feat(chart): use ghcr.io instead of our own domain#5617
Merged
Skarlso merged 1 commit intoexternal-secrets:mainfrom Nov 21, 2025
Merged
feat(chart): use ghcr.io instead of our own domain#5617Skarlso merged 1 commit intoexternal-secrets:mainfrom
Skarlso merged 1 commit intoexternal-secrets:mainfrom
Conversation
97490ad to
5cc8a1f
Compare
Contributor
Author
|
come on, bot, I updated my commit message now. |
Without this, we use our own domain, for statistics purposes. This is a problem, as: - Someone need to pay the provider (scarf currently) for this and we do not have the budget for it - We need to maintain an account for it - It is a long term effort to migrate to another provider and we are not certain as a community it is worth it. - We can still adapt later This fixes it by using ghcr.io, which already builds our images and stores them. We are only cutting the middleman. Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party>
5cc8a1f to
5510de6
Compare
|
Contributor
|
/ok-to-test sha=5510de640893028bf671c434e1fccc2a408cc2dd |
gusfcarvalho
approved these changes
Nov 21, 2025
| - --zap-time-encoding=epoch | ||
| - --enable-partial-cache=true | ||
| image: oci.external-secrets.io/external-secrets/external-secrets:v0.20.2 | ||
| image: ghcr.io/external-secrets/external-secrets:v0.20.2 |
Member
There was a problem hiding this comment.
the version looks weird - but not related to these changes. Just for the record (we are also discussing on slack.)
Contributor
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Nov 22, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `1.0.0` -> `1.1.0` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v1.1.0`](https://github.com/external-secrets/external-secrets/releases/tag/v1.1.0) [Compare Source](external-secrets/external-secrets@v1.0.0...v1.1.0) Image: `ghcr.io/external-secrets/external-secrets:v1.1.0` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi` Image: `ghcr.io/external-secrets/external-secrets:v1.1.0-ubi-boringssl` <!-- Release notes generated using configuration in .github/release.yml at main --> #### What's Changed !*NOTE*!: During last community meeting we discussed that we are retiring our scarf account. With that, we will be changing back to [ghcr.io/external-secrets/external-secrets](http://ghcr.io/external-secrets/external-secrets) instead of [oci.external-secrets.io/external-secrets/external-secrets](http://oci.external-secrets.io/external-secrets/external-secrets). For now, the old domain will live for a couple months to give people to change back. With this release , the helm chart switched back to ghcr. ##### General - chore(chart): release helm chart 1.0.0 by [@​Skarlso](https://github.com/Skarlso) in [#​5552](external-secrets/external-secrets#5552) - feat(security): add support for ECDSA ssh keys by [@​bigjazzsound](https://github.com/bigjazzsound) in [#​5559](external-secrets/external-secrets#5559) - fix: minor typo in comment of KeeperSecurity example by [@​mdjong1](https://github.com/mdjong1) in [#​5573](external-secrets/external-secrets#5573) - docs(gcp): update documentation for using WorkloadIdentityFederation in non-GKE cluster by [@​jennweir](https://github.com/jennweir) in [#​5556](external-secrets/external-secrets#5556) - chore(release): add darwin\_arm64 releases by [@​lbordowitz](https://github.com/lbordowitz) in [#​5583](external-secrets/external-secrets#5583) - feat: support override IAM endpoint in IBM provider for APIkey auth by [@​fidel-ruiz](https://github.com/fidel-ruiz) in [#​5550](external-secrets/external-secrets#5550) - feat(security): build tags for all the providers to disable them on d… by [@​ShimonDarshan](https://github.com/ShimonDarshan) in [#​5578](external-secrets/external-secrets#5578) - fix: do not include the last element of the path in the iteration by [@​Skarlso](https://github.com/Skarlso) in [#​5588](external-secrets/external-secrets#5588) - fix(k8s): support deleting whole secret by [@​tiagolobocastro](https://github.com/tiagolobocastro) in [#​5538](external-secrets/external-secrets#5538) - fix(provider): configure TLS for secret server provider by [@​Lumexralph](https://github.com/Lumexralph) in [#​5558](external-secrets/external-secrets#5558) - chore(aws): remove any usage of aws-sdk-v1 by [@​Skarlso](https://github.com/Skarlso) in [#​5590](external-secrets/external-secrets#5590) - fix(gcp): check for secret version exists in PushSecret by [@​bpalko](https://github.com/bpalko) in [#​5593](external-secrets/external-secrets#5593) - feat(vault): add GCP Workload Identity authentication support by [@​SamuelMolling](https://github.com/SamuelMolling) in [#​5356](external-secrets/external-secrets#5356) - chore: fix sonar cloud issues by [@​Skarlso](https://github.com/Skarlso) in [#​5405](external-secrets/external-secrets#5405) - chore(aws-sdk-v2): update dependencies to accept new aws regions by [@​damienpuig](https://github.com/damienpuig) in [#​5577](external-secrets/external-secrets#5577) - feat(chart): use ghcr.io instead of our own domain by [@​evrardjp](https://github.com/evrardjp) in [#​5617](external-secrets/external-secrets#5617) ##### Dependencies - chore(deps): bump golang from 1.25.3 to 1.25.4 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5560](external-secrets/external-secrets#5560) - chore(deps): bump golang from 1.25.3-bookworm to 1.25.4-bookworm in /e2e by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5568](external-secrets/external-secrets#5568) - chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5561](external-secrets/external-secrets#5561) - chore(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5564](external-secrets/external-secrets#5564) - chore(deps): bump helm/chart-testing-action from 2.7.0 to 2.8.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5565](external-secrets/external-secrets#5565) - chore(deps): bump aws-actions/configure-aws-credentials from [`0d00a56`](external-secrets/external-secrets@0d00a56) to [`2475ef7`](external-secrets/external-secrets@2475ef7) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5562](external-secrets/external-secrets#5562) - chore(deps): bump helm/kind-action from 1.12.0 to 1.13.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5563](external-secrets/external-secrets#5563) - chore(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5567](external-secrets/external-secrets#5567) - chore(deps): bump regex from 2025.10.23 to 2025.11.3 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5570](external-secrets/external-secrets#5570) - chore(deps): bump markdown from 3.9 to 3.10 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5569](external-secrets/external-secrets#5569) - chore(deps): bump hashicorp/setup-terraform from [`982f6f0`](external-secrets/external-secrets@982f6f0) to [`4c5fdab`](external-secrets/external-secrets@4c5fdab) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5566](external-secrets/external-secrets#5566) - chore(deps): bump golang from `d3f0cf7` to `d3f0cf7` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5595](external-secrets/external-secrets#5595) - chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5596](external-secrets/external-secrets#5596) - chore(deps): bump click from 8.3.0 to 8.3.1 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5602](external-secrets/external-secrets#5602) - chore(deps): bump ubi9/ubi from `dec374e` to `dcd8128` by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5594](external-secrets/external-secrets#5594) - chore(deps): bump aws-actions/configure-aws-credentials from [`2475ef7`](external-secrets/external-secrets@2475ef7) to [`f2964c7`](external-secrets/external-secrets@f2964c7) by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5597](external-secrets/external-secrets#5597) - chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5598](external-secrets/external-secrets#5598) - chore(deps): bump pymdown-extensions from 10.16.1 to 10.17.1 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5599](external-secrets/external-secrets#5599) - chore(deps): bump certifi from 2025.10.5 to 2025.11.12 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5600](external-secrets/external-secrets#5600) - chore(deps): bump mkdocs-material from 9.6.23 to 9.7.0 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5601](external-secrets/external-secrets#5601) - chore(deps): bump mkdocs-macros-plugin from 1.4.1 to 1.5.0 in /hack/api-docs by [@​dependabot](https://github.com/dependabot)\[bot] in [#​5603](external-secrets/external-secrets#5603) #### New Contributors - [@​bigjazzsound](https://github.com/bigjazzsound) made their first contribution in [#​5559](external-secrets/external-secrets#5559) - [@​mdjong1](https://github.com/mdjong1) made their first contribution in [#​5573](external-secrets/external-secrets#5573) - [@​jennweir](https://github.com/jennweir) made their first contribution in [#​5556](external-secrets/external-secrets#5556) - [@​lbordowitz](https://github.com/lbordowitz) made their first contribution in [#​5583](external-secrets/external-secrets#5583) - [@​fidel-ruiz](https://github.com/fidel-ruiz) made their first contribution in [#​5550](external-secrets/external-secrets#5550) - [@​ShimonDarshan](https://github.com/ShimonDarshan) made their first contribution in [#​5578](external-secrets/external-secrets#5578) - [@​bpalko](https://github.com/bpalko) made their first contribution in [#​5593](external-secrets/external-secrets#5593) - [@​SamuelMolling](https://github.com/SamuelMolling) made their first contribution in [#​5356](external-secrets/external-secrets#5356) - [@​damienpuig](https://github.com/damienpuig) made their first contribution in [#​5577](external-secrets/external-secrets#5577) **Full Changelog**: <external-secrets/external-secrets@v1.0.0...v1.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0Mi41LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2081 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
|
Is the chart also moving domains? the Readme file still references the old domain |
Contributor
|
@jaredjadu No, the chart stays. That's served from github pages. :) |
|
@Skarlso thanks :) the release notes were not too clear |
Contributor
|
ah, sorry about that. I'll clarify that. |
tokiwong
pushed a commit
to tokiwong/external-secrets
that referenced
this pull request
Dec 9, 2025
Without this, we use our own domain, for statistics purposes. This is a problem, as: - Someone need to pay the provider (scarf currently) for this and we do not have the budget for it - We need to maintain an account for it - It is a long term effort to migrate to another provider and we are not certain as a community it is worth it. - We can still adapt later This fixes it by using ghcr.io, which already builds our images and stores them. We are only cutting the middleman. Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party> Signed-off-by: Alvin Wong <alvin.wong@forgerock.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Without this, we use our own domain, for statistics purposes.
This is a problem, as:
This fixes it by using ghcr.io, which already builds our images and stores them. We are only cutting the middleman.
Format
Please ensure that your PR follows the following format for the title:
Where
scopeis optionally one of:Checklist
git commit --signoffmake testmake reviewable