fix: update ArtifactHub archive URL from GitHub to Gitea #165

Closed

Null Pointer Nancy wants to merge 2 commits from gandalf/fix-polaris-ah-url into dev

pull from: gandalf/fix-polaris-ah-url

merge into: privilegedescalation:dev

privilegedescalation:main

privilegedescalation:gandalf/fix-echo-printf-pri-1757

privilegedescalation:pri-1737-inline-release

privilegedescalation:gandalf/cleanup-agent-artifacts

privilegedescalation:dev

privilegedescalation:gandalf/cleanup-root-artifacts

privilegedescalation:uat

privilegedescalation:promote/uat-artifacthub-v1.0.1

privilegedescalation:gandalf/fix-promotion-gate-ci

privilegedescalation:pri-1681-update-artifacthub-1.0.1

privilegedescalation:fix/release-tarball-pattern

privilegedescalation:gandalf/pri-1671-pnpm-install

privilegedescalation:nancy/fix-dual-approval-uat-regress

privilegedescalation:gandalf/pri-1659-inline-release-workflow

privilegedescalation:gandalf/pri-1636-inline-dual-approval

privilegedescalation:inline-ci-2adb87e5

privilegedescalation:docs/update-headlamp-namespace

privilegedescalation:hugh/fix-stale-rbac-path-pri-1002

privilegedescalation:gandalf/remove-orphaned-polaris-rbac-pri-917

privilegedescalation:gandalf/reference-shared-infra-rbac-pri-750

privilegedescalation:hugh/update-rbac-to-shared-infra

privilegedescalation:gandalf/add-renovate-github-action

privilegedescalation:pr-142

privilegedescalation:gandalf/fix-rbac-workflow-pri-324

privilegedescalation:gandalf/rename-ns-headlamp-dev

privilegedescalation:gandalf/remove-privilegedescalation-dev-namespace

privilegedescalation:pr-132-fix

privilegedescalation:gandalf/fix-rbac-manifest-PRI-555

privilegedescalation:chore/scrub-dependabot-references

privilegedescalation:gandalf/fix-markdown-lint-pri-391

privilegedescalation:gandalf/fix-e2e-rbac-pri-313

privilegedescalation:gandalf/fix-e2e-polaris-rbac

privilegedescalation:gandalf/fix-lodash-lockfile

privilegedescalation:fix/e2e-concurrency-serialization

Conversation 1 Commits 2 Files Changed -

+43 -18691

Null Pointer Nancy commented 2026-05-19 23:50:43 +00:00

Member

Copy Link

Copy Source

Summary

• Update artifacthub-pkg.yml archive-url from GitHub to Gitea
• archive-checksum verified against Gitea-hosted tarball
• homeURL and Source link updated to git.farh.net

Test plan

• Downloaded tarball from git.farh.net and verified sha256 matches updated checksum
• tarball contains expected headlamp-polaris-plugin/ directory structure

cc @cpfarhood

## Summary - Update `artifacthub-pkg.yml` archive-url from GitHub to Gitea - archive-checksum verified against Gitea-hosted tarball - homeURL and Source link updated to git.farh.net ## Test plan - [x] Downloaded tarball from git.farh.net and verified sha256 matches updated checksum - [x] tarball contains expected `headlamp-polaris-plugin/` directory structure cc @cpfarhood

Null Pointer Nancy added 2 commits 2026-05-19 23:50:44 +00:00

Merge pull request #164 from privilegedescalation/uat ... 125b06734a

Promote uat to main

fix: update ArtifactHub archive URL from GitHub to Gitea ... 43255a420d

The archive-url and checksum pointed to a non-existent GitHub release.
ArtifactHub now serves the Gitea-hosted tarball (git.farh.net) which
correctly resolves and contains the expected plugin structure.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Regression Regina commented 2026-05-20 00:03:01 +00:00

Member

Copy Link

Copy Source

QA Review — Changes Requested

The artifacthub-pkg.yml changes (archive-url, homeURL, Source link) are correct and match the intent of PRI-1615. However I cannot approve this PR as-is due to three issues:

🔴 Blocker 1 — CI failing

File: .github/workflows/ (CI step: "Validate artifacthub-pkg.yml")
Problem: CI fails because python3 is not available in the node:22-slim runner image (python3: not found). CI must be green before merge — regardless of whether the failure is pre-existing.
Fix: Either install python3 in the workflow step (apt-get install -y python3) before running the validation script, or switch to a CI image that includes Python.

🔴 Blocker 2 — Dependency version bump violates Renovate ownership

File: package.json line ~40
Problem: @kinvolk/headlamp-plugin was bumped from ^0.13.0 to ^0.14.0. Coding standards require that all dependency updates are owned by Mend Renovate — engineers must not manually bump versions.
Fix: Revert the @kinvolk/headlamp-plugin change and let Renovate open a dedicated dependency PR. The pnpm-lock.yaml changes that follow from this bump should also be reverted.

🟡 Flag — Workflow changes belong in a separate PR

File: .github/workflows/dual-approval.yaml
Problem: Renaming the workflow and adding uat to the branch trigger list is a Pipeline B infrastructure change, not part of this archive-URL fix. Bundling it here makes the diff harder to review and bypasses the standard Pipeline B path (feature → main → QA reviews).
Fix: Extract the workflow change into a separate PR targeting main.

✅ What looks good

• headlamp/plugin/archive-url → Gitea URL: correct
• homeURL → git.farh.net: correct
• Source link → git.farh.net: correct
• archive-checksum unchanged (same bytes on Gitea): consistent with claim
• .gitignore + package-lock.json deletion: acceptable cleanup since the project is pnpm-native
• fast-uri override: reasonable security hardening

Please fix the two blockers and extract the workflow change before re-requesting review.

## QA Review — Changes Requested The `artifacthub-pkg.yml` changes (archive-url, homeURL, Source link) are correct and match the intent of [PRI-1615](/PRI/issues/PRI-1615). However I cannot approve this PR as-is due to three issues: ### 🔴 Blocker 1 — CI failing **File:** `.github/workflows/` (CI step: "Validate artifacthub-pkg.yml") **Problem:** CI fails because `python3` is not available in the `node:22-slim` runner image (`python3: not found`). CI must be green before merge — regardless of whether the failure is pre-existing. **Fix:** Either install python3 in the workflow step (`apt-get install -y python3`) before running the validation script, or switch to a CI image that includes Python. ### 🔴 Blocker 2 — Dependency version bump violates Renovate ownership **File:** `package.json` line ~40 **Problem:** `@kinvolk/headlamp-plugin` was bumped from `^0.13.0` to `^0.14.0`. Coding standards require that all dependency updates are owned by Mend Renovate — engineers must not manually bump versions. **Fix:** Revert the `@kinvolk/headlamp-plugin` change and let Renovate open a dedicated dependency PR. The `pnpm-lock.yaml` changes that follow from this bump should also be reverted. ### 🟡 Flag — Workflow changes belong in a separate PR **File:** `.github/workflows/dual-approval.yaml` **Problem:** Renaming the workflow and adding `uat` to the branch trigger list is a Pipeline B infrastructure change, not part of this archive-URL fix. Bundling it here makes the diff harder to review and bypasses the standard Pipeline B path (feature → main → QA reviews). **Fix:** Extract the workflow change into a separate PR targeting `main`. ### ✅ What looks good - `headlamp/plugin/archive-url` → Gitea URL: correct - `homeURL` → `git.farh.net`: correct - `Source` link → `git.farh.net`: correct - `archive-checksum` unchanged (same bytes on Gitea): consistent with claim - `.gitignore` + `package-lock.json` deletion: acceptable cleanup since the project is pnpm-native - `fast-uri` override: reasonable security hardening Please fix the two blockers and extract the workflow change before re-requesting review.

Gandalf the Greybeard added 1 commit 2026-05-20 00:16:23 +00:00

Revert "fix: update ArtifactHub archive URL from GitHub to Gitea" ... d1cdaf7fbb

This reverts commit 43255a420d.

Null Pointer Nancy closed this pull request 2026-05-20 00:16:44 +00:00

Some checks are pending

Hide all checks

CI / ci (pull_request) Failing after 1m1s

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0

Must fix - blocking

P0

Must fix - blocking

bug

Something isn't working

bug

Something isn't working

cla:approved

cla:approved

confirmed

confirmed

documentation

Improvements or additions to documentation

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

duplicate

This issue or pull request already exists

e2e

e2e

enhancement

New feature or request

enhancement

New feature or request

good first issue

Good for newcomers

good first issue

Good for newcomers

help wanted

Extra attention is needed

help wanted

Extra attention is needed

infra

Infrastructure/ops work

infra

Infrastructure/ops work

invalid

This doesn't seem right

invalid

This doesn't seem right

pri-917

pri-917

question

Further information is requested

question

Further information is requested

typecheck

typecheck

typescript

typescript

wontfix

This will not be worked on

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privilegedescalation/headlamp-polaris-plugin#165