ci: update artifact hub metadata for v0.2.0-dev.4

The metadata update step was hardcoded to push to the stable repo,
causing dev releases to pollute the stable repo's main branch.

Changes:
- Use ${GITHUB_REPO} in archive-url instead of hardcoded stable repo
- Use ${GITHUB_REPO} in git remote instead of hardcoded stable repo
- Determine GITEA_BRANCH dynamically (dev/namespace-drawer for dev, main for stable)
- Push the correct Gitea branch to GitHub main branch
- Use temp branch to avoid conflicts

Now dev releases only touch the dev repo, and stable releases only
touch the stable repo.

.gitea/workflows/release.yaml

@@ -168,7 +168,7 @@ jobs:
           git config user.email "gitea-actions[bot]@git.farh.net"
           # Determine which Gitea branch to update based on version suffix
           if [[ "$VERSION" == *"-dev."* ]]; then
-            GITEA_BRANCH="dev"
+            GITEA_BRANCH="dev/namespace-drawer"
           else
             GITEA_BRANCH="main"
           fi
@@ -187,15 +187,10 @@ jobs:
           # that the release checksum already matches and skip the build.
           git tag -f ${GITHUB_REF_NAME}
           git push -f origin ${GITHUB_REF_NAME}
-          # Only push to GitHub main branch for STABLE releases
-          # Dev releases only create GitHub releases, don't update main branch
-          # This keeps GitHub main branch at latest stable for ArtifactHub
+          # Also push to GitHub directly to avoid waiting for mirror sync
+          # Single repo pattern: both stable and dev releases go to same GitHub repo
+          # ArtifactHub will differentiate based on prerelease flag in metadata
           git remote add github https://x-access-token:${{ secrets.GH_PAT }}@github.com/cpfarhood/headlamp-polaris-plugin.git 2>/dev/null || true
-          if [[ "$VERSION" != *"-dev."* ]]; then
-            echo "Stable release detected - pushing to GitHub main branch"
-            git push github temp-update:main 2>/dev/null || true
-          else
-            echo "Dev release detected - skipping GitHub main branch update"
-          fi
+          git push github temp-update:main 2>/dev/null || true
           git push -f github ${GITHUB_REF_NAME} 2>/dev/null || true
           echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata"

README.md

@@ -83,59 +83,6 @@ npm run build
 npx @kinvolk/headlamp-plugin extract . /headlamp/plugins
 ```
 
-## Installing Dev/Preview Versions
-
-Dev preview versions (e.g., `v0.2.0-dev.4`) are published to [GitHub Releases](https://github.com/cpfarhood/headlamp-polaris-plugin/releases) but are **not available via ArtifactHub**. These versions contain experimental features and are intended for testing.
-
-To install a dev version, use the direct URL method:
-
-### Sidecar container pattern (recommended)
-
-Create a ConfigMap with the dev version URL:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: headlamp-plugin-config
-  namespace: kube-system
-data:
-  plugin.yml: |
-    plugins:
-      - url: https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.2.0-dev.4/headlamp-polaris-plugin-0.2.0-dev.4.tar.gz
-```
-
-Then configure Headlamp to use a sidecar container that installs from this config:
-
-```yaml
-# In Headlamp Helm values or deployment
-containers:
-  - name: headlamp-plugin-installer
-    image: node:lts-alpine
-    command: ["/bin/sh", "-c"]
-    args:
-      - |
-        npm install -g @kinvolk/headlamp-plugin
-        headlamp-plugin install --config /config/plugin.yml
-    volumeMounts:
-      - name: plugins
-        mountPath: /headlamp/plugins
-      - name: plugin-config
-        mountPath: /config
-volumes:
-  - name: plugins
-    emptyDir: {}
-  - name: plugin-config
-    configMap:
-      name: headlamp-plugin-config
-```
-
-### Manual download
-
-Browse [GitHub Releases](https://github.com/cpfarhood/headlamp-polaris-plugin/releases), download the dev version tarball, and extract it to your Headlamp plugins directory.
-
-**Note:** Dev versions are tagged with the `-dev.N` suffix and may introduce breaking changes or unstable features. Use stable versions for production deployments.
-
 ## RBAC / Security Setup
 
 The plugin fetches audit data through the Kubernetes API server's **service proxy** sub-resource. The identity making the request (Headlamp's service account, or the user's own token in token-auth mode) must be granted:

artifacthub-pkg.yml

@@ -1,4 +1,4 @@
-version: 0.2.0-dev.5
+version: 0.2.0-dev.4
 name: headlamp-polaris-plugin
 displayName: Polaris
 createdAt: "2026-02-05T19:00:00Z"
@@ -28,7 +28,7 @@ maintainers:
   - name: cpfarhood
     email: "chris@farhood.org"
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.2.0-dev.5/headlamp-polaris-plugin-0.2.0-dev.5.tar.gz"
+  headlamp/plugin/archive-url: "https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.2.0-dev.4/headlamp-polaris-plugin-0.2.0-dev.4.tar.gz"
   headlamp/plugin/version-compat: ">=0.26"
-  headlamp/plugin/archive-checksum: sha256:cb8d03f52022590fce5565b4f08a3fb99d0e264f3ff6a1c99ab59bf48b33ef79
+  headlamp/plugin/archive-checksum: sha256:70d46b8b478326794646bd90f9b4178c3010310509feecbe40305622954436a4
   headlamp/plugin/distro-compat: in-cluster