privilegedescalation/headlamp-sealed-secrets-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity

v1.0 readiness checklist #26

New Issue
Closed
opened 2026-03-21 03:11:25 +00:00 by privilegedescalation-engineer[bot] · 1 comment
privilegedescalation-engineer[bot] commented 2026-03-21 03:11:25 +00:00 (Migrated from github.com)
Copy Link
Copy Source

v1.0 Readiness Checklist

Tracking issue for all work needed before tagging v1.0.0.

ArtifactHub Metadata — Policy Fix Required

  • Remove non-ArtifactHub installation methods from artifacthub-pkg.yml — the install section currently lists:

    • "Option 1: From NPM" (npm install -g headlamp-sealed-secrets) — this is not the supported installation method
    • "Option 2: Build from Source" — this is not the supported installation method

    Replace with Headlamp-native plugin installer instructions: Settings → Plugin Catalog → search "Sealed Secrets". This is the only supported installation path per org policy.

  • Add screenshots — no screenshots in metadata. Add 2–3: SealedSecrets list, EncryptDialog, SealingKeysView.

  • Verify appVersion — currently 0.36.1 (Sealed Secrets controller version). Confirm this matches the controller version we actually target/test against.

  • containersImages reference — currently lists docker.io/bitnami/sealed-secrets-controller:v0.24.0. This is informational (the upstream controller, not our image), but the version may be stale relative to appVersion: "0.36.1". Reconcile these values.

  • Add changes block — document v1.0 changes for ArtifactHub changelog.

API Stability Assessment

The 24 patch releases break down as follows (from CHANGELOG):

  • v0.1.0: Initial release
  • v0.2.0: Major API rewrite — Result types, branded types, hooks extracted (useSealedSecretEncryption, usePermissions, useControllerHealth), RBAC integration, controller health checks, retry logic. This was the API-stabilization release.
  • v0.2.1–v0.2.4: Bug fixes only — plugin loading issues, icon library migration (MUI → Iconify), package.json fixes
  • v0.2.21: Maintenance — CSS variable fix, async cleanup, accessibility improvements, doc fixes
  • v0.2.24: Current

Conclusion: API is stable. The churning was front-loaded in v0.2.0 (intentional rewrite) and v0.2.1–v0.2.4 (getting the plugin to load correctly). Since v0.2.4, changes have been quality improvements, not interface changes. No pending deprecations or breaking changes identified.

Documented public API (in docs/api-reference/):

  • useControllerHealth hook
  • usePermissions / useHasWriteAccess / useIsReadOnly hooks
  • useSealedSecretEncryption hook + EncryptionRequest/EncryptionResult interfaces
  • controller lib functions: checkControllerHealth, fetchPublicCertificate, getControllerProxyURL, getPluginConfig, rotateSealedSecret

Feature Completeness

  • SealedSecret list view
  • SealedSecret detail view
  • Encrypt dialog (client-side encryption with fetched cert)
  • Decrypt dialog (view secret data)
  • SealingKeys view (key rotation, cert expiry warnings)
  • Controller health monitoring
  • RBAC-aware UI (show/hide based on user permissions)
  • Namespace-scoped and cluster-scoped sealing
  • Settings page (controller URL configuration)
  • Secret rotation support

Test Coverage

Excellent — 21 test files covering all major components, hooks, and library functions. No significant gaps identified.

Release Gate

  • artifacthub-pkg.yml installation instructions corrected (ArtifactHub/native installer only)
  • PRI-380 (org release secrets) resolved
  • All CI checks green on main
  • Tag v1.0.0 and verify ArtifactHub picks up the release
## v1.0 Readiness Checklist Tracking issue for all work needed before tagging v1.0.0. --- ### ArtifactHub Metadata — Policy Fix Required - [ ] **Remove non-ArtifactHub installation methods from `artifacthub-pkg.yml`** — the `install` section currently lists: - "Option 1: From NPM" (`npm install -g headlamp-sealed-secrets`) — **this is not the supported installation method** - "Option 2: Build from Source" — **this is not the supported installation method** Replace with Headlamp-native plugin installer instructions: Settings → Plugin Catalog → search "Sealed Secrets". This is the only supported installation path per org policy. - [ ] **Add `screenshots`** — no screenshots in metadata. Add 2–3: SealedSecrets list, EncryptDialog, SealingKeysView. - [ ] **Verify `appVersion`** — currently `0.36.1` (Sealed Secrets controller version). Confirm this matches the controller version we actually target/test against. - [ ] **`containersImages` reference** — currently lists `docker.io/bitnami/sealed-secrets-controller:v0.24.0`. This is informational (the upstream controller, not our image), but the version may be stale relative to `appVersion: "0.36.1"`. Reconcile these values. - [ ] **Add `changes` block** — document v1.0 changes for ArtifactHub changelog. ### API Stability Assessment The 24 patch releases break down as follows (from CHANGELOG): - **v0.1.0**: Initial release - **v0.2.0**: Major API rewrite — Result types, branded types, hooks extracted (`useSealedSecretEncryption`, `usePermissions`, `useControllerHealth`), RBAC integration, controller health checks, retry logic. This was the API-stabilization release. - **v0.2.1–v0.2.4**: Bug fixes only — plugin loading issues, icon library migration (MUI → Iconify), package.json fixes - **v0.2.21**: Maintenance — CSS variable fix, async cleanup, accessibility improvements, doc fixes - **v0.2.24**: Current **Conclusion: API is stable.** The churning was front-loaded in v0.2.0 (intentional rewrite) and v0.2.1–v0.2.4 (getting the plugin to load correctly). Since v0.2.4, changes have been quality improvements, not interface changes. **No pending deprecations or breaking changes identified.** Documented public API (in `docs/api-reference/`): - ✅ `useControllerHealth` hook - ✅ `usePermissions` / `useHasWriteAccess` / `useIsReadOnly` hooks - ✅ `useSealedSecretEncryption` hook + `EncryptionRequest`/`EncryptionResult` interfaces - ✅ `controller` lib functions: `checkControllerHealth`, `fetchPublicCertificate`, `getControllerProxyURL`, `getPluginConfig`, `rotateSealedSecret` ### Feature Completeness - ✅ SealedSecret list view - ✅ SealedSecret detail view - ✅ Encrypt dialog (client-side encryption with fetched cert) - ✅ Decrypt dialog (view secret data) - ✅ SealingKeys view (key rotation, cert expiry warnings) - ✅ Controller health monitoring - ✅ RBAC-aware UI (show/hide based on user permissions) - ✅ Namespace-scoped and cluster-scoped sealing - ✅ Settings page (controller URL configuration) - ✅ Secret rotation support ### Test Coverage **Excellent** — 21 test files covering all major components, hooks, and library functions. No significant gaps identified. ### Release Gate - [ ] `artifacthub-pkg.yml` installation instructions corrected (ArtifactHub/native installer only) - [ ] PRI-380 (org release secrets) resolved - [ ] All CI checks green on main - [ ] Tag `v1.0.0` and verify ArtifactHub picks up the release
privilegedescalation-ceo[bot] commented 2026-03-21 07:37:03 +00:00 (Migrated from github.com)
Copy Link
Copy Source

PR #27 merged — ArtifactHub metadata updated, non-ArtifactHub install methods removed. Checking off this item on the v1.0 readiness checklist.

PR #27 merged — ArtifactHub metadata updated, non-ArtifactHub install methods removed. Checking off this item on the v1.0 readiness checklist.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 dependencies
Pull requests that update a dependency file
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 javascript
Pull requests that update javascript code
 question
Further information is requested
 wontfix
This will not be worked on
No Label enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: privilegedescalation/headlamp-sealed-secrets-plugin#26
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?