chore(license): add automated license header checking using Apache SkyWalking Eyes GitHub Action by Copilot · Pull Request #5290 · external-secrets/external-secrets

Copilot · 2025-09-10T05:13:05Z

This PR implements automated license header verification for Go files in pull requests using Apache SkyWalking Eyes GitHub Action, addressing the requirement to ensure all code contributions include proper Apache License 2.0 headers.

Changes Made

Initial implementation with Apache SkyWalking Eyes GitHub Action
Added .licenserc.yaml configuration file for license header verification
Integrated into existing CI workflow
Updated developer guide documentation
Replaced spdx-id configuration with content matching hack/boilerplate.go.txt
Updated content configuration to match current boilerplate file with copyright line
Replaced language configuration with paths pattern to only check Go files

License Verification with GitHub Action:

Uses apache/skywalking-eyes/header@v0.6.0 action for license header checking
Configuration file .licenserc.yaml now uses exact license content from hack/boilerplate.go.txt including copyright line
Simplified configuration to only check Go files using paths: ["**/*.go"] pattern instead of language-based targeting
Integrated into the existing check-diff job in the CI workflow

CI Integration:

Added license header check to the existing check-diff job in the CI workflow
The check runs automatically on pull requests and fails if files lack proper license headers
Uses Apache Foundation's official license checking tool for reliability

Documentation:

Updated developer guide with license requirements and tooling information
Clear guidance on Apache License 2.0 header requirements
References to SkyWalking Eyes for local development

How It Works

The system uses Apache SkyWalking Eyes to validate license headers. When a PR is opened:

The CI runs the SkyWalking Eyes action which checks all applicable files
Validates each Go file contains the exact Apache License 2.0 header text from hack/boilerplate.go.txt (including copyright line)
Fails the CI check if any files are missing proper headers, with clear error messages
Configuration in .licenserc.yaml uses paths pattern **/*.go to specifically target only Go source files

Benefits

Industry Standard Tool: Uses Apache Foundation's official license header checker
Automated Compliance: Ensures all code includes proper license headers without manual review
Better Reliability: Maintained by Apache Software Foundation with regular updates
Simplified Maintenance: No custom scripts to maintain, relies on established tooling
Clear Feedback: Detailed error messages guide contributors on fixing issues
Exact Content Matching: Uses the exact license header content from the project's boilerplate file with copyright
Focused Scope: Only checks Go files using **/*.go path pattern, avoiding false positives on documentation and configuration files

The implementation uses a well-established, community-maintained tool instead of custom scripts, providing better reliability and easier maintenance while ensuring license compliance for all contributions.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Skarlso · 2025-09-10T05:26:00Z

@copilot I prefer to use a github action instead of a bunch of bash files. Look for a github action that already does this. And use that instead.

…cense header checking Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot · 2025-09-10T05:34:08Z

@copilot I prefer to use a github action instead of a bunch of bash files. Look for a github action that already does this. And use that instead.

I've replaced the bash scripts with Apache SkyWalking Eyes GitHub Action as requested. The change uses apache/skywalking-eyes/header@v0.6.0 which is specifically designed for Apache License 2.0 header checking. This provides better reliability and maintenance compared to custom scripts. The configuration is in .licenserc.yaml and the CI workflow now uses the official action instead of custom bash scripts. (commit 9965569)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/search/repositories
- Triggering command: curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Skarlso · 2025-09-10T05:53:56Z

@copilot in the config instead of spdx-id have a content setting matching the license in the file hack/boilerplate.go.txt.

…enserc.yaml Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot · 2025-09-10T05:57:03Z

@copilot in the config instead of spdx-id have a content setting matching the license in the file hack/boilerplate.go.txt.

Updated the .licenserc.yaml configuration to replace spdx-id with content setting that matches the exact license header text from hack/boilerplate.go.txt. The configuration now uses the precise content for license validation. (commit f6ebdfc)

Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot · 2025-09-10T06:22:58Z

@copilot Instead of setting paths-ignore: set that it should ONLY CHECK go files. I believe thats:
  language: # <11>

...

Updated the .licenserc.yaml configuration to replace paths-ignore with language: Go: setting to only check Go files as requested. This simplifies the configuration and focuses the license check specifically on Go source files. (commit b9fc821)

Skarlso · 2025-09-10T06:28:59Z

@copilot Okay, this is still failing. However, according to the documentation you can also set paths to something like **/*.go and then we should be golden.

The paths are the path list that will be checked (and fixed) by license-eye, default is ['**']. Formats like **/*.md and /bin/ are supported.

Hopefully that will mean that it will ONLY consider Go files and we don't have to bother with path-ignore which increases the permutations manyfold.

…g **/*.go pattern Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot · 2025-09-10T06:32:53Z

@copilot Okay, this is still failing. However, according to the documentation you can also set paths to something like **/*.go and then we should be golden.

The paths are the path list that will...

Updated the .licenserc.yaml configuration to use paths: ["**/*.go"] instead of the language configuration. This targets only Go files using the path pattern as suggested, which should resolve the failing checks. (commit 9741c6f)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Skarlso · 2025-09-10T07:53:26Z

/home/runner/work/external-secrets/external-secrets/go.mod:3: invalid go version '1.24.6': must match format 1.23

Why the ever loving heck did this start now?

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

Skarlso · 2025-09-10T08:08:07Z

WHY IS THIS SHIT FAILING? WTF?

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

sonarqubecloud · 2025-09-10T08:12:21Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Skarlso · 2025-09-10T08:16:00Z

Yayy it works. I think the licence thingy might have left the branch dirty.

jakobmoellerdev

I think this was probably the most boring and hardest review i have ever done.. :D

e2e/suites/provider/cases/azure/azure_key.go

e2e/suites/provider/cases/import.go

e2e/suites/provider/cases/secretserver/provider.go

Skarlso · 2025-09-10T09:02:38Z

Can ignore the test failure. The pervious one passed.

Not saying this shouldn't be fixed, but this is not part of this PR.

      create not allowed while custom resource definition is terminating

Created #5291

Skarlso · 2025-09-10T09:13:41Z

Going to wait for the e2e test. :)

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://github.com/external-secrets/external-secrets) | minor | `0.19.2` -> `0.20.1` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v0.20.1`](https://github.com/external-secrets/external-secrets/releases/tag/v0.20.1) [Compare Source](external-secrets/external-secrets@v0.19.2...v0.20.1) Image: `ghcr.io/external-secrets/external-secrets:v0.20.1` Image: `ghcr.io/external-secrets/external-secrets:v0.20.1-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.20.1-ubi-boringssl`  #### What's Changed ##### General - chore: release 0.19.2 by [@moolen](https://github.com/moolen) in [#5136](external-secrets/external-secrets#5136) - chore: update readme by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5137](external-secrets/external-secrets#5137) - fix(kubernetes): make auth field optional by [@mhrabovcin](https://github.com/mhrabovcin) in [#5064](external-secrets/external-secrets#5064) - chore: Fix Markdown spelling issues found by codespell by [@mjtrangoni](https://github.com/mjtrangoni) in [#5139](external-secrets/external-secrets#5139) - Fix yaml codeblock for oracle-vault provider docs by [@muckelba](https://github.com/muckelba) in [#5146](external-secrets/external-secrets#5146) - feat: add liveness probe to eso controller by [@Skarlso](https://github.com/Skarlso) in [#4930](external-secrets/external-secrets#4930) - fix(helm): add boolean for processClusterGenerator by [@DrummyFloyd](https://github.com/DrummyFloyd) in [#5144](external-secrets/external-secrets#5144) - chore: add Cisco to ADOPTERS.md by [@sriaradhyula](https://github.com/sriaradhyula) in [#5159](external-secrets/external-secrets#5159) - docs: Fix provider stability and support table by [@jonstacks](https://github.com/jonstacks) in [#5161](external-secrets/external-secrets#5161) - feat(helm): Add control of response to missing prometheus CRDs by [@jcpunk](https://github.com/jcpunk) in [#5087](external-secrets/external-secrets#5087) - chore: Added release notes configuration by [@bonddim](https://github.com/bonddim) in [#5148](external-secrets/external-secrets#5148) - chore: bump bitwarden helm chart version by [@Skarlso](https://github.com/Skarlso) in [#5044](external-secrets/external-secrets#5044) - chore(docs): update `ADOPTERS.md` to include SAP by [@jakobmoellerdev](https://github.com/jakobmoellerdev) in [#5165](external-secrets/external-secrets#5165) - feat: add externalsecret namespace for webhook provider by [@matheusmazzoni](https://github.com/matheusmazzoni) in [#5155](external-secrets/external-secrets#5155) - fix: add unknown status for secret store by [@alvin-rw](https://github.com/alvin-rw) in [#5070](external-secrets/external-secrets#5070) - Fix pushing to an AWS Secrets Manager Secret when there are no secret values by [@nirajsapkota](https://github.com/nirajsapkota) in [#4878](external-secrets/external-secrets#4878) - add extralabels for dashboard to be scraped by multiple grafana instances by [@L1ghtman2k](https://github.com/L1ghtman2k) in [#5138](external-secrets/external-secrets#5138) - fix: the api docs are not referencing sshkey generator by [@Skarlso](https://github.com/Skarlso) in [#5170](external-secrets/external-secrets#5170) - Update github.md by [@gecube](https://github.com/gecube) in [#5171](external-secrets/external-secrets#5171) - Update anchore-engine-credentials.md by [@gecube](https://github.com/gecube) in [#5172](external-secrets/external-secrets#5172) - docs: update infisical docs to clarify missing system:auth-delegator need by [@Skarlso](https://github.com/Skarlso) in [#5174](external-secrets/external-secrets#5174) - Adding support different type auth sources by [@preved911](https://github.com/preved911) in [#4877](external-secrets/external-secrets#4877) - fix: stability update document did not update the stability table correctly by [@Skarlso](https://github.com/Skarlso) in [#5176](external-secrets/external-secrets#5176) - Add esv1.AnnotationForceSync for CES and ES by [@ntnn](https://github.com/ntnn) in [#5156](external-secrets/external-secrets#5156) - fix: helm build failing by [@Skarlso](https://github.com/Skarlso) in [#5178](external-secrets/external-secrets#5178) - fix: remove release- branch automation by [@moolen](https://github.com/moolen) in [#5182](external-secrets/external-secrets#5182) - chore: update dependencies by [@eso-service-account-app](https://github.com/eso-service-account-app)\[bot] in [#5181](external-secrets/external-secrets#5181) - docs: update bitwarden documentation for dataFrom field usage by [@Skarlso](https://github.com/Skarlso) in [#5196](external-secrets/external-secrets#5196) - feat: add contributor ladder by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5150](external-secrets/external-secrets#5150) - feat: support vault provider check and set for push secrets by [@webstradev](https://github.com/webstradev) in [#5197](external-secrets/external-secrets#5197) - chore(docs): update helm charts by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5203](external-secrets/external-secrets#5203) - chore(ci): fix sonarqube security warnings in helm.yml by [@webstradev](https://github.com/webstradev) in [#5202](external-secrets/external-secrets#5202) - chore: add pull request maintenance auto labelling and sizes by [@Skarlso](https://github.com/Skarlso) in [#5200](external-secrets/external-secrets#5200) - fix: update the label verification step by [@Skarlso](https://github.com/Skarlso) in [#5209](external-secrets/external-secrets#5209) - feat: add infisical k8s auth with Client JWT as Reviewer JWT Token support by [@tuxtof](https://github.com/tuxtof) in [#5168](external-secrets/external-secrets#5168) - feat: improve error message for json marshalling/unmarshalling by [@webstradev](https://github.com/webstradev) in [#5211](external-secrets/external-secrets#5211) - chore: enhance `helm-values-schema-json` schema plugin management logic by [@jakobmoellerdev](https://github.com/jakobmoellerdev) in [#5212](external-secrets/external-secrets#5212) - fix(aws): stop incrementing the UUID for versions by [@Skarlso](https://github.com/Skarlso) in [#5175](external-secrets/external-secrets#5175) - feat: enable secure serving for metrics \[issue 4614] by [@rkferreira](https://github.com/rkferreira) in [#5169](external-secrets/external-secrets#5169) - fix(infisical): fix TokenAuth auth method by escaping the token revocation by [@arthlr](https://github.com/arthlr) in [#5217](external-secrets/external-secrets#5217) - fix: tilt build was failing to rebuild by [@Skarlso](https://github.com/Skarlso) in [#5225](external-secrets/external-secrets#5225) - feat: add selectable fields to the CRDs by [@Skarlso](https://github.com/Skarlso) in [#5226](external-secrets/external-secrets#5226) - ref: removing Yandex Cloud specific common types declaration duplication by [@preved911](https://github.com/preved911) in [#4905](external-secrets/external-secrets#4905) - fix: missing codeowners file from .github folder by [@Skarlso](https://github.com/Skarlso) in [#5228](external-secrets/external-secrets#5228) - feat: add setting remote namespace to metadata for kubernetes provider by [@Skarlso](https://github.com/Skarlso) in [#5224](external-secrets/external-secrets#5224) - feat: add support for certs only in pkcs12 by [@devnopt](https://github.com/devnopt) in [#4875](external-secrets/external-secrets#4875) - docs: document redundant clusterName/clusterLocation parameters in GCP Secret Manager docs by [@ionicsolutions](https://github.com/ionicsolutions) in [#5208](external-secrets/external-secrets#5208) - feat: Allow adding finalizers from template by [@malovme](https://github.com/malovme) in [#5140](external-secrets/external-secrets#5140) - fix: controller-runtime update by [@gusfcarvalho](https://github.com/gusfcarvalho) in [#5239](external-secrets/external-secrets#5239) - chore: update dependencies by [@eso-service-account-app](https://github.com/eso-service-account-app)\[bot] in [#5229](external-secrets/external-secrets#5229) - fix: Prevent secretstore reconcile loop when provider error response is dynamic by [@dakotaharden](https://github.com/dakotaharden) in [#5247](external-secrets/external-secrets#5247) - feat: add finalizers to SecretStores when referenced by PushSecrets with DeletionPolicy=Delete by [@matheusmazzoni](https://github.com/matheusmazzoni) in [#5163](external-secrets/external-secrets#5163) - fix: keepersecurity support for shortcuts by [@pepordev](https://github.com/pepordev) in [#5245](external-secrets/external-secrets#5245) - feat: add support for GCP Workload Identity Federation by [@bharath-b-rh](https://github.com/bharath-b-rh) in [#4654](external-secrets/external-secrets#4654) - feat: support fetching secrets and certificates by name in Yandex Lockbox & Certificate Manager by [@alliseeisgold](https://github.com/alliseeisgold) in [#5022](external-secrets/external-secrets#5022) - chore(charts): Adds new make target for installing unittest plugin by [@bharath-b-rh](https://github.com/bharath-b-rh) in [#5250](external-secrets/external-secrets#5250) - docs(templating): added clarifying comments to Github generator example by [@nielstenboom](https://github.com/nielstenboom) in [#5248](external-secrets/external-secrets#5248) - feat(release): add new workflow to label first time contributor issues by [@mouhsen-ibrahim](https://github.com/mouhsen-ibrahim) in [#5243](external-secrets/external-secrets#5243) - feat(security): Adds an option to make HTTP2 configurable by [@siddhibhor-56](https://github.com/siddhibhor-56) in [#5231](external-secrets/external-secrets#5231) - feat: add retry for onepassword on authorization error by [@Skarlso](https://github.com/Skarlso) in [#5253](external-secrets/external-secrets#5253) - fix: handle namespace deletion race conditions with finalizers by [@framsouza](https://github.com/framsouza) in [#5154](external-secrets/external-secrets#5154) - docs: update stability and support by [@anders-swanson](https://github.com/anders-swanson) in [#5257](external-secrets/external-secrets#5257) - fix(akeyless): Upgrade Akeyless Provider Go SDK to v4 by [@kgal-akl](https://github.com/kgal-akl) in [#5263](external-secrets/external-secrets#5263) - feat: support Pod Identity authentication for Vault Provider by [@webstradev](https://github.com/webstradev) in [#5201](external-secrets/external-secrets#5201) - feat: add domain field to secretserver provider by [@rkferreira](https://github.com/rkferreira) in [#5258](external-secrets/external-secrets#5258) - chore(release): Migrate to actions/create-github-app-token action by [@mouhsen-ibrahim](https://github.com/mouhsen-ibrahim) in [#5264](external-secrets/external-secrets#5264) - chore: just updating the crd conformance tests by [@Skarlso](https://github.com/Skarlso) in [#5265](external-secrets/external-secrets#5265) - chore(revert): "chore(release): Migrate to actions/create-github-app-token action" by [@Skarlso](https://github.com/Skarlso) in [#5269](external-secrets/external-secrets#5269) - chore: azure sdk update by [@hauswio](https://github.com/hauswio) in [#5162](external-secrets/external-secrets#5162) - feat: add support for fetching Secret by Path on Delinea Secret Server provider by [@DelineaSahilWankhede](https://github.com/DelineaSahilWankhede) in [#5270](external-secrets/external-secrets#5270) - feat: migrate from tibdex to actions/create-github-app-token by [@rkferreira](https://github.com/rkferreira) in [#5286](external-secrets/external-secrets#5286) - fix: license headers across all Go files - standardize format, add missing copyright, fix typos by [@Copilot](https://github.com/Copilot) in [#5288](external-secrets/external-secrets#5288) - fix: the boilerplate was missing the right license format by [@Skarlso](https://github.com/Skarlso) in [#5289](external-secrets/external-secrets#5289) - chore(license): add automated license header checking using Apache SkyWalking Eyes GitHub Action by [@Copilot](https://github.com/Copilot) in [#5290](external-secrets/external-secrets#5290) - chore(docs): remove GitHub Discussions references and update support channels by [@jakobmoellerdev](https://github.com/jakobmoellerdev) in [#5292](external-secrets/external-secrets#5292) - docs: updated the ladder with two new tracks: documentation and community by [@Skarlso](https://github.com/Skarlso) in [#5298](external-secrets/external-secrets#5298) - docs(release): create upgrading section by [@rkferreira](https://github.com/rkferreira) in [#5310](external-secrets/external-secrets#5310) - docs: readme update for health of the project by [@Skarlso](https://github.com/Skarlso) in [#5309](external-secrets/external-secrets#5309) - fix: validate namespace in secretRef by [@moolen](https://github.com/moolen) in [#5311](external-secrets/external-secrets#5311) - docs: add burnout prevention strategies and mitigation policy document by [@Skarlso](https://github.com/Skarlso) in [#5307](external-secrets/external-secrets#5307) - feat: add missing go sbom by [@moolen](https://github.com/moolen) in [#5313](external-secrets/external-secrets#5313) - feat: make vault e2e tests run locally by [@moolen](https://github.com/moolen) in [#5246](external-secrets/external-secrets#5246) - chore: update dependencies by [@eso-service-account-app](https://github.com/eso-service-account-app)\[bot] in [#5324](external-secrets/external-secrets#5324) - feat: add Cloudsmith generator for container registry authentication by [@cloudsmith-iduffy](https://github.com/cloudsmith-iduffy) in [#5267](external-secrets/external-secrets#5267) - feat: Add lgtm review automation step to ci workflows. by [@webstradev](https://github.com/webstradev) in [#5251](external-secrets/external-secrets#5251) - feat(provider): add Volcengine provider support by [@kevinyancn](https://github.com/kevinyancn) in [#5306](external-secrets/external-secrets#5306) - test: add more information to potentially flaky test by [@Skarlso](https://github.com/Skarlso) in [#5330](external-secrets/external-secrets#5330) - fix(docs): Fix typo in controller options doc by [@tspearconquest](https://github.com/tspearconquest) in [#5299](external-secrets/external-secrets#5299) - chore(testing): Add licence.check make target by [@jonstacks](https://github.com/jonstacks) in [#5335](external-secrets/external-secrets#5335) - docs(gitlab-variables): document environment scope fallback by [@s1nyx](https://github.com/s1nyx) in [#5300](external-secrets/external-secrets#5300) ##### Dependencies - chore(deps): bump mkdocs-macros-plugin from 1.3.7 to 1.3.9 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5190](external-secrets/external-secrets#5190) - chore(deps): bump requests from 2.32.4 to 2.32.5 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5191](external-secrets/external-secrets#5191) - chore(deps): bump golang from 1.24.6-bookworm to 1.25.0-bookworm in /e2e by [@dependabot](https://github.com/dependabot)\[bot] in [#5189](external-secrets/external-secrets#5189) - chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5188](external-secrets/external-secrets#5188) - chore(deps): bump actions/create-github-app-token from 2.1.0 to 2.1.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5187](external-secrets/external-secrets#5187) - chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 by [@dependabot](https://github.com/dependabot)\[bot] in [#5186](external-secrets/external-secrets#5186) - chore(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5184](external-secrets/external-secrets#5184) - chore(deps): bump golang from 1.24.6 to 1.25.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5194](external-secrets/external-secrets#5194) - chore(deps): bump github/codeql-action from 3.29.8 to 3.29.11 by [@dependabot](https://github.com/dependabot)\[bot] in [#5195](external-secrets/external-secrets#5195) - chore(deps): bump ubi8/ubi from `4f0a4e4` to `7010e70` by [@dependabot](https://github.com/dependabot)\[bot] in [#5193](external-secrets/external-secrets#5193) - chore(deps): bump mkdocs-material from 9.6.16 to 9.6.18 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5192](external-secrets/external-secrets#5192) - chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5198](external-secrets/external-secrets#5198) - chore(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#5199](external-secrets/external-secrets#5199) - chore(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5234](external-secrets/external-secrets#5234) - chore(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5236](external-secrets/external-secrets#5236) - chore(deps): bump ubi8/ubi from `7010e70` to `534c2c0` by [@dependabot](https://github.com/dependabot)\[bot] in [#5237](external-secrets/external-secrets#5237) - chore(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5238](external-secrets/external-secrets#5238) - chore(deps): bump regex from 2025.7.34 to 2025.8.29 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5242](external-secrets/external-secrets#5242) - chore(deps): bump platformdirs from 4.3.8 to 4.4.0 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5241](external-secrets/external-secrets#5241) - chore(deps): bump distroless/static from `2e114d2` to `f2ff10a` by [@dependabot](https://github.com/dependabot)\[bot] in [#5240](external-secrets/external-secrets#5240) - chore(deps): bump golang from 1.25.0 to 1.25.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5275](external-secrets/external-secrets#5275) - chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5274](external-secrets/external-secrets#5274) - chore(deps): bump actions/stale from 9.1.0 to 10.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5273](external-secrets/external-secrets#5273) - chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5276](external-secrets/external-secrets#5276) - chore(deps): bump mkdocs-material from 9.6.18 to 9.6.19 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5279](external-secrets/external-secrets#5279) - chore(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5278](external-secrets/external-secrets#5278) - chore(deps): bump github/codeql-action from 3.29.11 to 3.30.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5277](external-secrets/external-secrets#5277) - chore(deps): bump markdown from 3.8.2 to 3.9 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5281](external-secrets/external-secrets#5281) - chore(deps): bump golang from 1.25.0-bookworm to 1.25.1-bookworm in /e2e by [@dependabot](https://github.com/dependabot)\[bot] in [#5280](external-secrets/external-secrets#5280) - chore(deps): bump regex from 2025.8.29 to 2025.9.1 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5282](external-secrets/external-secrets#5282) - chore(deps): bump golang from `b6ed3fd` to `b6ed3fd` by [@dependabot](https://github.com/dependabot)\[bot] in [#5318](external-secrets/external-secrets#5318) - chore(deps): bump actions/setup-python from 5.6.0 to 6.0.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5317](external-secrets/external-secrets#5317) - chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5319](external-secrets/external-secrets#5319) - chore(deps): bump distroless/static from `f2ff10a` to `87bce11` by [@dependabot](https://github.com/dependabot)\[bot] in [#5320](external-secrets/external-secrets#5320) - chore(deps): bump actions/labeler from 5.0.0 to 6.0.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5323](external-secrets/external-secrets#5323) - chore(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#5321](external-secrets/external-secrets#5321) - chore(deps): bump actions/create-github-app-token from 2.1.1 to 2.1.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#5322](external-secrets/external-secrets#5322) - chore(deps): bump actions/create-github-app-token from 2.1.1 to 2.1.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#5339](external-secrets/external-secrets#5339) - chore(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5344](external-secrets/external-secrets#5344) - chore(deps): bump mkdocs-material from 9.6.19 to 9.6.20 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5345](external-secrets/external-secrets#5345) - chore(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#5343](external-secrets/external-secrets#5343) - chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5340](external-secrets/external-secrets#5340) - chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 by [@dependabot](https://github.com/dependabot)\[bot] in [#5341](external-secrets/external-secrets#5341) - chore(deps): bump regex from 2025.9.1 to 2025.9.18 in /hack/api-docs by [@dependabot](https://github.com/dependabot)\[bot] in [#5346](external-secrets/external-secrets#5346) - chore(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#5342](external-secrets/external-secrets#5342) #### New Contributors - [@mjtrangoni](https://github.com/mjtrangoni) made their first contribution in [#5139](external-secrets/external-secrets#5139) - [@muckelba](https://github.com/muckelba) made their first contribution in [#5146](external-secrets/external-secrets#5146) - [@DrummyFloyd](https://github.com/DrummyFloyd) made their first contribution in [#5144](external-secrets/external-secrets#5144) - [@sriaradhyula](https://github.com/sriaradhyula) made their first contribution in [#5159](external-secrets/external-secrets#5159) - [@jonstacks](https://github.com/jonstacks) made their first contribution in [#5161](external-secrets/external-secrets#5161) - [@matheusmazzoni](https://github.com/matheusmazzoni) made their first contribution in [#5155](external-secrets/external-secrets#5155) - [@nirajsapkota](https://github.com/nirajsapkota) made their first contribution in [#4878](external-secrets/external-secrets#4878) - [@L1ghtman2k](https://github.com/L1ghtman2k) made their first contribution in [#5138](external-secrets/external-secrets#5138) - [@gecube](https://github.com/gecube) made their first contribution in [#5171](external-secrets/external-secrets#5171) - [@preved911](https://github.com/preved911) made their first contribution in [#4877](external-secrets/external-secrets#4877) - [@ntnn](https://github.com/ntnn) made their first contribution in [#5156](external-secrets/external-secrets#5156) - [@webstradev](https://github.com/webstradev) made their first contribution in [#5197](external-secrets/external-secrets#5197) - [@rkferreira](https://github.com/rkferreira) made their first contribution in [#5169](external-secrets/external-secrets#5169) - [@arthlr](https://github.com/arthlr) made their first contribution in [#5217](external-secrets/external-secrets#5217) - [@devnopt](https://github.com/devnopt) made their first contribution in [#4875](external-secrets/external-secrets#4875) - [@dakotaharden](https://github.com/dakotaharden) made their first contribution in [#5247](external-secrets/external-secrets#5247) - [@bharath-b-rh](https://github.com/bharath-b-rh) made their first contribution in [#4654](external-secrets/external-secrets#4654) - [@alliseeisgold](https://github.com/alliseeisgold) made their first contribution in [#5022](external-secrets/external-secrets#5022) - [@nielstenboom](https://github.com/nielstenboom) made their first contribution in [#5248](external-secrets/external-secrets#5248) - [@siddhibhor-56](https://github.com/siddhibhor-56) made their first contribution in [#5231](external-secrets/external-secrets#5231) - [@framsouza](https://github.com/framsouza) made their first contribution in [#5154](external-secrets/external-secrets#5154) - [@kgal-akl](https://github.com/kgal-akl) made their first contribution in [#5263](external-secrets/external-secrets#5263) - [@hauswio](https://github.com/hauswio) made their first contribution in [#5162](external-secrets/external-secrets#5162) - [@Copilot](https://github.com/Copilot) made their first contribution in [#5288](external-secrets/external-secrets#5288) - [@cloudsmith-iduffy](https://github.com/cloudsmith-iduffy) made their first contribution in [#5267](external-secrets/external-secrets#5267) - [@kevinyancn](https://github.com/kevinyancn) made their first contribution in [#5306](external-secrets/external-secrets#5306) - [@s1nyx](https://github.com/s1nyx) made their first contribution in [#5300](external-secrets/external-secrets#5300) **Full Changelog**: <external-secrets/external-secrets@v0.19.2...v0.20.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1555 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>

Initial plan

6886791

Copilot AI assigned Copilot and Skarlso Sep 10, 2025

github-project-automation bot added this to External Secrets Sep 10, 2025

Copilot started work on behalf of Skarlso September 10, 2025 05:13 View session

Copilot AI and others added 4 commits September 10, 2025 05:18

Add license header check scripts and workflow

4af2203

Add test Go files for license header validation

09d2265

Complete license header check implementation with CI integration

7ba1aa2

Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Add license header requirements to developer guide

600c4f1

Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot AI requested a review from Skarlso September 10, 2025 05:25

Copilot finished work on behalf of Skarlso September 10, 2025 05:25

Copilot started work on behalf of Skarlso September 10, 2025 05:26 View session

Replace bash scripts with Apache SkyWalking Eyes GitHub Action for li…

9965569

…cense header checking Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot AI changed the title ~~Add automated license header checking for new files in pull requests~~ Add automated license header checking using Apache SkyWalking Eyes GitHub Action Sep 10, 2025

Copilot finished work on behalf of Skarlso September 10, 2025 05:34

github-actions bot added kind/documentation Categorizes issue or PR as related to documentation. component/github-actions size/s labels Sep 10, 2025

Skarlso changed the title ~~Add automated license header checking using Apache SkyWalking Eyes GitHub Action~~ chore(license): add automated license header checking using Apache SkyWalking Eyes GitHub Action Sep 10, 2025

github-actions bot added kind/chore Categorizes Pull Requests for chore activities (like bumping versions) area/license labels Sep 10, 2025

Copilot started work on behalf of Skarlso September 10, 2025 05:54 View session

Skarlso moved this to In Progress in External Secrets Sep 10, 2025

Replace spdx-id with content matching hack/boilerplate.go.txt in .lic…

f6ebdfc

…enserc.yaml Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot started work on behalf of Skarlso September 10, 2025 06:18 View session

Replace paths-ignore with language configuration to only check Go files

b9fc821

Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot finished work on behalf of Skarlso September 10, 2025 06:24

Copilot started work on behalf of Skarlso September 10, 2025 06:29 View session

Replace language configuration with paths to only check Go files usin…

9741c6f

…g **/*.go pattern Co-authored-by: Skarlso <182850+Skarlso@users.noreply.github.com>

Copilot finished work on behalf of Skarlso September 10, 2025 06:33

github-actions bot added the size/l label Sep 10, 2025

fix: license header format on all files

606c485

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Skarlso force-pushed the copilot/fix-ca7f38dc-5d65-437d-aa33-4f25e28778a8 branch from 58b7a9f to 606c485 Compare September 10, 2025 06:52

a bunch of more fixes for files

71b5d8a

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Skarlso force-pushed the copilot/fix-ca7f38dc-5d65-437d-aa33-4f25e28778a8 branch from 70eda80 to 71b5d8a Compare September 10, 2025 07:04

revert setup go update because it breaks go version parsing

8bfbc22

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

separate the license check from check-diff

7539e4e

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> On-behalf-of: Gergely Brautigam <gergely.brautigam@sap.com>

Skarlso marked this pull request as ready for review September 10, 2025 08:18

jakobmoellerdev reviewed Sep 10, 2025

View reviewed changes

e2e/suites/provider/cases/azure/azure_key.go Show resolved Hide resolved

e2e/suites/provider/cases/import.go Show resolved Hide resolved

e2e/suites/provider/cases/secretserver/provider.go Show resolved Hide resolved

moolen approved these changes Sep 10, 2025

View reviewed changes

Skarlso merged commit 472acbb into main Sep 10, 2025
27 of 28 checks passed

Skarlso deleted the copilot/fix-ca7f38dc-5d65-437d-aa33-4f25e28778a8 branch September 10, 2025 10:00

github-project-automation bot moved this from In Progress to Done in External Secrets Sep 10, 2025

jonstacks mentioned this pull request Sep 19, 2025

chore(testing): Add licence.check make target #5335

Merged

5 tasks

Uh oh!

Conversation

Copilot AI commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes Made

How It Works

Benefits

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

Copilot AI commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

Copilot AI commented Sep 10, 2025

Uh oh!

Copilot AI commented Sep 10, 2025

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

Copilot AI commented Sep 10, 2025

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

sonarqubecloud bot commented Sep 10, 2025

Quality Gate passed

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

jakobmoellerdev left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Skarlso commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Skarlso commented Sep 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Copilot AI commented Sep 10, 2025 •

edited

Loading

Copilot AI commented Sep 10, 2025 •

edited

Loading

Skarlso commented Sep 10, 2025 •

edited

Loading