Updates the default E2E_NAMESPACE from privilegedescalation-dev to
headlamp-dev to match the actual namespace used by the reusable E2E workflow.
Also updates comments and RBAC path references to reflect the new
infra repo structure (apps/base/e2e-ci-runner-rbac.yaml).
Fixes PRI-1127
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* Regenerate lockfile for lodash+vite overrides
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix: add markdownlint config to resolve CI failures
- Add .markdownlint-cli2.jsonc with 18 rule disables appropriate for plugin docs
- Add .markdownlintignore to skip generated API reference docs
- Fix remaining errors with --fix
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* Reference shared infra RBAC in deployment scripts
PRI-750: update plugin repos to reference shared infra RBAC (PRI-695 follow-up)
- scripts/deploy-e2e-headlamp.sh: updated RBAC preflight comment and error
message to reference privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
- scripts/teardown-e2e-headlamp.sh: added RBAC reference comment
Infra RBAC is the source of truth managed by Flux GitOps. No E2E workflow
exists yet for this plugin.
---------
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
* fix(e2e): add E2E workflow for headlamp-sealed-secrets-plugin
Adds .github/workflows/e2e.yaml calling the shared plugin-e2e.yaml reusable workflow.
Fixes PRI-729: E2E DNS failure caused by missing E2E workflow in this repo.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(e2e): reference @main workflow after .github merge
Update workflow_call ref from hugh/add-pnpm-support-plugin-e2e to main
now that .github#144 has merged.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(e2e): use pnpm-capable workflow branch
Reference @hugh/add-pnpm-support-plugin-e2e which has pnpm support via corepack.
PRI-634
* fix(e2e): reference @main workflow after .github merge
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(e2e): disable automount SA token to avoid kubelet fetch race
Kubelet tries to fetch SA token immediately after deployment creates the pod,
but the SA may not be propagated yet. Setting automountServiceAccountToken: false
avoids this race. The SA token is not needed since E2E tests authenticate
via HEADLAMP_TOKEN passed as env var.
---------
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Follows the pattern established in headlamp-intel-gpu-plugin (PR #25):
- e2e/sealed-secrets.spec.ts: 5 smoke tests covering sidebar navigation,
list view, sealing keys view, cross-view navigation, and plugin settings
- e2e/auth.setup.ts: shared OIDC + token auth setup
- playwright.config.ts: fail-fast if HEADLAMP_URL not set (no prod URL fallback)
- scripts/deploy-e2e-headlamp.sh: ConfigMap-based plugin injection to privilegedescalation-dev
- scripts/teardown-e2e-headlamp.sh: clean teardown of all E2E resources
Chris Farhood
privilegedescalation-engineer[bot]