ci: update artifact hub metadata for v0.2.0-dev.4

The metadata update step was hardcoded to push to the stable repo,
causing dev releases to pollute the stable repo's main branch.

Changes:
- Use ${GITHUB_REPO} in archive-url instead of hardcoded stable repo
- Use ${GITHUB_REPO} in git remote instead of hardcoded stable repo
- Determine GITEA_BRANCH dynamically (dev/namespace-drawer for dev, main for stable)
- Push the correct Gitea branch to GitHub main branch
- Use temp branch to avoid conflicts

Now dev releases only touch the dev repo, and stable releases only
touch the stable repo.

.gitea/workflows/release.yaml

@@ -168,7 +168,7 @@ jobs:
           git config user.email "gitea-actions[bot]@git.farh.net"
           # Determine which Gitea branch to update based on version suffix
           if [[ "$VERSION" == *"-dev."* ]]; then
-            GITEA_BRANCH="dev"
+            GITEA_BRANCH="dev/namespace-drawer"
           else
             GITEA_BRANCH="main"
           fi
@@ -187,15 +187,10 @@ jobs:
           # that the release checksum already matches and skip the build.
           git tag -f ${GITHUB_REF_NAME}
           git push -f origin ${GITHUB_REF_NAME}
-          # Only push to GitHub main branch for STABLE releases
-          # Dev releases only create GitHub releases, don't update main branch
-          # This keeps GitHub main branch at latest stable for ArtifactHub
+          # Also push to GitHub directly to avoid waiting for mirror sync
+          # Single repo pattern: both stable and dev releases go to same GitHub repo
+          # ArtifactHub will differentiate based on prerelease flag in metadata
           git remote add github https://x-access-token:${{ secrets.GH_PAT }}@github.com/cpfarhood/headlamp-polaris-plugin.git 2>/dev/null || true
-          if [[ "$VERSION" != *"-dev."* ]]; then
-            echo "Stable release detected - pushing to GitHub main branch"
-            git push github temp-update:main 2>/dev/null || true
-          else
-            echo "Dev release detected - skipping GitHub main branch update"
-          fi
+          git push github temp-update:main 2>/dev/null || true
           git push -f github ${GITHUB_REF_NAME} 2>/dev/null || true
           echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata"

README.md

@@ -83,10 +83,6 @@ npm run build
 npx @kinvolk/headlamp-plugin extract . /headlamp/plugins
 ```
 
-## Installing Dev/Preview Versions
-
-Dev preview versions are **not currently available** through the Headlamp plugin manager. Stable versions can be installed from ArtifactHub via the plugin manager UI.
-
 ## RBAC / Security Setup
 
 The plugin fetches audit data through the Kubernetes API server's **service proxy** sub-resource. The identity making the request (Headlamp's service account, or the user's own token in token-auth mode) must be granted:

artifacthub-pkg.yml

@@ -1,4 +1,4 @@
-version: 0.1.7
+version: 0.2.0-dev.4
 name: headlamp-polaris-plugin
 displayName: Polaris
 createdAt: "2026-02-05T19:00:00Z"
@@ -28,7 +28,7 @@ maintainers:
   - name: cpfarhood
     email: "chris@farhood.org"
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.1.7/headlamp-polaris-plugin-0.1.7.tar.gz"
+  headlamp/plugin/archive-url: "https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.2.0-dev.4/headlamp-polaris-plugin-0.2.0-dev.4.tar.gz"
   headlamp/plugin/version-compat: ">=0.26"
-  headlamp/plugin/archive-checksum: sha256:0000000000000000000000000000000000000000000000000000000000000000
+  headlamp/plugin/archive-checksum: sha256:70d46b8b478326794646bd90f9b4178c3010310509feecbe40305622954436a4
   headlamp/plugin/distro-compat: in-cluster

package.json

@@ -1,6 +1,6 @@
 {
   "name": "headlamp-polaris-plugin",
-  "version": "0.1.7",
+  "version": "0.1.6",
   "description": "Headlamp plugin for Fairwinds Polaris audit results",
   "scripts": {
     "start": "headlamp-plugin start",