The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
ArtifactHub plugin installer is the only supported installation method.
Remove manual tarball, sidecar, and build-from-source install options
to align documentation with company policy.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Empty checksum causes headlamp plugin manager to reject the plugin
with "Invalid plugin metadata".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Renamed from sealed-secrets to headlamp-sealed-secrets on Artifact Hub
with new repository ID 3d4645ad-d227-4fc0-8cae-8f8ee7794da2.
Ref: PRI-31
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Configures the reusable release workflow to fetch the latest release
tag from bitnami-labs/sealed-secrets and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
* ci: switch to org-level reusable workflows
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: retrigger CI after reusable workflows merged
* feat: add workflow_dispatch to CI workflow
---------
Co-authored-by: hugh-hackman[bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: hugh-hackman[bot] <266376744+hugh-hackman[bot]@users.noreply.github.com>
- Target main branch explicitly
- Set weekly schedule (weekends)
- Limit concurrent PRs to 10
- Group minor/patch updates for npm and github-actions to reduce PR noise
Ref: PRI-16
Co-authored-by: Gandalf Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Artifact Hub requires the headlamp/plugin/archive-checksum annotation.
The release workflow's sed replacement (Compute checksum step) expects
this line to already exist in order to substitute the actual SHA256
checksum at release time. Without it, the sed silently does nothing
and AH rejects the package metadata.
Adds an empty placeholder that the release workflow will populate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Claude Code agent skill for ArtifactHub metadata and publishing,
sourced from headlamp-agent-skills repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix handleRotate bug ignoring Result from rotateSealedSecret()
- Fix dead code branch in useControllerHealth
- Replace all `any` types with `unknown` + type guards
- Delete unused functions/exports (452 lines removed)
- Add 18 new test files covering all hooks, libs, and components
- 233 tests passing, zero tsc errors, zero lint issues
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SealingKeysView: replace hardcoded #666 with var(--mui-palette-text-secondary)
SealedSecretDetail:
- Add cancelled flag to canDecryptSecrets useEffect
- Add aria-label to close button, decrypt buttons, delete dialog
- Replace any types in SimpleTable column getters with { key, value }
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- README: fix LICENSE link, remove dead doc links, update install
instructions, remove hardcoded version/bundle size/LOC metrics
- artifacthub-pkg.yml: fix appVersion 0.2.18 → 0.2.20, fix README
path, fix build-from-source cd path
- docs/README.md: trim to only reference files that actually exist
(was 160 lines of aspirational links, now 47 lines of real ones)
- CLAUDE.md: correct "no MUI imports" claim — code uses @mui/material
- headlamp-plugin-developer agent: match corrected MUI convention
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
privilegedescalation-paperclip[bot]
Chris Farhood