The org renovate-config.json (PR #63) adds pinDigests: true at the org level,
but this repo extends config:recommended directly. Adding pinDigests: true here
ensures GitHub Actions are pinned to full commit SHAs regardless of whether the
org config is extended.
Related: privilegedescalation/.github#63, PRI-757
Calls the shared privilegedescalation/.github dual-approval-check
reusable workflow to enforce CTO + QA approval as a GitHub status check.
Once privilegedescalation/.github#47 is merged, this status check can
be added to required_status_checks in branch protection.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
ArtifactHub plugin installer is the only supported installation method.
Remove manual tarball, sidecar, and build-from-source install options
to align documentation with company policy.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Configures the reusable release workflow to fetch the latest release
tag from rook/rook and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
Co-authored-by: Hugh Hackman <hugh@privilegedescalation.dev>
* ci: switch to org-level reusable workflows
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: retrigger CI after reusable workflows merged
* feat: add workflow_dispatch to CI workflow
---------
Co-authored-by: hugh-hackman[bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: hugh-hackman[bot] <266376744+hugh-hackman[bot]@users.noreply.github.com>
- Target main branch explicitly
- Set weekly schedule (weekends)
- Limit concurrent PRs to 10
- Group minor/patch updates for npm and github-actions to reduce PR noise
Ref: PRI-16
Co-authored-by: gandalf-the-greybeard[bot] <gandalf-the-greybeard[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds Claude Code agent skill for ArtifactHub metadata and publishing,
sourced from headlamp-agent-skills repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Register AppBarClusterBadge via registerAppBarAction (was dead code)
- Add Rook 1.12+ CSI pod labels to CephPodDetailSection alongside legacy labels
- Add sidebar entries for Storage Classes and Volumes pages
- Add role="dialog", aria-modal, aria-labelledby, and Escape key to all detail drawers
- Replace hardcoded hex colors with CSS custom properties for dark/light theme compat
- Remove duplicate parseStorageToBytes from OverviewPage (import from k8s.ts)
- Add endpoints field to CephObjectStoreStatus interface (remove unsafe cast)
- Use ROOK_CEPH_API_GROUP/VERSION constants in API URL construction
- Hoist extractJsonData to module level
- Remove dead extractPoolFromVolumeHandle function
- Fix redundant storageClasses.length guard in OverviewPage
- Fix lint indent warnings
- Update CLAUDE.md and CHANGELOG.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Claude Code agent skill for Headlamp plugin development,
sourced from headlamp-agent-skills repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces hardcoded headlamp-rook-plugin tarball name with dynamic
PKG_NAME from package.json for consistency with other plugins.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The self-hosted runner doesn't have gh CLI installed, causing
"gh: command not found" at the Create GitHub Release step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The dynamic PKG_NAME read from package.json returns "rook", causing
`mv rook-X.Y.Z.tar.gz rook-X.Y.Z.tar.gz` to fail as a self-rename.
Hardcode "headlamp-rook-plugin" as the tarball name to match the repo
and artifacthub expectations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
privilegedescalation-engineer[bot]
Chris Farhood