PushSecret using a GitHub ClusterSecretStore fails to delete repo-level secret when it is deleted #4744
Description
Describe the bug
I have a PushSecret using a ClusterSecretStore set to a specific org/repository. The secret is created in the GitHub repo when I create PushSecret. When I attempt to delete the PushSecret, it errors.
❯ kg pushsecret
NAME AGE STATUS
github-push-mysecret 51m Errored
The event error shows that the repo name did not get added to the delete request URL
Failed to Delete Secrets from Provider: failed to delete secret: DELETE https://api.github.com/repos/dtx-company//actions/secrets/JAMES_TEST: 404 Not Found []
To Reproduce
Steps to reproduce the behavior:
- provide all relevant manifests
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: github-repo-jamest-sandbox
spec:
provider:
# provider type: github
github:
appID: <apiID>
installationID: <installID>
organization: <org>
repository: "jamest-sandbox"
#environment: "Optional. set this for environment secrets"
auth:
privateKey:
name: github-app-private-key
key: privateKey.pem
namespace: external-secrets
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: github-push-mysecret
namespace: default
spec:
updatePolicy: Replace
deletionPolicy: Delete
refreshInterval: 2m
secretStoreRefs:
- name: github-repo-jamest-sandbox
kind: ClusterSecretStore
selector:
secret:
name: test-gha-secret
data:
- match:
secretKey: test-value # key in the K8s Secret
remoteRef:
remoteKey: JAMES_TEST # name of the GitHub secret
- provide the Kubernetes and ESO version
EKS 1.32
ESO 0.16.1
Expected behavior
When I performed
kubectI delete pushsecret github-push-mysecret
I expected the ESO finalizer to delete the secret in GitHub and then allow PushSecret deletion to proceed.