Browse Source

docs(github): add to support matrix, fix auth field, tidy page (#6564)

* docs(github): add to support matrix, fix auth field, tidy page

GitHub was documented and in the nav but missing from the support matrix
entirely. Add the maintainer row (alpha) and the feature row: referent
authentication and push secret are supported; find, metadata, store validation
and deletionPolicy are not (write-only provider). Fix the ClusterSecretStore
note, which referenced a non-existent accessToken field; the auth field is
auth.privateKey. Document the optional orgSecretVisibility field, and promote
the page headings (H2 title to H1, H3 sections to H2).

Signed-off-by: Alexander Chernov <alexander@chernov.it>

* docs(stability): correct formatting for GitHub Actions Secrets entry

Signed-off-by: Alexander Chernov <alexander@chernov.it>

---------

Signed-off-by: Alexander Chernov <alexander@chernov.it>
Co-authored-by: Jean-Philippe Evrard <jean-philippe.evrard+rochepub@external.roche.com>
Alexander Chernov 5 days ago
parent
commit
00016e80cb
2 changed files with 10 additions and 6 deletions
  1. 2 0
      docs/introduction/stability-support.md
  2. 8 6
      docs/provider/github.md

+ 2 - 0
docs/introduction/stability-support.md

@@ -82,6 +82,7 @@ The following table describes the stability level of each provider and who's res
 | [Fortanix](https://external-secrets.io/latest/provider/fortanix)                                               |     alpha | [@RecuencoJones](https://github.com/RecuencoJones)                                                  |
 | [GCP Secret Manager](https://external-secrets.io/latest/provider/google-secrets-manager/)                      |    stable | [external-secrets](https://github.com/external-secrets)                                             |
 | [Generic Webhook](https://external-secrets.io/latest/provider/webhook)                                         |     alpha | [@willemm](https://github.com/willemm)                                                              |
+| [GitHub Actions Secrets](https://external-secrets.io/latest/provider/github)                               |     alpha | [@gusfcarvalho](https://github.com/gusfcarvalho)                                                    |
 | [GitLab Variables](https://external-secrets.io/latest/provider/gitlab-variables/)                              |     alpha | [@Jabray5](https://github.com/Jabray5)                                                              |
 | [Hashicorp Vault](https://external-secrets.io/latest/provider/hashicorp-vault/)                                |    stable | [external-secrets](https://github.com/external-secrets)                                             |
 | [IBM Cloud Secrets Manager](https://external-secrets.io/latest/provider/ibm-secrets-manager/)                  |    stable | [@IdanAdar](https://github.com/IdanAdar)                                                            |
@@ -129,6 +130,7 @@ The following table show the support for features across different providers.
 | Doppler                          |      x       |              |                      |                         |        x         |             |                             |
 | Fortanix                         |              |              |                      |            x            |        x         |             |                             |
 | GCP Secret Manager               |      x       |      x       |          x           |            x            |        x         |      x      |              x              |
+| GitHub Actions Secrets           |              |              |                      |            x            |                  |      x      |                             |
 | GitLab Variables                 |      x       |      x       |                      |                         |        x         |             |                             |
 | Generic Webhook                  |              |              |                      |                         |                  |             |              x              |
 | Hashicorp Vault                  |      x       |      x       |          x           |            x            |        x         |      x      |              x              |

+ 8 - 6
docs/provider/github.md

@@ -1,29 +1,31 @@
-## GitHub
+# GitHub
 
 External Secrets Operator integrates with GitHub to sync Kubernetes secrets with [GitHub Actions secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
 
-### Limitations
+## Limitations
 
 The GitHub provider is **write-only**, designed specifically to **create and update** GitHub Actions secrets using the
 [GitHub REST API](https://docs.github.com/en/rest/actions/secrets), and does not support **fetching the secret values**.
 
-### Configuring GitHub provider
+## Configuring GitHub provider
 
 The GitHub API requires to install the ESO app to your GitHub organisation in order to use the GitHub provider features.
 
-### Configuring the secret store
+## Configuring the secret store
 
 Verify that `github` provider is listed in the `Kind=SecretStore`. The properties `appID`, `installationID`, `organization` are required to register the provider. In addition, authentication has to be provided.
 
 Optionally, to target `repository` and `environment` secrets, the fields `repository` and `environment` need also to be added.
 
+For organization secrets, the optional `orgSecretVisibility` field controls the visibility of secrets created via PushSecret. Valid values are `all` or `private`. When unset, new secrets are created with visibility `all` and existing secrets keep whatever visibility they already have in GitHub.
+
 ```yaml
 {% include 'github-secret-store.yaml' %}
 ```
 
-**NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `accessToken` with the namespace where the secret resides.
+**NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `auth.privateKey` with the namespace where the secret resides.
 
-### Pushing to an external secret
+## Pushing to an external secret
 
 To sync a Kubernetes secret with an external GitHub secret we need to create a PushSecret, this means a `Kind=PushSecret` is needed.