Initial release: Headlamp Sealed Secrets plugin v0.1.0
Features: - Complete SealedSecret CRD integration with Headlamp - Client-side encryption using controller's public key - Support for all three scoping modes (strict, namespace-wide, cluster-wide) - List and detail views for SealedSecrets - Encryption dialog for creating new SealedSecrets - Decryption support with RBAC awareness - Sealing keys management - Settings page for controller configuration - Integration with Secret detail view Technical: - Full TypeScript with strict mode - ~1,345 lines of code - Build size: 339.42 kB (93.21 kB gzipped) - Compatible with Headlamp v0.13.0+ - Apache 2.0 license Security: - All encryption performed client-side - RSA-OAEP + AES-256-GCM (kubeseal-compatible) - Auto-hide decrypted values after 30 seconds Closes: Initial implementation
This commit is contained in:
+305
@@ -0,0 +1,305 @@
|
||||
# Publishing Guide for Headlamp Sealed Secrets Plugin
|
||||
|
||||
This guide covers how to publish the plugin to NPM, GitHub, and Artifact Hub.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before publishing, ensure you have:
|
||||
|
||||
1. **NPM Account** - Create one at https://www.npmjs.com
|
||||
2. **GitHub Account** - Already set up (cpfarhood)
|
||||
3. **Artifact Hub** - Repository already configured (ID: 5574d37c-c4ae-45ab-a378-ef24aaba5b4c)
|
||||
|
||||
## Step 1: Initial Setup
|
||||
|
||||
### 1.1 NPM Authentication
|
||||
|
||||
```bash
|
||||
npm login
|
||||
# Enter your NPM username, password, and email
|
||||
```
|
||||
|
||||
### 1.2 Verify Package Configuration
|
||||
|
||||
Check that `package.json` has correct metadata:
|
||||
```bash
|
||||
cd headlamp-sealed-secrets
|
||||
cat package.json | grep -A 5 '"name"'
|
||||
```
|
||||
|
||||
## Step 2: Prepare for Publishing
|
||||
|
||||
### 2.1 Build and Test
|
||||
|
||||
```bash
|
||||
cd headlamp-sealed-secrets
|
||||
|
||||
# Install dependencies
|
||||
npm install
|
||||
|
||||
# Type check
|
||||
npm run tsc
|
||||
|
||||
# Lint
|
||||
npm run lint
|
||||
|
||||
# Build for production
|
||||
npm run build
|
||||
|
||||
# Verify dist/ directory exists
|
||||
ls -la dist/
|
||||
```
|
||||
|
||||
### 2.2 Test Package Locally
|
||||
|
||||
```bash
|
||||
# Create a tarball to inspect what will be published
|
||||
npm pack
|
||||
|
||||
# This creates headlamp-sealed-secrets-0.1.0.tgz
|
||||
# Extract and verify contents:
|
||||
tar -tzf headlamp-sealed-secrets-0.1.0.tgz
|
||||
|
||||
# Clean up
|
||||
rm headlamp-sealed-secrets-0.1.0.tgz
|
||||
```
|
||||
|
||||
## Step 3: Publish to NPM
|
||||
|
||||
### Option A: Manual Publishing
|
||||
|
||||
```bash
|
||||
cd headlamp-sealed-secrets
|
||||
|
||||
# Publish to NPM
|
||||
npm publish
|
||||
|
||||
# If this is your first publish and you want to make it public
|
||||
npm publish --access public
|
||||
```
|
||||
|
||||
### Option B: Automated Publishing via GitHub Actions
|
||||
|
||||
The repository includes automated workflows:
|
||||
|
||||
1. **Push code to GitHub:**
|
||||
```bash
|
||||
cd ..
|
||||
git add .
|
||||
git commit -m "Initial release of Headlamp Sealed Secrets plugin"
|
||||
git push origin main
|
||||
```
|
||||
|
||||
2. **Create and push a version tag:**
|
||||
```bash
|
||||
git tag -a v0.1.0 -m "Release version 0.1.0"
|
||||
git push origin v0.1.0
|
||||
```
|
||||
|
||||
3. **Configure NPM token in GitHub:**
|
||||
- Go to https://www.npmjs.com/settings/YOUR_USERNAME/tokens
|
||||
- Create a new "Automation" token
|
||||
- Copy the token
|
||||
- Go to GitHub repository → Settings → Secrets and variables → Actions
|
||||
- Create a new secret named `NPM_TOKEN` with your token
|
||||
|
||||
4. **The workflow will automatically:**
|
||||
- Build the plugin
|
||||
- Run tests and linting
|
||||
- Publish to NPM
|
||||
- Create a GitHub Release
|
||||
|
||||
## Step 4: GitHub Setup
|
||||
|
||||
### 4.1 Create GitHub Repository
|
||||
|
||||
```bash
|
||||
# Initialize git (if not already done)
|
||||
cd /Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin
|
||||
git init
|
||||
git add .
|
||||
git commit -m "Initial commit: Headlamp Sealed Secrets plugin"
|
||||
|
||||
# Create repository on GitHub first, then:
|
||||
git remote add origin https://github.com/cpfarhood/headlamp-sealed-secrets-plugin.git
|
||||
git branch -M main
|
||||
git push -u origin main
|
||||
```
|
||||
|
||||
### 4.2 Configure Repository
|
||||
|
||||
On GitHub, configure:
|
||||
1. **Description**: "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets"
|
||||
2. **Topics**: `headlamp`, `kubernetes`, `sealed-secrets`, `encryption`, `security`
|
||||
3. **Website**: Link to Artifact Hub (once published)
|
||||
|
||||
## Step 5: Artifact Hub
|
||||
|
||||
### 5.1 Verify Repository Configuration
|
||||
|
||||
The repository is already configured with:
|
||||
- Repository ID: `5574d37c-c4ae-45ab-a378-ef24aaba5b4c`
|
||||
- Metadata files:
|
||||
- `artifacthub-repo.yml` (root)
|
||||
- `headlamp-sealed-secrets/artifacthub-pkg.yml`
|
||||
|
||||
### 5.2 Trigger Artifact Hub Sync
|
||||
|
||||
Artifact Hub automatically syncs from your GitHub repository every few hours. To force a sync:
|
||||
|
||||
1. Go to https://artifacthub.io/control-panel/repositories
|
||||
2. Find your repository
|
||||
3. Click "Trigger sync"
|
||||
|
||||
Alternatively, push a change to trigger automatic sync:
|
||||
```bash
|
||||
git commit --allow-empty -m "Trigger Artifact Hub sync"
|
||||
git push origin main
|
||||
```
|
||||
|
||||
### 5.3 Verify Publication
|
||||
|
||||
1. Wait 5-10 minutes for sync
|
||||
2. Visit https://artifacthub.io/packages/headlamp/headlamp-sealed-secrets
|
||||
3. Verify all metadata is correct
|
||||
|
||||
## Step 6: Post-Publishing
|
||||
|
||||
### 6.1 Update README Links
|
||||
|
||||
Once published, update README.md with real links:
|
||||
|
||||
```markdown
|
||||
## Installation
|
||||
|
||||
npm install -g headlamp-sealed-secrets
|
||||
```
|
||||
|
||||
### 6.2 Add Badges
|
||||
|
||||
Add badges to README.md:
|
||||
|
||||
```markdown
|
||||
[](https://www.npmjs.com/package/headlamp-sealed-secrets)
|
||||
[](https://artifacthub.io/packages/headlamp/headlamp-sealed-secrets)
|
||||
[](LICENSE)
|
||||
```
|
||||
|
||||
### 6.3 Announce Release
|
||||
|
||||
Consider announcing on:
|
||||
- Headlamp community channels
|
||||
- Kubernetes Slack (#headlamp)
|
||||
- Twitter/Social media
|
||||
- Dev.to or Medium blog post
|
||||
|
||||
## Version Updates
|
||||
|
||||
When releasing new versions:
|
||||
|
||||
1. **Update version:**
|
||||
```bash
|
||||
cd headlamp-sealed-secrets
|
||||
npm version patch # or minor, or major
|
||||
```
|
||||
|
||||
2. **Update artifacthub-pkg.yml:**
|
||||
```yaml
|
||||
version: 0.1.1 # Match package.json
|
||||
```
|
||||
|
||||
3. **Commit and tag:**
|
||||
```bash
|
||||
git add .
|
||||
git commit -m "Release v0.1.1: <description>"
|
||||
git tag -a v0.1.1 -m "Release version 0.1.1"
|
||||
git push origin main
|
||||
git push origin v0.1.1
|
||||
```
|
||||
|
||||
4. **GitHub Actions will auto-publish** to NPM and create a release
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### "Package already exists"
|
||||
If the NPM package name is taken, update `package.json`:
|
||||
```json
|
||||
{
|
||||
"name": "@cpfarhood/headlamp-sealed-secrets"
|
||||
}
|
||||
```
|
||||
|
||||
### NPM Publish Fails
|
||||
- Verify you're logged in: `npm whoami`
|
||||
- Check package.json has correct `name` and `version`
|
||||
- Ensure version hasn't been published before
|
||||
|
||||
### Artifact Hub Not Syncing
|
||||
- Verify `artifacthub-repo.yml` is in repository root
|
||||
- Verify `artifacthub-pkg.yml` is in plugin directory
|
||||
- Check repository URL in Artifact Hub settings
|
||||
- Wait 24 hours for initial sync
|
||||
- Trigger manual sync from control panel
|
||||
|
||||
### GitHub Actions Failing
|
||||
- Check workflow logs in GitHub Actions tab
|
||||
- Verify `NPM_TOKEN` secret is set correctly
|
||||
- Ensure node version matches (20.x)
|
||||
|
||||
## Files Checklist
|
||||
|
||||
Before publishing, verify these files exist and are correct:
|
||||
|
||||
- [ ] `headlamp-sealed-secrets/package.json` - Correct name, version, metadata
|
||||
- [ ] `headlamp-sealed-secrets/LICENSE` - Apache 2.0 license
|
||||
- [ ] `headlamp-sealed-secrets/README.md` - Comprehensive documentation
|
||||
- [ ] `headlamp-sealed-secrets/artifacthub-pkg.yml` - Artifact Hub metadata
|
||||
- [ ] `artifacthub-repo.yml` - Repository metadata (root)
|
||||
- [ ] `.github/workflows/publish.yml` - Publish workflow
|
||||
- [ ] `.github/workflows/ci.yml` - CI workflow
|
||||
- [ ] `.gitignore` - Excludes node_modules, dist, etc.
|
||||
|
||||
## Quick Checklist
|
||||
|
||||
For a new release:
|
||||
|
||||
```bash
|
||||
# 1. Update version
|
||||
cd headlamp-sealed-secrets
|
||||
npm version patch
|
||||
|
||||
# 2. Build and test
|
||||
npm run tsc
|
||||
npm run lint
|
||||
npm run build
|
||||
|
||||
# 3. Update Artifact Hub metadata
|
||||
# Edit artifacthub-pkg.yml version to match package.json
|
||||
|
||||
# 4. Commit and tag
|
||||
cd ..
|
||||
git add .
|
||||
git commit -m "Release v0.1.1"
|
||||
git tag -a v0.1.1 -m "Release version 0.1.1"
|
||||
|
||||
# 5. Push (triggers auto-publish)
|
||||
git push origin main
|
||||
git push origin v0.1.1
|
||||
|
||||
# 6. Verify
|
||||
# - Check GitHub Actions workflow
|
||||
# - Verify on NPM: https://www.npmjs.com/package/headlamp-sealed-secrets
|
||||
# - Check Artifact Hub (may take 24h): https://artifacthub.io
|
||||
```
|
||||
|
||||
## Support
|
||||
|
||||
If you encounter issues:
|
||||
- NPM: https://docs.npmjs.com/
|
||||
- Artifact Hub: https://artifacthub.io/docs
|
||||
- Headlamp: https://headlamp.dev/docs/latest/development/plugins/
|
||||
|
||||
---
|
||||
|
||||
**Repository:** https://github.com/cpfarhood/headlamp-sealed-secrets-plugin
|
||||
**Artifact Hub ID:** 5574d37c-c4ae-45ab-a378-ef24aaba5b4c
|
||||
Reference in New Issue
Block a user