Conversation
…670) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#676) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…683) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jkroepke <1560587+jkroepke@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…690) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#692) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Updates the noop backend behavior to allow successful decrypt operations, and aligns tests, docs, and CI tooling versions with upstream changes.
Changes:
- Make the noop backend treat files as “encrypted” and implement passthrough decrypt/copy behavior.
- Update unit tests to expect successful noop decrypt with plaintext output.
- Bump versions and pinned commits across docs, submodules, and GitHub Actions workflows.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
scripts/lib/backends/noop.sh |
Implements noop encrypt/decrypt behavior and encryption checks. |
tests/unit/secret-backends.bats |
Adjusts noop backend tests to assert success and plaintext output. |
CHANGELOG.md |
Adds 4.7.5 release notes and updates compare links. |
docs/Installation.md |
Updates documented helm-secrets plugin version. |
docs/ArgoCD Integration.md |
Updates example tool versions for ArgoCD integration. |
tests/bats/extensions/bats-file |
Updates submodule commit pointer. |
tests/bats/core |
Updates submodule commit pointer. |
.github/workflows/ci.yaml |
Updates tool versions and pinned GitHub Actions versions. |
.github/workflows/release.yaml |
Updates pinned actions/checkout and create-pull-request versions. |
.github/workflows/wiki.yaml |
Updates pinned actions/checkout version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| _noop_backend_decrypt_file() { | ||
| input="${2}" | ||
| # if omit then output to stdout | ||
| output="${3:-}" | ||
|
|
||
| if [ "${input}" = "${output}" ]; then | ||
| : | ||
| elif [ "${input}" = "-" ]; then | ||
| cat | ||
| elif [ "${output}" = "" ]; then | ||
| cat <"${input}" | ||
| else | ||
| cp "${input}" "${output}" | ||
| fi | ||
| } |
There was a problem hiding this comment.
When input is - (stdin) and an output path is provided, this implementation ignores output and always writes to stdout (cat). If callers expect decrypt - - /path/to/out to write to a file, this will misbehave. Consider branching on both input == '-' and whether output is set, e.g. cat >\"${output}\" when output is non-empty.
| submodules: true | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup Ruby 3.0 |
There was a problem hiding this comment.
The step name says 'Setup Ruby 3.0' but the configured version is 4.0.1. Please update the step name to match the actual Ruby version (or adjust the version if the label is intended).
| - name: Setup Ruby 3.0 | |
| - name: Setup Ruby 4.0.1 |
| ## [4.7.5] - 2026-01-09 | ||
|
|
||
| ### Fixes | ||
| - noop backend not support encrypted files #680 (https://github.com/jkroepke/helm-secrets/pull/680) |
There was a problem hiding this comment.
Grammar: 'not support' should be 'does not support' (or 'did not support', depending on intent).
| - noop backend not support encrypted files #680 (https://github.com/jkroepke/helm-secrets/pull/680) | |
| - noop backend does not support encrypted files #680 (https://github.com/jkroepke/helm-secrets/pull/680) |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | ||
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
There are two consecutive actions/checkout steps using the same ref. If this isn't intentional (e.g., checking out two different repositories), consider removing the redundant checkout or configuring the first/second step to clearly target different repos/paths to reduce confusion.
|
|
||
| assert_output -e "\[helm-secrets\] File is not encrypted: .*" | ||
| assert_failure | ||
| assert_output -e "unencrypted_suffix:" |
There was a problem hiding this comment.
This assertion only checks for the presence of a substring, which can allow false positives (e.g., if some unrelated output includes the same token). Consider tightening the expectation to ensure the decrypted content is what you expect (for example, anchoring the pattern or asserting the full output/line content relevant to the fixture).
2 participants
What this PR does / why we need it:
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
PR Readiness Checklist:
Complete these before marking the PR as
ready to review:CHANGELOG.mdrelease notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR