cleanup: add lint and editorconfig

.editorconfig

@@ -0,0 +1,29 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# Go
+# https://golang.org/cmd/gofmt/
+[{go.mod,*.go}]
+indent_style = tab
+
+# Shell
+# https://google.github.io/styleguide/shell.xml#Indentation
+[*.{bash,sh,zsh}]
+indent_size = 2
+indent_style = space
+
+# GNU make
+# https://www.gnu.org/software/make/manual/html_node/Recipe-Syntax.html
+[Makefile]
+indent_style = tab
+
+# YAML
+# http://yaml.org/spec/1.2/2009-07-21/spec.html#id2576668
+[*.{yaml,yml}]
+indent_size = 2
+indent_style = space

.github/workflows/all.yml

@@ -2,7 +2,7 @@ name: all-ci
 
 on:
   push:
-    branches:    
+    branches:
       - '*'         # matches every branch that doesn't contain a '/'
       - '*/*'       # matches every branch containing a single '/'
       - '**'        # matches every branch
@@ -10,14 +10,14 @@ on:
   pull_request:
     branches: [ '!main' ]
 
-env: 
+env:
   KUBEBUILDER_VERSION: 2.3.1
 
 jobs:
 
   build:
     name: Build
-    container: 
+    container:
       image: golang:1.15
     runs-on: ubuntu-latest
 
@@ -25,22 +25,28 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '~1.15'
+
     - name: Add kubebuilder
       run:  |
         curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
         tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
         mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
 
-    - name: Vet and Build
-      run: make manager
+    - name: Lint
+      run: |
+        make lint-install
+        make lint
+
+    - name: Build
+      run: make build
 
   test:
     name: Test
-    container: 
+    container:
       image: golang:1.15
     runs-on: ubuntu-latest
 
@@ -48,10 +54,11 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '~1.15'
+
     - name: Add kubebuilder
       run:  |
         curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
@@ -71,4 +78,4 @@ jobs:
         file: ./cover.out
         # flags: unittests # optional
         name: external-secrets
-        fail_ci_if_error: false
+        fail_ci_if_error: false

.github/workflows/main.yml

@@ -8,14 +8,14 @@ on:
   pull_request:
     branches: [ main ]
 
-env: 
+env:
   KUBEBUILDER_VERSION: 2.3.1
 
 jobs:
 
   build:
     name: Build
-    container: 
+    container:
       image: golang:1.15
     runs-on: ubuntu-latest
 
@@ -23,22 +23,28 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '~1.15'
+
     - name: Add kubebuilder
       run:  |
         curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
         tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
         mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
 
-    - name: Vet and Build
-      run: make manager
+    - name: Lint
+      run: |
+        make lint-install
+        make lint
+
+    - name: Build
+      run: make build
 
   test:
     name: Test
-    container: 
+    container:
       image: golang:1.15
     runs-on: ubuntu-latest
 
@@ -46,10 +52,11 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '~1.15'
+
     - name: Add kubebuilder
       run:  |
         curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{env.KUBEBUILDER_VERSION}}/kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz > kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
@@ -66,7 +73,7 @@ jobs:
         file: ./cover.out
         # flags: unittests # optional
         name: external-secrets
-        fail_ci_if_error: true 
+        fail_ci_if_error: true
 
   docker:
     name: Docker
@@ -111,7 +118,7 @@ jobs:
 
     - name: Check out the repo
       uses: actions/checkout@v2
-      
+
     - name: Set up QEMU
       id: qemu
       uses: docker/setup-qemu-action@v1
@@ -121,7 +128,7 @@ jobs:
     - name: Set up Docker Buildx
       id: buildx
       uses: docker/setup-buildx-action@v1
-      
+
     - name: Login to Github Packages
       id: docker-login
       uses: docker/login-action@v1
@@ -145,6 +152,6 @@ jobs:
           org.opencontainers.image.source=${{ steps.prep.outputs.repo_url }}
           org.opencontainers.image.created=${{ steps.prep.outputs.created }}
           org.opencontainers.image.revision=${{ github.sha }}
-          
+
     - name: Image digest
-      run: echo ${{ steps.docker_build.outputs.digest }}
+      run: echo ${{ steps.docker_build.outputs.digest }}

.gitignore

@@ -23,4 +23,4 @@ bin
 *~
 
 # Code test output
-cover.out
+cover.out

.golangci.yaml

@@ -0,0 +1,89 @@
+run:
+  timeout: 5m
+
+linters-settings:
+  gci:
+    local-prefixes: github.com/external-secrets/external-secrets
+  goconst:
+    min-len: 3
+    min-occurrences: 3
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
+      - performance
+      - style
+    disabled-checks:
+      - dupImport
+      - ifElseChain
+      - octalLiteral
+      - whyNoLint
+      - wrapperFunc
+      - importShadow
+      - unnamedResult
+      - unnecessaryBlock
+    settings:
+      rangeValCopy:
+        sizeThreshold: 512
+      hugeParam:
+        sizeThreshold: 512
+  gocyclo:
+    min-complexity: 16
+  golint:
+    min-confidence: 0
+  govet:
+    check-shadowing: false
+  lll:
+    line-length: 300
+  maligned:
+    suggest-new: true
+  misspell:
+    locale: US
+
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - bodyclose
+    - deadcode
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - errorlint
+    - exhaustive
+    - exportloopref
+    - gci
+    - goconst
+    - gocritic
+    - godot
+    - gofmt
+    - golint
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - interfacer
+    - lll
+    - maligned
+    - misspell
+    - nakedret
+    - nolintlint
+    - prealloc
+    - rowserrcheck
+    - scopelint
+    - sqlclosecheck
+    - staticcheck
+    - structcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - varcheck
+    - whitespace
+
+service:
+  golangci-lint-version: 1.33.x

Makefile

@@ -1,3 +1,7 @@
+MAKEFLAGS     += --warn-undefined-variables
+SHELL         := /bin/bash
+.SHELLFLAGS   := -euo pipefail -c
+.DEFAULT_GOAL := all
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
@@ -11,18 +15,18 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-all: manager
+all: build
 
-# Run tests
-test: generate fmt vet manifests
+.PHONY: test
+test: generate manifests ## Run tests
 	go test ./... -coverprofile cover.out
 
-# Build manager binary
-manager: generate fmt vet
+.PHONY: build
+build: generate fmt ## Build binary
 	go build -o bin/manager main.go
 
 # Run against the configured Kubernetes cluster in ~/.kube/config
-run: generate fmt vet manifests
+run: generate fmt manifests
 	go run ./main.go
 
 # Install CRDs into a cluster
@@ -33,33 +37,44 @@ install: manifests
 uninstall: manifests
 	kustomize build config/crd | kubectl delete -f -
 
-# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy: manifests
+.PHONY: deploy
+deploy: manifests ## Deploy controller in the Kubernetes cluster of current context
 	cd config/manager && kustomize edit set image controller=${IMG}
 	kustomize build config/default | kubectl apply -f -
 
-# Generate manifests e.g. CRD, RBAC etc.
-manifests: controller-gen
+manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc.
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
-# Run go fmt against code
-fmt:
+lint/check: # Check install of golanci-lint
+	@if ! golangci-lint --version > /dev/null 2>&1; then \
+		echo -e "\033[0;33mgolangci-lint is not installed: run \`\033[0;32mmake lint-install\033[0m\033[0;33m\` or install it from https://golangci-lint.run\033[0m"; \
+		exit 1; \
+	fi
+
+lint-install: # installs golangci-lint to the go bin dir
+	@if ! golangci-lint --version > /dev/null 2>&1; then \
+		echo "Installing golangci-lint"; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOBIN) v1.33.0; \
+	fi
+
+lint: lint/check ## run golangci-lint
+	@if ! golangci-lint run; then \
+		echo -e "\033[0;33mgolangci-lint failed: some checks can be fixed with \`\033[0;32mmake fmt\033[0m\033[0;33m\`\033[0m"; \
+		exit 1; \
+	fi
+
+fmt: lint/check ## ensure consistent code style
+	go mod tidy
 	go fmt ./...
+	golangci-lint run --fix > /dev/null 2>&1 || true
 
-# Run go vet against code
-vet:
-	go vet ./...
-
-# Generate code
-generate: controller-gen
+generate: controller-gen ## Generate code
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
-# Build the docker image
-docker-build: test
+docker-build: test ## Build the docker image
 	docker build . -t ${IMG}
 
-# Push the docker image
-docker-push:
+docker-push: ## Push the docker image
 	docker push ${IMG}
 
 # find or download controller-gen
@@ -78,3 +93,8 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen
 else
 CONTROLLER_GEN=$(shell which controller-gen)
 endif
+
+help: ## displays this help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-18s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		grep -v '#'

api/v1alpha1/externalsecret_types.go

@@ -19,7 +19,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data
+// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
 type SecretStoreRef struct {
 	// Name of the SecretStore resource
 	Name string `json:"name"`
@@ -30,21 +30,21 @@ type SecretStoreRef struct {
 	Kind string `json:"kind,omitempty"`
 }
 
-// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret
+// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.
 type ExternalSecretCreationPolicy string
 
 const (
-	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource
+	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
 	Owner ExternalSecretCreationPolicy = "Owner"
 
-	// Merge does not create the Secret, but merges the data fields to the Secret
+	// Merge does not create the Secret, but merges the data fields to the Secret.
 	Merge ExternalSecretCreationPolicy = "Merge"
 
-	// None does not create a Secret (future use with injector)
+	// None does not create a Secret (future use with injector).
 	None ExternalSecretCreationPolicy = "None"
 )
 
-// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint
+// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
 type ExternalSecretTemplateMetadata struct {
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty"`
@@ -53,7 +53,7 @@ type ExternalSecretTemplateMetadata struct {
 	Labels map[string]string `json:"labels,omitempty"`
 }
 
-// ExternalSecretTemplate defines a blueprint for the created Secret resource
+// ExternalSecretTemplate defines a blueprint for the created Secret resource.
 type ExternalSecretTemplate struct {
 	// +optional
 	Type corev1.SecretType `json:"type,omitempty"`
@@ -63,7 +63,7 @@ type ExternalSecretTemplate struct {
 }
 
 // ExternalSecretTarget defines the Kubernetes Secret to be created
-// There can be only one target per ExternalSecret
+// There can be only one target per ExternalSecret.
 type ExternalSecretTarget struct {
 	// Name defines the name of the Secret resource to be managed
 	// This field is immutable
@@ -77,14 +77,14 @@ type ExternalSecretTarget struct {
 	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
 }
 
-// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data
+// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
 type ExternalSecretData struct {
 	SecretKey string `json:"secretKey"`
 
 	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
 }
 
-// ExternalSecretDataRemoteRef defines Provider data location
+// ExternalSecretDataRemoteRef defines Provider data location.
 type ExternalSecretDataRemoteRef struct {
 	// Key is the key used in the Provider, mandatory
 	Key string `json:"key"`
@@ -98,7 +98,7 @@ type ExternalSecretDataRemoteRef struct {
 	Property string `json:"property,omitempty"`
 }
 
-// ExternalSecretSpec defines the desired state of ExternalSecret
+// ExternalSecretSpec defines the desired state of ExternalSecret.
 type ExternalSecretSpec struct {
 	SecretStoreRef SecretStoreRef `json:"secretStoreRef"`
 
@@ -121,23 +121,23 @@ type ExternalSecretSpec struct {
 	DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
 }
 
-// ExternalSecretStatusPhase represents the current phase of the Secret sync
+// ExternalSecretStatusPhase represents the current phase of the Secret sync.
 type ExternalSecretStatusPhase string
 
 const (
-	// ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template)
+	// ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template).
 	ExternalSecretPending ExternalSecretStatusPhase = "Pending"
 
-	// ExternalSecret is being actively synced according to spec
+	// ExternalSecret is being actively synced according to spec.
 	ExternalSecretSyncing ExternalSecretStatusPhase = "Syncing"
 
-	// ExternalSecret can not be synced, this might require user intervention
+	// ExternalSecret can not be synced, this might require user intervention.
 	ExternalSecretFailing ExternalSecretStatusPhase = "Failing"
 
-	// ExternalSecret can not be synced right now and will not able to
+	// ExternalSecret can not be synced right now and will not able to.
 	ExternalSecretFailed ExternalSecretStatusPhase = "Failed"
 
-	// ExternalSecret was synced successfully (one-time use only)
+	// ExternalSecret was synced successfully (one-time use only).
 	ExternalSecretCompleted ExternalSecretStatusPhase = "Completed"
 )
 
@@ -174,7 +174,7 @@ type ExternalSecretStatus struct {
 
 // +kubebuilder:object:root=true
 
-// ExternalSecret is the Schema for the externalsecrets API
+// ExternalSecret is the Schema for the externalsecrets API.
 type ExternalSecret struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -185,7 +185,7 @@ type ExternalSecret struct {
 
 // +kubebuilder:object:root=true
 
-// ExternalSecretList contains a list of ExternalSecret
+// ExternalSecretList contains a list of ExternalSecret.
 type ExternalSecretList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

api/v1alpha1/generic_store.go

@@ -25,7 +25,7 @@ import (
 // +k8s:deepcopy-gen=nil
 
 // GenericStore is a common interface for interacting with ClusterSecretStore
-// or a namespaced SecretStore
+// or a namespaced SecretStore.
 type GenericStore interface {
 	runtime.Object
 	metav1.Object
@@ -36,12 +36,12 @@ type GenericStore interface {
 // +kubebuilder:object:generate:false
 var _ GenericStore = &SecretStore{}
 
-// GetProvider returns the underlying provider
+// GetProvider returns the underlying provider.
 func (c *SecretStore) GetProvider() *SecretStoreProvider {
 	return c.Spec.Provider
 }
 
-// Copy returns a DeepCopy of the Store
+// Copy returns a DeepCopy of the Store.
 func (c *SecretStore) Copy() GenericStore {
 	return c.DeepCopy()
 }

api/v1alpha1/groupversion_info.go

@@ -25,10 +25,10 @@ import (
 )
 
 var (
-	// GroupVersion is group version used to register these objects
+	// GroupVersion is group version used to register these objects.
 	GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"}
 
-	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
 
 	// AddToScheme adds the types in this group-version to the given scheme.

api/v1alpha1/meta_types.go

@@ -14,7 +14,7 @@ limitations under the License.
 
 package v1alpha1
 
-// Refers to a Secret in Kubernetes
+// Refers to a Secret in Kubernetes.
 type SecretKeySelector struct {
 	Name string `json:"name"`
 	Key  string `json:"key"`

api/v1alpha1/secretstore_awssm_types.go

@@ -28,7 +28,7 @@ type AWSSMAuthSecretRef struct {
 	SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
 }
 
-// Configures a store to sync secrets using the AWS Secret Manager provider
+// Configures a store to sync secrets using the AWS Secret Manager provider.
 type AWSSMProvider struct {
 	// Auth defines the information necessary to authenticate against AWS
 	Auth AWSSMAuth `json:"auth"`

api/v1alpha1/secretstore_types.go

@@ -27,7 +27,7 @@ const (
 	Vault StoreProvider = "VAULT"
 )
 
-// SecretStoreSpec defines the desired state of SecretStore
+// SecretStoreSpec defines the desired state of SecretStore.
 type SecretStoreSpec struct {
 	// Used to select the correct KES controller (think: ingress.ingressClassName)
 	// The KES controller is instantiated with a specific controller name and filters ES based on this property
@@ -38,7 +38,7 @@ type SecretStoreSpec struct {
 	Provider *SecretStoreProvider `json:"provider"`
 }
 
-// SecretStoreProvider contains the provider-specific configration
+// SecretStoreProvider contains the provider-specific configration.
 // +kubebuilder:validation:MinProperties=1
 // +kubebuilder:validation:MaxProperties=1
 type SecretStoreProvider struct {
@@ -50,10 +50,10 @@ type SecretStoreProvider struct {
 type SecretStoreStatusPhase string
 
 const (
-	// E.g. referenced Secret containing credentials is missing
+	// E.g. referenced Secret containing credentials is missing.
 	SecretStorePending SecretStoreStatusPhase = "Pending"
 
-	// All dependencies are met, sync
+	// All dependencies are met, sync.
 	SecretStoreRunning SecretStoreStatusPhase = "Running"
 )
 
@@ -77,7 +77,7 @@ type SecretStoreStatusCondition struct {
 	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
 }
 
-// SecretStoreStatus defines the observed state of the SecretStore
+// SecretStoreStatus defines the observed state of the SecretStore.
 type SecretStoreStatus struct {
 	// +optional
 	Phase SecretStoreStatusPhase `json:"phase"`
@@ -88,7 +88,7 @@ type SecretStoreStatus struct {
 
 // +kubebuilder:object:root=true
 
-// SecretStore is the Schema for the secretstores API
+// SecretStore is the Schema for the secretstores API.
 type SecretStore struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -99,7 +99,7 @@ type SecretStore struct {
 
 // +kubebuilder:object:root=true
 
-// SecretStoreList contains a list of SecretStore
+// SecretStoreList contains a list of SecretStore.
 type SecretStoreList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`

config/crd/bases/external-secrets.io_externalsecrets.yaml

@@ -19,7 +19,7 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: ExternalSecret is the Schema for the externalsecrets API
+        description: ExternalSecret is the Schema for the externalsecrets API.
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -34,18 +34,18 @@ spec:
           metadata:
             type: object
           spec:
-            description: ExternalSecretSpec defines the desired state of ExternalSecret
+            description: ExternalSecretSpec defines the desired state of ExternalSecret.
             properties:
               data:
                 description: Data defines the connection between the Kubernetes Secret
                   keys and the Provider data
                 items:
                   description: ExternalSecretData defines the connection between the
-                    Kubernetes Secret key (spec.data.<key>) and the Provider data
+                    Kubernetes Secret key (spec.data.<key>) and the Provider data.
                   properties:
                     remoteRef:
                       description: ExternalSecretDataRemoteRef defines Provider data
-                        location
+                        location.
                       properties:
                         key:
                           description: Key is the key used in the Provider, mandatory
@@ -73,7 +73,7 @@ spec:
                   Provider data If multiple entries are specified, the Secret keys
                   are merged in the specified order
                 items:
-                  description: ExternalSecretDataRemoteRef defines Provider data location
+                  description: ExternalSecretDataRemoteRef defines Provider data location.
                   properties:
                     key:
                       description: Key is the key used in the Provider, mandatory
@@ -99,7 +99,7 @@ spec:
                 type: string
               secretStoreRef:
                 description: SecretStoreRef defines which SecretStore to fetch the
-                  ExternalSecret data
+                  ExternalSecret data.
                 properties:
                   kind:
                     description: Kind of the SecretStore resource (SecretStore or
@@ -113,7 +113,7 @@ spec:
                 type: object
               target:
                 description: ExternalSecretTarget defines the Kubernetes Secret to
-                  be created There can be only one target per ExternalSecret
+                  be created There can be only one target per ExternalSecret.
                 properties:
                   creationPolicy:
                     description: CreationPolicy defines rules on how to create the
@@ -155,7 +155,7 @@ spec:
                 type: array
               phase:
                 description: ExternalSecretStatusPhase represents the current phase
-                  of the Secret sync
+                  of the Secret sync.
                 type: string
             type: object
         type: object

config/crd/bases/external-secrets.io_secretstores.yaml

@@ -19,7 +19,7 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: SecretStore is the Schema for the secretstores API
+        description: SecretStore is the Schema for the secretstores API.
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -34,7 +34,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: SecretStoreSpec defines the desired state of SecretStore
+            description: SecretStoreSpec defines the desired state of SecretStore.
             properties:
               controller:
                 description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
@@ -103,7 +103,7 @@ spec:
             - provider
             type: object
           status:
-            description: SecretStoreStatus defines the observed state of the SecretStore
+            description: SecretStoreStatus defines the observed state of the SecretStore.
             properties:
               conditions:
                 items:

controllers/externalsecret_controller.go

@@ -25,7 +25,7 @@ import (
 	externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 )
 
-// ExternalSecretReconciler reconciles a ExternalSecret object
+// ExternalSecretReconciler reconciles a ExternalSecret object.
 type ExternalSecretReconciler struct {
 	client.Client
 	Log    logr.Logger

controllers/secretstore_controller.go

@@ -25,7 +25,7 @@ import (
 	externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 )
 
-// SecretStoreReconciler reconciles a SecretStore object
+// SecretStoreReconciler reconciles a SecretStore object.
 type SecretStoreReconciler struct {
 	client.Client
 	Log    logr.Logger

controllers/suite_test.go

@@ -29,7 +29,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
-	// +kubebuilder:scaffold:imports
 )
 
 // These tests use Ginkgo (BDD-style Go testing framework). Refer to

main.go

@@ -24,9 +24,9 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
+	// +kubebuilder:scaffold:imports
 	externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 	"github.com/external-secrets/external-secrets/controllers"
-	// +kubebuilder:scaffold:imports
 )
 
 var (

pkg/provider/aws/secretsmanager/secretsmanager.go

@@ -16,26 +16,27 @@ package secretsmanager
 import (
 	"context"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
 	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 	"github.com/external-secrets/external-secrets/pkg/provider"
 	"github.com/external-secrets/external-secrets/pkg/provider/schema"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-// SecretsManager is a provider for AWS SecretsManager
+// SecretsManager is a provider for AWS SecretsManager.
 type SecretsManager struct{}
 
-// New constructs a SecretsManager Provider
+// New constructs a SecretsManager Provider.
 func (sm *SecretsManager) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
 	return sm, nil // stub
 }
 
-// GetSecret returns a single secret from the provider
+// GetSecret returns a single secret from the provider.
 func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
 	return []byte("NOOP"), nil
 }
 
-// GetSecretMap returns multiple k/v pairs from the provider
+// GetSecretMap returns multiple k/v pairs from the provider.
 func (sm *SecretsManager) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
 	return map[string][]byte{
 		"noop": []byte("NOOP"),

pkg/provider/fake/fake.go

@@ -17,16 +17,16 @@ package fake
 import (
 	"context"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
 	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 	"github.com/external-secrets/external-secrets/pkg/provider"
 	"github.com/external-secrets/external-secrets/pkg/provider/schema"
-
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 var _ provider.Provider = &Client{}
 
-// Client is a fake client for testing
+// Client is a fake client for testing.
 type Client struct {
 	NewFn func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
 		string) (provider.Provider, error)
@@ -34,7 +34,7 @@ type Client struct {
 	GetSecretMapFn func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
 }
 
-// New returns a fake client
+// New returns a fake client.
 func New() *Client {
 	v := &Client{
 		GetSecretFn: func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
@@ -52,17 +52,17 @@ func New() *Client {
 	return v
 }
 
-// RegisterAs registers the fake client in the schema
+// RegisterAs registers the fake client in the schema.
 func (v *Client) RegisterAs(provider *esv1alpha1.SecretStoreProvider) {
 	schema.ForceRegister(v, provider)
 }
 
-// GetSecret implements the provider.Provider interface
+// GetSecret implements the provider.Provider interface.
 func (v *Client) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
 	return v.GetSecretFn(ctx, ref)
 }
 
-// WithGetSecret wraps secret data returned by this provider
+// WithGetSecret wraps secret data returned by this provider.
 func (v *Client) WithGetSecret(secData []byte, err error) *Client {
 	v.GetSecretFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
 		return secData, err
@@ -70,12 +70,12 @@ func (v *Client) WithGetSecret(secData []byte, err error) *Client {
 	return v
 }
 
-// GetSecretMap imeplements the provider.Provider interface
+// GetSecretMap imeplements the provider.Provider interface.
 func (v *Client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
 	return v.GetSecretMapFn(ctx, ref)
 }
 
-// WithGetSecretMap wraps the secret data map returned by this fake provider
+// WithGetSecretMap wraps the secret data map returned by this fake provider.
 func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
 	v.GetSecretMapFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
 		return secData, err
@@ -83,14 +83,14 @@ func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client
 	return v
 }
 
-// WithNew wraps the fake provider factory function
+// WithNew wraps the fake provider factory function.
 func (v *Client) WithNew(f func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
 	string) (provider.Provider, error)) *Client {
 	v.NewFn = f
 	return v
 }
 
-// New returns a new fake provider
+// New returns a new fake provider.
 func (v *Client) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
 	client, err := v.NewFn(ctx, store, kube, namespace)
 	if err != nil {

pkg/provider/provider.go

@@ -17,12 +17,12 @@ package provider
 import (
 	"context"
 
-	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
-
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
 )
 
-// Provider is a common interface for interacting with secret backends
+// Provider is a common interface for interacting with secret backends.
 type Provider interface {
 	// New constructs a SecretsManager Provider
 	New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (Provider, error)

pkg/provider/register/register.go

@@ -14,8 +14,9 @@ limitations under the License.
 
 package register
 
-// packages imported here are registered to the controller schema
+// packages imported here are registered to the controller schema.
 import (
-	// register awssm provider
+
+	// register awssm provider.
 	_ "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager"
 )

pkg/provider/schema/schema.go

@@ -31,7 +31,7 @@ func init() {
 }
 
 // Register a store backend type. Register panics if a
-// backend with the same store is already registered
+// backend with the same store is already registered.
 func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
 	storeName, err := getProviderName(storeSpec)
 	if err != nil {
@@ -49,7 +49,7 @@ func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
 }
 
 // ForceRegister adds to store schema, overwriting a store if
-// already registered. Should only be used for testing
+// already registered. Should only be used for testing.
 func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
 	storeName, err := getProviderName(storeSpec)
 	if err != nil {
@@ -61,7 +61,7 @@ func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvide
 	buildlock.Unlock()
 }
 
-// GetProviderByName returns the provider implementation by name
+// GetProviderByName returns the provider implementation by name.
 func GetProviderByName(name string) (provider.Provider, bool) {
 	buildlock.RLock()
 	f, ok := builder[name]
@@ -69,7 +69,7 @@ func GetProviderByName(name string) (provider.Provider, bool) {
 	return f, ok
 }
 
-// GetProvider returns the provider from the generic store
+// GetProvider returns the provider from the generic store.
 func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
 	provider := s.GetProvider()
 	storeName, err := getProviderName(provider)
@@ -89,7 +89,7 @@ func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
 }
 
 // getProviderName returns the name of the configured provider
-// or an error if the provider is not configured
+// or an error if the provider is not configured.
 func getProviderName(storeSpec *esv1alpha1.SecretStoreProvider) (string, error) {
 	storeBytes, err := json.Marshal(storeSpec)
 	if err != nil {

pkg/provider/schema/schema_test.go

@@ -17,25 +17,26 @@ import (
 	"context"
 	"testing"
 
-	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
-	"github.com/external-secrets/external-secrets/pkg/provider"
 	"github.com/stretchr/testify/assert"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
+	"github.com/external-secrets/external-secrets/pkg/provider"
 )
 
 type PP struct{}
 
-// New constructs a SecretsManager Provider
+// New constructs a SecretsManager Provider.
 func (p *PP) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
 	return p, nil
 }
 
-// GetSecret returns a single secret from the provider
+// GetSecret returns a single secret from the provider.
 func (p *PP) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
 	return []byte("NOOP"), nil
 }
 
-// GetSecretMap returns multiple k/v pairs from the provider
+// GetSecretMap returns multiple k/v pairs from the provider.
 func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
 	return map[string][]byte{}, nil
 }