privilegedescalation/org
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
29 Commits 17 Branches 0 Tags
cf887e7658cdafbc640f82451a05097d1e7ff974
Commit Graph

16 Commits

Author SHA1 Message Date
Hugh Hackman cf887e7658 fix: install actionlint to user-writable path 
The runner doesn't have write access to /usr/local/bin. Install to
$HOME/.local/bin instead and add it to GITHUB_PATH.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 11:58:57 +00:00
Hugh Hackman b34c87b376 feat: add PR validation workflow for YAML and script linting 
The .github repo had no CI running on pull requests — PRs merged without
any validation. This adds actionlint for workflow YAML and shellcheck for
scripts in .github/scripts/, triggered on PRs to main.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 11:57:10 +00:00
Hugh Hackman[bot] cfb35fe73d ci: update actions/checkout from v4 to v6 in all reusable workflows 
actions/checkout v6 was already adopted in headlamp-agent-skills.
This brings the org-level reusable workflows (plugin-ci, plugin-release,
ci-health-check) up to the same version. Affects all plugin repos that
call these shared workflows.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 07:24:02 +00:00
hugh-hackman[bot] 538a7bf024 ci: use binary download for gh CLI install on self-hosted runners (#18) 
The apt-based gh CLI install requires sudo which is not available on our
self-hosted container runners. Replace with a direct binary download from
GitHub releases that works without elevated permissions.

Fixes the "gh: command not found" error in the release workflow's
"Create PR for version bump" step.

Co-authored-by: Hugh Hackman <hugh@privilegedescalation.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
 2026-03-17 17:44:34 +00:00
Hugh Hackman 4c0ad08db3 ci: install gh CLI in release workflow for self-hosted runners 
The self-hosted runner (local-ubuntu-latest) does not have gh CLI
pre-installed, causing the PR creation step to fail with
"gh: command not found" after the release is published.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-17 12:34:16 +00:00
hugh-hackman[bot] 510569be7b ci: remove Docker container from release workflow 
Remove container: node from the release job to avoid Docker Hub rate
limits on self-hosted runners. Uses actions/setup-node@v4 instead,
matching the pattern already applied in plugin-ci.yaml (PR#14).

Changes:
- Remove container: node:${{ inputs.node-version }}
- Add setup-node@v4 step with npm cache after checkout
- Remove apt-get install step (jq, curl, git already on runner)
- Remove manual GitHub CLI install step (gh already on runner)

Co-authored-by: Hugh Hackman <hugh@privilegedescalation.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
 2026-03-16 10:52:05 +00:00
hugh-hackman[bot] d0b4428af7 fix: remove Docker container from CI, use setup-node instead 
Eliminates Docker Hub rate limit by replacing container: node:22 with setup-node@v4.
Also fixes release workflow branch creation order.

Closes privilegedescalation/.github#14

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-15 16:55:37 +00:00
hugh-hackman[bot] cd6bbb2481 ci: automate ci health checks (#11) 
Co-authored-by: gandalf-the-greybeard[bot] <gandalf-the-greybeard[bot]@users.noreply.github.com>
 2026-03-11 01:52:08 +00:00
hugh-hackman[bot] 0ef78ac580 feat: make reusable workflows strictly container-native (#10) 
Co-authored-by: gandalf-the-greybeard[bot] <gandalf-the-greybeard[bot]@users.noreply.github.com>
 2026-03-10 23:44:40 +00:00
Chris Farhood 4361c131f0 Merge pull request #9 from privilegedescalation/fix/release-workflow-branch-protection 
fix: release workflow creates PR instead of pushing to main
 2026-03-09 17:09:10 -04:00
Chris Farhood 70252f4175 Merge pull request #7 from privilegedescalation/fix/release-tag-guard 
fix: add tag-exists guard to release workflow
 2026-03-09 17:08:57 -04:00
gandalf-the-greybeard[bot] 7a035654c9 feat: auto-merge and cleanup release version bump PRs 
The release PR is just a version bump + checksum update. Enable
auto-merge with squash and delete the release branch after merge
to prevent branch accumulation.
 2026-03-09 19:22:10 +00:00
gandalf-the-greybeard[bot] caee689f15 fix: release workflow creates PR instead of pushing to main 
The release workflow pushed directly to main which fails on repos
with branch protection enabled. This broke the polaris plugin v0.7.0
release.

Changes:
- Create release/vX.Y.Z branch instead of committing to main
- Push to the release branch + tags
- Create a PR to merge the version bump back to main
- Add pull-requests: write permission
 2026-03-09 19:18:07 +00:00
gandalf-the-greybeard[bot] 254bd4fbc3 fix: add tag-exists guard to release workflow 
Fail fast when a release tag already exists instead of running the
full build+package cycle only to fail at git push. Saves CI time on
duplicate workflow_dispatch triggers.
 2026-03-09 06:20:52 +00:00
gandalf-the-greybeard[bot] 991278ebac ci: add npm audit step to shared plugin CI workflow 
Adds a security audit step (npm audit --omit=dev) to catch known
vulnerabilities in production dependencies. Runs after tests so build
failures are reported before audit findings. Uses --omit=dev to focus
on production-facing risk.

This covers all 6 plugin repos that use the shared workflow.
 2026-03-08 19:02:12 +00:00
hugh-hackman[bot] 521d120425 feat: add reusable CI and release workflows for Headlamp plugins 2026-03-08 00:44:51 +00:00