Add waitForSidebar helper function with explicit sidebar visibility wait
and networkidle state to ensure page is fully loaded before assertions.
This addresses flaky E2E tests where elements were not consistently
found due to timing issues during page transitions.
The reusable plugin-e2e.yaml@main lacks pnpm support. Switching to
the PR branch that has pnpm detector, Corepack setup, and pnpm commands.
Will revert to @main once PR #141 merges.
- PRI-619 E2E fix
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* Regenerate lockfile for lodash override
- Explicitly add lodash@4.18.1 to ensure override is respected
- Regenerated pnpm-lock.yaml with resolved lodash@4.18.1 (CVE fix)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix: drop bogus direct lodash devDependency that conflicted with override
The rebase added "lodash": "4.18.1" as a direct devDependency alongside
the >=4.18.0 override, which npm rejects with EOVERRIDE during the
headlamp-plugin build step. The plugin source does not import lodash;
the override alone is sufficient to patch the transitive CVE.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
---------
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).
CVE: GHSA-p9ff-h696-f583
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
pnpm/action-setup@v5 requires either a version key in the action config
or a packageManager field in package.json. Add the field to unblock the
release workflow.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add eslint@^8.57.0, @headlamp-k8s/eslint-config@^0.6.0, prettier@^2.8.8,
typescript@~5.6.2 as explicit devDependencies. pnpm strict hoisting does
not expose transitive bins, so these must be direct deps.
Remove vite/client and vite-plugin-svgr/client from tsconfig types; these
are transitive deps pnpm does not hoist and polaris plugin omits them.
Replaces the duplicated Renovate config with a simple extend from the
org-level preset (privilegedescalation/.github:renovate-config). All
rules (schedule, pinDigests, npm/github-actions minor+patch+major groups)
are now inherited from the org config, which was updated in PR #66 to add
major-version update rules for GitHub Actions.
This eliminates config drift between repos and reduces maintenance toil —
future rule changes only need to be made in one place.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The org renovate-config.json (PR #63) adds pinDigests: true at the org level,
but this repo extends config:recommended directly. Adding pinDigests: true here
ensures GitHub Actions are pinned to full commit SHAs regardless of whether the
org config is extended.
Related: privilegedescalation/.github#63, PRI-757
Calls the shared privilegedescalation/.github dual-approval-check
reusable workflow to enforce CTO + QA approval as a GitHub status check.
Once privilegedescalation/.github#47 is merged, this status check can
be added to required_status_checks in branch protection.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The shared release workflow now requires RELEASE_APP_ID and
RELEASE_APP_PRIVATE_KEY secrets for PR creation, since the org
blocks GITHUB_TOKEN from creating PRs.
Depends on privilegedescalation/.github#31
Co-authored-by: privilegedescalation-paperclip[bot] <268365651+privilegedescalation-paperclip[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The reusable release workflow declares pull-requests:write but the
caller didn't grant it, causing startup_failure on GitHub Actions.
Co-authored-by: Hugh Hackman [bot] <hugh-hackman[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The package.json only listed @kinvolk/headlamp-plugin as a devDependency,
but CI runs tsc, eslint, prettier, and vitest which all require additional
packages. Add the same devDependencies used by the reference kube-vip plugin
and regenerate the lock file.
Also adds peerDependencies for react/react-dom to match the reference plugin
conventions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
ArtifactHub plugin installer is the only supported installation method.
Remove manual tarball, sidecar, and build-from-source install options
to align documentation with company policy.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Target main branch explicitly
- Set weekly schedule (weekends)
- Limit concurrent PRs to 10
- Group minor/patch updates for npm and github-actions to reduce PR noise
Ref: PRI-16
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Three files had formatting inconsistencies causing the format:check
CI step to fail on main since 2026-03-04.
Fixes#3
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Claude Code agent skill for ArtifactHub metadata and publishing,
sourced from headlamp-agent-skills repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix PVC bind loop leak on unmount via cancellation ref
- Fix DeleteOptions body structure for proper foreground propagation
- Filter snapshots to tns-csi driver only (was showing all drivers)
- Fix stale closures in Escape key handlers with useCallback
- Add loading state to cleanup delete button, remove window.confirm/alert
- Use CSS custom properties for protocol chart colors (dark mode support)
- Fix all 35 ESLint warnings (import sort, indent, boolean attrs)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Claude Code agent skill for Headlamp plugin development,
sourced from headlamp-agent-skills repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The self-hosted runner does not have gh CLI installed, causing
the Create GitHub Release step to fail with 'command not found'.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Chris Farhood
privilegedescalation-engineer[bot]
Hugh Hackman