chore: optimize Git workflow and CI/CD for Headlamp plugin releases

Implements comprehensive workflow redesign addressing: - Non-deterministic builds → Fixed with consistent Node version and npm ci - Manual checksum management → Automated in publish workflow - Multiple artifact locations → Single source of truth (GitHub releases) - Individual file releases → Single tarball artifact - Artifact Hub mismatches → No rebuild risk, use released tarball Key improvements: - CI workflow: faster builds with npm cache, artifact verification - Publish workflow: deterministic builds, automatic checksum calculation, auto-commit of metadata updates, single tarball release - Branch protection: require PR review and passing CI before merge - Release process: simplified from manual to 5-minute automated workflow Documentation: - GIT_WORKFLOW.md: branching strategy, commit conventions, release process - RELEASE_GUIDE.md: detailed step-by-step release instructions - RELEASE_QUICK_REFERENCE.md: copy-paste commands for quick releases - CI_CD_DESIGN.md: technical architecture and design decisions - GITHUB_SETUP_CHECKLIST.md: repository configuration guide - WORKFLOW_OPTIMIZATION_SUMMARY.md: executive summary of changes Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-12 13:43:39 -05:00
parent 630152270f
commit 78f5074818
8 changed files with 2234 additions and 14 deletions
@@ -9,6 +9,7 @@ on:
 jobs:
  test:
    runs-on: local-ubuntu-latest
+    timeout-minutes: 10

    steps:
      - name: Checkout code
@@ -18,6 +19,8 @@ jobs:
        uses: actions/setup-node@v4
        with:
          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: headlamp-sealed-secrets/package-lock.json

      - name: Install dependencies
        working-directory: ./headlamp-sealed-secrets
@@ -35,8 +38,20 @@ jobs:
        working-directory: ./headlamp-sealed-secrets
        run: npm run build

-      - name: Upload build artifact
+      - name: Verify build artifacts
+        working-directory: ./headlamp-sealed-secrets
+        run: |
+          if [ ! -d "dist" ] || [ -z "$(ls -A dist)" ]; then
+            echo "Error: dist directory is empty or missing"
+            exit 1
+          fi
+          echo "Build artifacts verified successfully"
+          ls -lh dist/
+
+      - name: Upload build artifact (for inspection)
        uses: actions/upload-artifact@v4
+        if: always()
        with:
          name: plugin-dist
          path: headlamp-sealed-secrets/dist/
+          retention-days: 7