issue-5350: Updates CRD and docs with write-only limitation for github provider (#5361)

Signed-off-by: Bharath B <bhb@redhat.com>

apis/externalsecrets/v1/secretstore_types.go

@@ -107,7 +107,8 @@ type SecretStoreProvider struct {
 	// +optional
 	YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"`
 
-	// Github configures this store to push Github Action secrets using Github API provider
+	// Github configures this store to push GitHub Action secrets using GitHub API provider.
+	// Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
 	// +optional
 	Github *GithubProvider `json:"github,omitempty"`
 

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -2074,8 +2074,9 @@ spec:
                         type: string
                     type: object
                   github:
-                    description: Github configures this store to push Github Action
-                      secrets using Github API provider
+                    description: |-
+                      Github configures this store to push GitHub Action secrets using GitHub API provider.
+                      Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
                     properties:
                       appID:
                         description: appID specifies the Github APP that will be used

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -2074,8 +2074,9 @@ spec:
                         type: string
                     type: object
                   github:
-                    description: Github configures this store to push Github Action
-                      secrets using Github API provider
+                    description: |-
+                      Github configures this store to push GitHub Action secrets using GitHub API provider.
+                      Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
                     properties:
                       appID:
                         description: appID specifies the Github APP that will be used

deploy/crds/bundle.yaml

@@ -3964,7 +3964,9 @@ spec:
                           type: string
                       type: object
                     github:
-                      description: Github configures this store to push Github Action secrets using Github API provider
+                      description: |-
+                        Github configures this store to push GitHub Action secrets using GitHub API provider.
+                        Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
                       properties:
                         appID:
                           description: appID specifies the Github APP that will be used to authenticate the client
@@ -15097,7 +15099,9 @@ spec:
                           type: string
                       type: object
                     github:
-                      description: Github configures this store to push Github Action secrets using Github API provider
+                      description: |-
+                        Github configures this store to push GitHub Action secrets using GitHub API provider.
+                        Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub
                       properties:
                         appID:
                           description: appID specifies the Github APP that will be used to authenticate the client

docs/api/spec.md

@@ -8510,7 +8510,8 @@ GithubProvider
 </td>
 <td>
 <em>(Optional)</em>
-<p>Github configures this store to push Github Action secrets using Github API provider</p>
+<p>Github configures this store to push GitHub Action secrets using GitHub API provider.
+Note: This provider only supports write operations (PushSecret) and cannot fetch secrets from GitHub</p>
 </td>
 </tr>
 <tr>

docs/provider/github.md

@@ -2,9 +2,14 @@
 
 External Secrets Operator integrates with GitHub to sync Kubernetes secrets with [GitHub Actions secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).
 
+### Limitations
+
+The GitHub provider is **write-only**, designed specifically to **create and update** GitHub Actions secrets using the
+[GitHub REST API](https://docs.github.com/en/rest/actions/secrets), and does not support **fetching the secret values**.
+
 ### Configuring Github provider
 
-The GitHub API requires to install the ESO app to your GitHub organisation in order to use the Github provider features.
+The GitHub API requires to install the ESO app to your GitHub organisation in order to use the GitHub provider features.
 
 ### Configuring the secret store