chore: fix sonar cloud issues by Skarlso · Pull Request #5405 · external-secrets/external-secrets

Skarlso · 2025-10-03T11:54:19Z

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #...

Proposed Changes

How do you like to solve the issue and why?

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

charts
release
testing
security
templating

Checklist

I have read the contribution guidelines
All commits are signed with git commit --signoff
My changes have reasonable test coverage
All tests pass with make test
I ensured my PR is ready for review with make reviewable

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

evrardjp

I am testing those now

evrardjp · 2025-10-03T17:02:44Z

hack/helm.generate.sh

-  if [[ "$CRDS_FLAG_NAME" == *"ExternalSecret"* || "$CRDS_FLAG_NAME" == *"SecretStore"* ]]; then
+  if [[ "${CRDS_FLAG_NAME}" == *"ExternalSecret"* || "${CRDS_FLAG_NAME}" == *"SecretStore"* ]]; then
    yq e '(.spec.versions[] | select(.name == "v1alpha1")) |= ("{{- if .Values.crds.conversion.enabled }}\n \(.)\n {{- end }}")' -i "$i.bkp" || true
    $SEDPRG -i '/- |-/d' "$i.bkp"


This line (SEDPRG ) will trigger an issue.

Thanks! Will fix it later today 😊

@evrardjp Won't all of them then? Why just this one?

When I wrote this I saw an issue in sonarqube on that L24. It did not make sense to me, I hoped you would see it in sonar too.

I don't see it anymore.

Let's NOT change this until I see sonar complaining again, then we do a wholesale change on $SEDPRG.

evrardjp · 2025-10-03T17:07:30Z

Got an unrelated warning in make docs, but outside that I think we should be good if we fix $SEDPRG.

evrardjp

I don't see the problem triggered in sonarqube anymore, weirdly.

Skarlso · 2025-10-08T17:49:32Z

Apparently, the issues are gone. Which is weird.

sonarqubecloud · 2025-10-08T17:50:33Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

evrardjp · 2025-10-11T16:58:35Z

Reliable !

I need to dig deeper into this... see if everything is covered. Believing something is tested and actually ignored by scanner is very bad :/

I hope it's not the case here.

gusfcarvalho · 2025-11-15T13:26:13Z

should we merge this anyways even if issues are fixed? Still good practices

Skarlso · 2025-11-15T17:05:27Z

I think so, yeah.

evrardjp · 2025-11-16T07:43:17Z

Yeah fine for me too. Let's see.

evrardjp · 2025-11-16T07:45:09Z

Though for the record I am worried about flakiness/reliability of this test. As I am not committed to sonar, I might check alternatives to cover our grounds if no one objects.

Skarlso · 2025-11-16T07:47:05Z

Yeah sonar has been a thorn in my eye as well. But... it has its uses. But if there is a better alternative that would be nice.

evrardjp

I didn't test this, but it looks good on paper. Let's merge and see what breaks? 👺

sonarqubecloud · 2025-11-17T09:00:50Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.0.0` -> `1.1.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v1.1.0`](https://github.com/external-secrets/external-secrets/releases/tag/v1.1.0) [Compare Source](external-secrets/external-secrets@v1.0.0...v1.1.0) Image: `ghcr.io/external-secrets/external-secrets:v1.1.0` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi-boringssl`  #### What's Changed !*NOTE*!: During last community meeting we discussed that we are retiring our scarf account. With that, we will be changing back to [ghcr.io/external-secrets/external-secrets](http://ghcr.io/external-secrets/external-secrets) instead of [oci.external-secrets.io/external-secrets/external-secrets](http://oci.external-secrets.io/external-secrets/external-secrets). For now, the old domain will live for a couple months to give people to change back. With this release , the helm chart switched back to ghcr. ##### General - chore(chart): release helm chart 1.0.0 by [@Skarlso](https://github.com/Skarlso) in [#5552](external-secrets/external-secrets#5552) - feat(security): add support for ECDSA ssh keys by [@bigjazzsound](https://github.com/bigjazzsound) in [#5559](external-secrets/external-secrets#5559) - fix: minor typo in comment of KeeperSecurity example by [@mdjong1](https://github.com/mdjong1) in [#5573](external-secrets/external-secrets#5573) - docs(gcp): update documentation for using WorkloadIdentityFederation in non-GKE cluster by [@jennweir](https://github.com/jennweir) in [#5556](external-secrets/external-secrets#5556) - chore(release): add darwin\_arm64 releases by [@lbordowitz](https://github.com/lbordowitz) in [#5583](external-secrets/external-secrets#5583) - feat: support override IAM endpoint in IBM provider for APIkey auth by [@fidel-ruiz](https://github.com/fidel-ruiz) in [#5550](external-secrets/external-secrets#5550) - feat(security): build tags for all the providers to disable them on d… by [@ShimonDarshan](https://github.com/ShimonDarshan) in [#5578](external-secrets/external-secrets#5578) - fix: do not include the last element of the path in the iteration by [@Skarlso](https://github.com/Skarlso) in [#5588](external-secrets/external-secrets#5588) - fix(k8s): support deleting whole secret by [@tiagolobocastro](https://github.com/tiagolobocastro) in [#5538](external-secrets/external-secrets#5538) - fix(provider): configure TLS for secret server provider by [@Lumexralph](https://github.com/Lumexralph) in [#5558](external-secrets/external-secrets#5558) - chore(aws): remove any usage of aws-sdk-v1 by [@Skarlso](https://github.com/Skarlso) in [#5590](external-secrets/external-secrets#5590) - fix(gcp): check for secret version exists in PushSecret by [@bpalko](https://github.com/bpalko) in [#5593](external-secrets/external-secrets#5593) - feat(vault): add GCP Workload Identity authentication support by [@SamuelMolling](https://github.com/SamuelMolling) in [#5356](external-secrets/external-secrets#5356) - chore: fix sonar cloud issues by [@Skarlso](https://github.com/Skarlso) in [#5405](external-secrets/external-secrets#5405) - chore(aws-sdk-v2): update dependencies to accept new aws regions by [@damienpuig](https://github.com/damienpuig) in [#5577](external-secrets/external-secrets#5577) - feat(chart): use ghcr.io instead of our own domain by [@evrardjp](https://github.com/evrardjp) in [#5617](external-secrets/external-secrets#5617) ##### Dependencies - chore(deps): bump golang from 1.25.3 to 1.25.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#5560](external-secrets/external-secrets#5560) - chore(deps): bump golang from 1.25.3-bookworm to 1.25.4-bookworm in /e2e by [@dependabot](https://github.com/dependabot)\[bot] in [#5568](external-secrets/external-secrets#5568) - chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#5561](external-secrets/external-secrets#5561) - chore(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#5564](external-secrets/external-secrets#5564) - chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5565](external-secrets/external-secrets#5565) - chore(deps): bump aws-actions/configure-aws-credentials from [`0d00a56`](external-secrets/external-secrets@0d00a56) to [`2475ef7`](external-secrets/external-secrets@2475ef7) by [@dependabot](https://github.com/dependabot)\[bot] in [#5562](external-secrets/external-secrets#5562) - chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5563](external-secrets/external-secrets#5563) - chore(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5567](external-secrets/external-secrets#5567) - chore(deps): bump regex from 2025.10.23 to 2025.11.3 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5570](external-secrets/external-secrets#5570) - chore(deps): bump markdown from 3.9 to 3.10 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5569](external-secrets/external-secrets#5569) - chore(deps): bump hashicorp/setup-terraform from [`982f6f0`](external-secrets/external-secrets@982f6f0) to [`4c5fdab`](external-secrets/external-secrets@4c5fdab) by [@dependabot](https://github.com/dependabot)\[bot] in [#5566](external-secrets/external-secrets#5566) - chore(deps): bump golang from `d3f0cf7` to `d3f0cf7` by [@dependabot](https://github.com/dependabot)\[bot] in [#5595](external-secrets/external-secrets#5595) - chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5596](external-secrets/external-secrets#5596) - chore(deps): bump click from 8.3.0 to 8.3.1 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5602](external-secrets/external-secrets#5602) - chore(deps): bump ubi9/ubi from `dec374e` to `dcd8128` by [@dependabot](https://github.com/dependabot)\[bot] in [#5594](external-secrets/external-secrets#5594) - chore(deps): bump aws-actions/configure-aws-credentials from [`2475ef7`](external-secrets/external-secrets@2475ef7) to [`f2964c7`](external-secrets/external-secrets@f2964c7) by [@dependabot](https://github.com/dependabot)\[bot] in [#5597](external-secrets/external-secrets#5597) - chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#5598](external-secrets/external-secrets#5598) - chore(deps): bump pymdown-extensions from 10.16.1 to 10.17.1 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5599](external-secrets/external-secrets#5599) - chore(deps): bump certifi from 2025.10.5 to 2025.11.12 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5600](external-secrets/external-secrets#5600) - chore(deps): bump mkdocs-material from 9.6.23 to 9.7.0 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5601](external-secrets/external-secrets#5601) - chore(deps): bump mkdocs-macros-plugin from 1.4.1 to 1.5.0 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5603](external-secrets/external-secrets#5603) #### New Contributors - [@bigjazzsound](https://github.com/bigjazzsound) made their first contribution in [#5559](external-secrets/external-secrets#5559) - [@mdjong1](https://github.com/mdjong1) made their first contribution in [#5573](external-secrets/external-secrets#5573) - [@jennweir](https://github.com/jennweir) made their first contribution in [#5556](external-secrets/external-secrets#5556) - [@lbordowitz](https://github.com/lbordowitz) made their first contribution in [#5583](external-secrets/external-secrets#5583) - [@fidel-ruiz](https://github.com/fidel-ruiz) made their first contribution in [#5550](external-secrets/external-secrets#5550) - [@ShimonDarshan](https://github.com/ShimonDarshan) made their first contribution in [#5578](external-secrets/external-secrets#5578) - [@bpalko](https://github.com/bpalko) made their first contribution in [#5593](external-secrets/external-secrets#5593) - [@SamuelMolling](https://github.com/SamuelMolling) made their first contribution in [#5356](external-secrets/external-secrets#5356) - [@damienpuig](https://github.com/damienpuig) made their first contribution in [#5577](external-secrets/external-secrets#5577) **Full Changelog**: <external-secrets/external-secrets@v1.0.0...v1.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2081 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com> Signed-off-by: Alvin Wong <alvin.wong@forgerock.com>

chore: fix sonar cloud issues

a0ac196

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

github-project-automation bot added this to External Secrets Oct 3, 2025

github-actions bot added kind/chore Categorizes Pull Requests for chore activities (like bumping versions) size/s labels Oct 3, 2025

evrardjp suggested changes Oct 3, 2025

View reviewed changes

evrardjp approved these changes Oct 5, 2025

View reviewed changes

Merge branch 'main' into quality-gate-fix

70de563

Skarlso closed this Oct 8, 2025

github-project-automation bot moved this to Done in External Secrets Oct 8, 2025

Skarlso reopened this Oct 8, 2025

Merge branch 'main' into quality-gate-fix

c219107

evrardjp approved these changes Nov 16, 2025

View reviewed changes

jakobmoellerdev approved these changes Nov 17, 2025

View reviewed changes

Merge branch 'main' into quality-gate-fix

5a553d3

Skarlso merged commit 119f3bf into external-secrets:main Nov 17, 2025
29 checks passed

Skarlso deleted the quality-gate-fix branch November 17, 2025 09:23

Uh oh!

Conversation

Skarlso commented Oct 3, 2025

Problem Statement

Related Issue

Proposed Changes

Format

Checklist

Uh oh!

evrardjp left a comment

Choose a reason for hiding this comment

Uh oh!

evrardjp Oct 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Skarlso Oct 4, 2025

Choose a reason for hiding this comment

Uh oh!

Skarlso Oct 5, 2025

Choose a reason for hiding this comment

Uh oh!

evrardjp Oct 5, 2025

Choose a reason for hiding this comment

Uh oh!

evrardjp commented Oct 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

evrardjp left a comment

Choose a reason for hiding this comment

Uh oh!

Skarlso commented Oct 8, 2025

Uh oh!

sonarqubecloud bot commented Oct 8, 2025

Quality Gate passed

Uh oh!

evrardjp commented Oct 11, 2025

Uh oh!

gusfcarvalho commented Nov 15, 2025

Uh oh!

Skarlso commented Nov 15, 2025

Uh oh!

evrardjp commented Nov 16, 2025

Uh oh!

evrardjp commented Nov 16, 2025

Uh oh!

Skarlso commented Nov 16, 2025

Uh oh!

evrardjp left a comment

Choose a reason for hiding this comment

Uh oh!

sonarqubecloud bot commented Nov 17, 2025

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

evrardjp Oct 3, 2025 •

edited

Loading

evrardjp commented Oct 3, 2025 •

edited

Loading