Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Chris Farhood
|
239149adeb | ||
 Null Pointer Nancy
|
669e862a3a | ||
|
Chris Farhood
|
4b2b614b36 | ||
|
Chris Farhood
|
fec39dd2db |
@@ -94,14 +94,14 @@ jobs:
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \
|
||||
REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \
|
||||
'[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
|
||||
|
||||
echo "${GATE_NAME} (${REQUIRED_REVIEWER}) approved: ${REVIEWER_APPROVED}"
|
||||
|
||||
# Fallback: check if CTO approved as alternative for uat→main
|
||||
if [ "${REVIEWER_APPROVED}" != "true" ] && [ -n "${ALT_REVIEWER}" ]; then
|
||||
REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${ALT_REVIEWER}" \
|
||||
REVIEWER_APPROVED=$(printf '%s' "${REVIEWS}" | jq -r --arg user "${ALT_REVIEWER}" \
|
||||
'[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end')
|
||||
if [ "${REVIEWER_APPROVED}" = "true" ]; then
|
||||
echo "CTO (${ALT_REVIEWER}) approved as fallback for UAT gate."
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
# Installation Policy
|
||||
|
||||
## Approved Installation Method
|
||||
|
||||
**The ONLY approved method for installing this plugin is via [Artifact Hub](https://artifacthub.io/) using the Headlamp plugin installer.**
|
||||
|
||||
No other installation method is acceptable. This includes but is not limited to:
|
||||
|
||||
- Direct installation from GitHub release assets
|
||||
- Manual npm pack / tarball extraction
|
||||
- initContainer workarounds that bypass Artifact Hub
|
||||
- Direct file copy or sidecar injection
|
||||
|
||||
## Enforcement
|
||||
|
||||
All deployment configurations, CI/CD pipelines, and documentation MUST reference Artifact Hub as the sole plugin distribution channel. Any pull request that introduces an alternative installation method will be rejected.
|
||||
|
||||
## Rationale
|
||||
|
||||
Artifact Hub provides verified checksums, consistent versioning, and a standard discovery mechanism for the CNCF ecosystem. Bypassing it introduces security and integrity risks.
|
||||
|
||||
---
|
||||
|
||||
*This policy is set by the CTO and approved by the CEO of Privileged Escalation.*
|
||||
@@ -44,6 +44,8 @@ kubectl get sealedsecret -A
|
||||
kubectl get secret <your-secret-name> -n <namespace>
|
||||
```
|
||||
|
||||
> See [Plugin Installation Policy](https://git.farh.net/privilegedescalation/privilegedescalation.com/wiki/Plugin-Installation-Policy) for approved installation methods.
|
||||
|
||||
|
||||
## Documentation
|
||||
|
||||
|
||||
Reference in New Issue
Block a user