chore: release 0.9.8 (#2826)

also downgrade `chart-testing-action`: CI pipeline [1] fails with "Unable to validate cosign version v2.0.0".
That is because the v2.0.0 bootstrap version [2] is not accessible any more, it
either got deleted or permissions got changed.

[1] https://github.com/external-secrets/external-secrets/actions/runs/6705828636/job/18221053949?pr=2826
[2] https://storage.googleapis.com/cosign-releases/v2.0.0/cosign-linux-amd64

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

.github/workflows/helm.yml

@@ -36,7 +36,9 @@ jobs:
           python-version: 3.7
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        # before upgrading, please see if this has been fixed:
+        # https://github.com/helm/chart-testing-action/issues/132
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed

deploy/charts/external-secrets/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: external-secrets
 description: External secret management for Kubernetes
 type: application
-version: "0.9.7"
-appVersion: "v0.9.7"
+version: "0.9.8"
+appVersion: "v0.9.8"
 kubeVersion: ">= 1.19.0-0"
 keywords:
   - kubernetes-external-secrets

deploy/charts/external-secrets/README.md

@@ -4,7 +4,7 @@
 
 [//]: # (README.md generated by gotmpl. DO NOT EDIT.)
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square)
 
 External secret management for Kubernetes
 

deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-cert-controller
-        app.kubernetes.io/version: v0.9.7
-        helm.sh/chart: external-secrets-0.9.7
+        app.kubernetes.io/version: v0.9.8
+        helm.sh/chart: external-secrets-0.9.8
       name: RELEASE-NAME-external-secrets-cert-controller
       namespace: NAMESPACE
     spec:
@@ -24,8 +24,8 @@ should match snapshot of default values:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: external-secrets-cert-controller
-            app.kubernetes.io/version: v0.9.7
-            helm.sh/chart: external-secrets-0.9.7
+            app.kubernetes.io/version: v0.9.8
+            helm.sh/chart: external-secrets-0.9.8
         spec:
           automountServiceAccountToken: true
           containers:
@@ -38,7 +38,7 @@ should match snapshot of default values:
                 - --secret-namespace=NAMESPACE
                 - --metrics-addr=:8080
                 - --healthz-addr=:8081
-              image: ghcr.io/external-secrets/external-secrets:v0.9.7
+              image: ghcr.io/external-secrets/external-secrets:v0.9.8
               imagePullPolicy: IfNotPresent
               name: cert-controller
               ports:

deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets
-        app.kubernetes.io/version: v0.9.7
-        helm.sh/chart: external-secrets-0.9.7
+        app.kubernetes.io/version: v0.9.8
+        helm.sh/chart: external-secrets-0.9.8
       name: RELEASE-NAME-external-secrets
       namespace: NAMESPACE
     spec:
@@ -24,14 +24,14 @@ should match snapshot of default values:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: external-secrets
-            app.kubernetes.io/version: v0.9.7
-            helm.sh/chart: external-secrets-0.9.7
+            app.kubernetes.io/version: v0.9.8
+            helm.sh/chart: external-secrets-0.9.8
         spec:
           automountServiceAccountToken: true
           containers:
             - args:
                 - --concurrent=1
-              image: ghcr.io/external-secrets/external-secrets:v0.9.7
+              image: ghcr.io/external-secrets/external-secrets:v0.9.8
               imagePullPolicy: IfNotPresent
               name: external-secrets
               ports:

deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap

@@ -662,7 +662,7 @@ should match snapshot of default values:
                           description: Oracle configures this store to sync secrets using Oracle Vault provider
                           properties:
                             auth:
-                              description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+                              description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
                               properties:
                                 secretRef:
                                   description: SecretRef to pass through sensitive information.
@@ -708,6 +708,9 @@ should match snapshot of default values:
                                 - tenancy
                                 - user
                               type: object
+                            principalType:
+                              description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                              type: string
                             region:
                               description: Region is the region where vault is located.
                               type: string
@@ -2226,6 +2229,9 @@ should match snapshot of default values:
                                 - tenancy
                                 - user
                               type: object
+                            principalType:
+                              description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
+                              type: string
                             region:
                               description: Region is the region where vault is located.
                               type: string

deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-webhook
-        app.kubernetes.io/version: v0.9.7
-        helm.sh/chart: external-secrets-0.9.7
+        app.kubernetes.io/version: v0.9.8
+        helm.sh/chart: external-secrets-0.9.8
       name: RELEASE-NAME-external-secrets-webhook
       namespace: NAMESPACE
     spec:
@@ -24,8 +24,8 @@ should match snapshot of default values:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: external-secrets-webhook
-            app.kubernetes.io/version: v0.9.7
-            helm.sh/chart: external-secrets-0.9.7
+            app.kubernetes.io/version: v0.9.8
+            helm.sh/chart: external-secrets-0.9.8
         spec:
           automountServiceAccountToken: true
           containers:
@@ -37,7 +37,7 @@ should match snapshot of default values:
                 - --check-interval=5m
                 - --metrics-addr=:8080
                 - --healthz-addr=:8081
-              image: ghcr.io/external-secrets/external-secrets:v0.9.7
+              image: ghcr.io/external-secrets/external-secrets:v0.9.8
               imagePullPolicy: IfNotPresent
               name: webhook
               ports:
@@ -81,8 +81,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-webhook
-        app.kubernetes.io/version: v0.9.7
+        app.kubernetes.io/version: v0.9.8
         external-secrets.io/component: webhook
-        helm.sh/chart: external-secrets-0.9.7
+        helm.sh/chart: external-secrets-0.9.8
       name: RELEASE-NAME-external-secrets-webhook
       namespace: NAMESPACE