feat: Add Last Sync column to ExternalSecret and PushSecret printers

[jaruwat-panturat]

Problem Statement

Cluster admins want to know when the last time a sync operation happened from running the kubectl get ps/es/etc.

Related Issue

Fixes: #6002

Proposed Changes

Add a Last Sync printer column to ExternalSecret and PushSecret that displays the value of status.refreshTime

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

• charts
• release
• testing
• security
• templating

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

Adds Last Sync printer column to ExternalSecret and PushSecret

This PR adds a "Last Sync" printer column to ExternalSecret and PushSecret resources that displays the value of status.refreshTime in kubectl output (e.g., kubectl get es/ps). The column is implemented as a kubebuilder additionalPrinterColumn with JSONPath .status.refreshTime and type date.

Changes

• Added Last Sync printer column to API type annotations:
  • apis/externalsecrets/v1/externalsecret_types.go
  • apis/externalsecrets/v1beta1/externalsecret_types.go
  • apis/externalsecrets/v1alpha1/pushsecret_types.go
• Updated generated CRD manifests and bundle:
  • config/crds/bases/external-secrets.io_externalsecrets.yaml
  • config/crds/bases/external-secrets.io_pushsecrets.yaml
  • deploy/crds/bundle.yaml
  • corresponding test snapshots updated

All changes are additive to CRD printer columns and do not modify controller logic, status structs, or exported APIs.

Notes / Review comments

• A reviewer (Skarlso) objects to using a raw timestamp: they recommend the column show a duration (time since last sync) instead of the timestamp, consistent with other kubectl output patterns. Design decision on timestamp vs. elapsed-duration remains outstanding.
• PR description checklist (contribution guidelines, signed commits, tests, CI) was included but not marked complete.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 82c0b206-5106-4fb0-8c24-fd69935422f4

📥 Commits

Reviewing files that changed from the base of the PR and between 5cf285a and d10d255.

📒 Files selected for processing (3)

• apis/externalsecrets/v1/externalsecret_types.go
• apis/externalsecrets/v1alpha1/pushsecret_types.go
• apis/externalsecrets/v1beta1/externalsecret_types.go

🚧 Files skipped from review as they are similar to previous changes (1)

• apis/externalsecrets/v1alpha1/pushsecret_types.go

---

Walkthrough

Adds a "Last Sync" printer column to multiple CustomResourceDefinitions (ExternalSecret, PushSecret, and cluster variants) exposing .status.refreshTime across v1, v1alpha1, and v1beta1 API versions; no runtime logic or status struct changes.

Changes

Cohort / File(s)	Summary
Go type annotations apis/externalsecrets/v1/externalsecret_types.go, apis/externalsecrets/v1alpha1/pushsecret_types.go, apis/externalsecrets/v1beta1/externalsecret_types.go	Added kubebuilder printcolumn annotation for "Last Sync" referencing .status.refreshTime (type=date) to resource type comments. No struct/signature changes.
CRD base manifests config/crds/bases/external-secrets.io_externalsecrets.yaml, config/crds/bases/external-secrets.io_pushsecrets.yaml	Added additionalPrinterColumns entries for "Last Sync" with jsonPath: .status.refreshTime and type date in CRD schemas.
Deployed CRD bundle deploy/crds/bundle.yaml	Inserted "Last Sync" additionalPrinterColumns entries (jsonPath: .status.refreshTime, type date) across multiple CRD definitions (ExternalSecret, PushSecret, cluster variants) in the bundled manifests.

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR adds a Last Sync column displaying status.refreshTime as a date, but issue #6002 requests a duration (time since last sync, e.g., '1m3s'). The implementation does not match the requested feature.	Modify the implementation to display time elapsed since status.refreshTime (relative duration) rather than the raw date/time value to align with issue #6002 requirements.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Out of Scope Changes check	✅ Passed	All changes are directly related to adding a Last Sync printer column to ExternalSecret and PushSecret, which is within scope of issue #6002. No unrelated modifications were detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Skarlso]

Add a Last Sync printer column to ExternalSecret and PushSecret that displays the value of status.refreshTime

That's not correct. Last synced should be similar to Age. Meaning it should be duration that expired from the last time this object underwent a Sync event.

So this wouldn't be of type date either. It would of type duration.

[jaruwat-panturat]

Hello @Skarlso,

Please correct me if I'm wrong, but I believe the last sync column should display something like this after 150 seconds since the last sync:

NAME      AGE   STATUS   LAST SYNC
test-ps   19h   Synced   2m30s

Is this the expected behavior?

[Skarlso]

@jaruwat-panturat Yes. And actually, I was wrong, because I can't read. :D I thought that's the interval time. 🤦

I'm sorry. Your change is right.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Skarlso]

/ok-to-test sha=19f6ed0791c58b2dafa204847dbf83de83d3c686

[eso-service-account-app]

[Bot] - ✅ e2e for 19f6ed0791c58b2dafa204847dbf83de83d3c686 passed