- Bump version to 1.0.0 in package.json and artifacthub-pkg.yml
- Add explicit devDependencies: vitest, @testing-library/react,
@testing-library/jest-dom, @testing-library/user-event, jsdom,
react, react-dom, @types/react, @types/react-dom, react-router-dom,
@mui/material, notistack — resolves phantom-dep test failures
- Add process.env.NODE_ENV define to vitest.config.mts (fixes
"act() not supported in production builds" failures)
- Switch to pnpm lockfile (pnpm-lock.yaml), drop package-lock.json
- Remove install-plugin.sh (violates ArtifactHub-only install policy)
- Fill in CHANGELOG entries for v0.2.22, v0.2.23, v0.2.24
- Update CHANGELOG [1.0.0] and version comparison links
- All 233 tests pass
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaces the duplicated Renovate config with a simple extend from the
org-level preset (privilegedescalation/.github:renovate-config). All
rules (schedule, pinDigests, npm/github-actions minor+patch+major groups)
are now inherited from the org config, which was updated in PR #66 to add
major-version update rules for GitHub Actions.
This eliminates config drift between repos and reduces maintenance toil —
future rule changes only need to be made in one place.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The org renovate-config.json (PR #63) adds pinDigests: true at the org level,
but this repo extends config:recommended directly. Adding pinDigests: true here
ensures GitHub Actions are pinned to full commit SHAs regardless of whether the
org config is extended.
Related: privilegedescalation/.github#63, PRI-757
Calls the shared privilegedescalation/.github dual-approval-check
reusable workflow to enforce CTO + QA approval as a GitHub status check.
Once privilegedescalation/.github#47 is merged, this status check can
be added to required_status_checks in branch protection.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
ArtifactHub plugin installer is the only supported installation method.
Remove manual tarball, sidecar, and build-from-source install options
to align documentation with company policy.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Empty checksum causes headlamp plugin manager to reject the plugin
with "Invalid plugin metadata".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Renamed from sealed-secrets to headlamp-sealed-secrets on Artifact Hub
with new repository ID 3d4645ad-d227-4fc0-8cae-8f8ee7794da2.
Ref: PRI-31
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Configures the reusable release workflow to fetch the latest release
tag from bitnami-labs/sealed-secrets and set appVersion in artifacthub-pkg.yml.
This keeps our Artifact Hub listing in sync with the upstream project.
* ci: switch to org-level reusable workflows
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: retrigger CI after reusable workflows merged
* feat: add workflow_dispatch to CI workflow
---------
Co-authored-by: hugh-hackman[bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: hugh-hackman[bot] <266376744+hugh-hackman[bot]@users.noreply.github.com>
- Target main branch explicitly
- Set weekly schedule (weekends)
- Limit concurrent PRs to 10
- Group minor/patch updates for npm and github-actions to reduce PR noise
Ref: PRI-16
Co-authored-by: Gandalf Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Artifact Hub requires the headlamp/plugin/archive-checksum annotation.
The release workflow's sed replacement (Compute checksum step) expects
this line to already exist in order to substitute the actual SHA256
checksum at release time. Without it, the sed silently does nothing
and AH rejects the package metadata.
Adds an empty placeholder that the release workflow will populate.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Gandalf the Greybeard
Gandalf the Greybeard
Chris Farhood