return (
     <div style={{ textAlign: 'center', marginBottom: '16px' }}>
-      <div style={{ fontSize: '3rem', fontWeight: 'bold', color }}>
-        {props.score}%
-      </div>
+      <div style={{ fontSize: '3rem', fontWeight: 'bold', color }}>{props.score}%</div>
       <div style={{ fontSize: '0.875rem', opacity: 0.8 }}>Cluster Score</div>
     </div>
   );
 }
 
 function OverviewSection(props: { data: AuditData; counts: ResultCounts }) {
+  const score = computeScore(props.counts);
   return (
     <>
       <SectionBox title="Score">
-        <ScoreBadge score={props.data.Score} />
+        <ScoreBadge score={score} />
       </SectionBox>
       <SectionBox title="Check Summary">
         <div
@@ -135,13 +128,12 @@ export default function PolarisView() {
 
   return (
     <>
-      <SectionHeader title="Polaris" actions={[
-        <RefreshSettings
-          key="refresh"
-          interval={interval}
-          onChange={handleIntervalChange}
-        />,
-      ]} />
+      <SectionHeader
+        title="Polaris"
+        actions={[
+          <RefreshSettings key="refresh" interval={interval} onChange={handleIntervalChange} />,
+        ]}
+      />
 
       {error && (
         <SectionBox title="Error">
@@ -153,9 +145,7 @@ export default function PolarisView() {
 
       {!data && !error && (
         <SectionBox title="No Data">
-          <div style={{ padding: '16px' }}>
-            No Polaris audit results found.
-          </div>
+          <div style={{ padding: '16px' }}>No Polaris audit results found.</div>
         </SectionBox>
       )}
     </>

src/index.tsx

@@ -1,7 +1,4 @@
-import {
-  registerRoute,
-  registerSidebarEntry,
-} from '@kinvolk/headlamp-plugin/lib';
+import { registerRoute, registerSidebarEntry } from '@kinvolk/headlamp-plugin/lib';
 import React from 'react';
 import PolarisView from './components/PolarisView';
 

tsconfig.json

@@ -0,0 +1,4 @@
+{
+  "extends": "@kinvolk/headlamp-plugin/config/plugins-tsconfig.json",
+  "include": ["src"]
+}