chore: release v0.2.6

The Headlamp plugin build system was externalizing node-forge because it
was in dependencies. Since Headlamp doesn't provide node-forge as a shared
library, the plugin would fail to load in the browser.

Solution: Add .pluginrc with empty externals to force bundling all dependencies.

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

.github/workflows/prepare-release.yaml

@@ -1,69 +0,0 @@
-name: Prepare Release
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Version to release (without v prefix, e.g., 0.2.5)'
-        required: true
-        type: string
-
-jobs:
-  prepare:
-    runs-on: local-ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Validate version format
-        run: |
-          if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-            echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
-            exit 1
-          fi
-
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure git
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Update package.json version
-        working-directory: ./headlamp-sealed-secrets
-        run: |
-          jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
-          mv package.json.tmp package.json
-
-      - name: Update artifacthub-pkg.yml version
-        run: |
-          VERSION="${{ inputs.version }}"
-          RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
-
-          sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
-          sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
-          sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
-
-          # Set placeholder checksum - will be updated after release
-          sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:PLACEHOLDER_WILL_BE_UPDATED_AFTER_RELEASE|" artifacthub-pkg.yml
-
-      - name: Commit version bump
-        run: |
-          git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
-          git commit -m "chore: bump version to ${{ inputs.version }}"
-          git push origin main
-
-      - name: Create and push tag
-        run: |
-          git tag "v${{ inputs.version }}"
-          git push origin "v${{ inputs.version }}"
-
-      - name: Summary
-        run: |
-          echo "✓ Version bumped to ${{ inputs.version }}"
-          echo "✓ Tag v${{ inputs.version }} created"
-          echo ""
-          echo "The release workflow will now run automatically."
-          echo "After it completes, the checksum will be updated on main."

.github/workflows/release.yaml

@@ -1,28 +1,48 @@
 name: Release
 
 on:
-  push:
+  workflow_dispatch:
-    tags:
+    inputs:
-      - 'v*'
+      version:
+        description: 'Version to release (without v prefix, e.g., 0.2.5)'
+        required: true
+        type: string
 
 jobs:
-  build-and-release:
+  release:
     runs-on: local-ubuntu-latest
     permissions:
       contents: write
-    outputs:
-      version: ${{ steps.extract_version.outputs.version }}
-      checksum: ${{ steps.compute_checksum.outputs.checksum }}
     steps:
+      - name: Validate version format
+        run: |
+          if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
+            echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
+            exit 1
+          fi
+
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Extract version from tag
+      - name: Configure git
-        id: extract_version
         run: |
-          VERSION=${GITHUB_REF_NAME#v}
+          git config user.name "github-actions[bot]"
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          git config user.email "github-actions[bot]@users.noreply.github.com"
-          echo "Version: ${VERSION}"
+
+      - name: Update package.json version
+        working-directory: ./headlamp-sealed-secrets
+        run: |
+          jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
+          mv package.json.tmp package.json
+
+      - name: Update artifacthub-pkg.yml version
+        run: |
+          VERSION="${{ inputs.version }}"
+          RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
+
+          sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
+          sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
+          sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
@@ -54,8 +74,7 @@ jobs:
       - name: Move tarball to root
         working-directory: ./headlamp-sealed-secrets
         run: |
-          # Get the specific tarball created by package command
+          TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
-          TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
           if [ ! -f "${TARBALL}" ]; then
             echo "::error::Expected tarball ${TARBALL} not found"
             ls -la *.tar.gz
@@ -66,7 +85,7 @@ jobs:
 
       - name: Validate tarball name
         run: |
-          EXPECTED="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
+          EXPECTED="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
           ACTUAL=$(ls *.tar.gz)
           if [ "$EXPECTED" != "$ACTUAL" ]; then
             echo "::error::Tarball name mismatch! Expected: $EXPECTED, Got: $ACTUAL"
@@ -77,14 +96,14 @@ jobs:
       - name: Compute checksum
         id: compute_checksum
         run: |
-          TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
+          TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
           CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
           echo "checksum=${CHECKSUM}" >> $GITHUB_OUTPUT
           echo "Checksum: sha256:${CHECKSUM}"
 
       - name: Verify tarball contents
         run: |
-          TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
+          TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
           echo "Tarball contents:"
           tar -tzf "${TARBALL}" | head -20
 
@@ -95,10 +114,27 @@ jobs:
           fi
           echo "✓ Tarball contents validated"
 
+      - name: Update checksum in metadata
+        run: |
+          CHECKSUM="${{ steps.compute_checksum.outputs.checksum }}"
+          sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
+
+      - name: Commit version bump and metadata
+        run: |
+          git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
+          git commit -m "chore: release v${{ inputs.version }}"
+          git push origin main
+
+      - name: Create and push tag
+        run: |
+          git tag "v${{ inputs.version }}"
+          git push origin "v${{ inputs.version }}"
+
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          files: headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz
+          tag_name: "v${{ inputs.version }}"
+          files: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz
           fail_on_unmatched_files: true
           draft: false
           prerelease: false
@@ -106,47 +142,18 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  update-metadata:
+      - name: Summary
-    needs: build-and-release
-    runs-on: local-ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout main branch
-        uses: actions/checkout@v4
-        with:
-          ref: main
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure git
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Update checksum in metadata
-        run: |
-          VERSION="${{ needs.build-and-release.outputs.version }}"
-          CHECKSUM="${{ needs.build-and-release.outputs.checksum }}"
-
-          sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
-
-          git add artifacthub-pkg.yml
-          if ! git diff --cached --quiet; then
-            git commit -m "ci: update checksum for v${VERSION}"
-            git push origin main
-            echo "✓ Checksum updated on main branch"
-          else
-            echo "✓ Checksum already up to date"
-          fi
-
-      - name: Release Summary
         run: |
           echo "Release Summary:"
           echo "=================="
-          echo "Version: v${{ needs.build-and-release.outputs.version }}"
+          echo "Version: v${{ inputs.version }}"
-          echo "Tarball: headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
+          echo "Tarball: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
-          echo "Checksum: sha256:${{ needs.build-and-release.outputs.checksum }}"
+          echo "Checksum: sha256:${{ steps.compute_checksum.outputs.checksum }}"
-          echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ needs.build-and-release.outputs.version }}/headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
+          echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ inputs.version }}/headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
+          echo ""
+          echo "✓ Version bumped to ${{ inputs.version }}"
+          echo "✓ Metadata updated with checksum"
+          echo "✓ Tag v${{ inputs.version }} created"
+          echo "✓ GitHub release published with tarball"
           echo ""
-          echo "Metadata updated on main branch."
           echo "Artifact Hub will sync within 5-10 minutes."

artifacthub-pkg.yml

@@ -1,13 +1,13 @@
 # Artifact Hub package metadata file
 # https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
-version: 0.2.5
+version: 0.2.6
 name: headlamp-sealed-secrets
 displayName: Sealed Secrets Plugin for Headlamp
 createdAt: "2026-02-12T00:00:00Z"
 description: A comprehensive Headlamp plugin for managing Bitnami Sealed Secrets with client-side encryption and RBAC-aware UI
 license: Apache-2.0
 homeURL: https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin
-appVersion: 0.2.5
+appVersion: 0.2.6
 containersImages:
   - name: sealed-secrets-controller
     image: docker.io/bitnami/sealed-secrets-controller:v0.24.0
@@ -19,8 +19,8 @@ keywords:
   - encryption
   - security
 annotations:
-  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v0.2.5/headlamp-sealed-secrets-0.2.5.tar.gz"
+  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v0.2.6/headlamp-sealed-secrets-0.2.6.tar.gz"
-  headlamp/plugin/archive-checksum: sha256:PLACEHOLDER_WILL_BE_UPDATED_AFTER_RELEASE
+  headlamp/plugin/archive-checksum: sha256:0665d221ba8e1e08d5eb8596caa4138e480c7d8b8bb0853ca25d3bd6967adee1
   headlamp/plugin/version-compat: ">=0.13.0"
   headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
 links:

headlamp-sealed-secrets/.pluginrc

@@ -0,0 +1,3 @@
+{
+  "externals": {}
+}

headlamp-sealed-secrets/package.json

@@ -1,6 +1,6 @@
 {
   "name": "headlamp-sealed-secrets",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
   "files": [
     "dist",