vmware-tanzu
diff --git a/‎.github/workflows/kubeapps-general.yaml‎
Lines changed: 11 additions & 13 deletions b/‎.github/workflows/kubeapps-general.yaml‎
Lines changed: 11 additions & 13 deletions
diff --git a/‎.github/workflows/kubeapps-release.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/kubeapps-release.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories.go‎
Lines changed: 3 additions & 3 deletions b/‎cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories_auth.go‎
Lines changed: 60 additions & 35 deletions b/‎cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories_auth.go‎
Lines changed: 60 additions & 35 deletions
@@ -13,6 +13,10 @@ on:
         type: boolean
         required: false
         default: true
+      trigger_release:
+        type: boolean
+        required: false
+        default: false
 
 env:
   CHARTMUSEUM_VERSION: "3.9.1"
@@ -86,7 +90,6 @@ jobs:
       postgresql_version: ${{ steps.set-outputs.outputs.postgresql_version }}
       rust_version: ${{ steps.set-outputs.outputs.rust_version }}
       running_on_main: ${{ steps.set-outputs.outputs.running_on_main }}
-      running_on_tag: ${{ steps.set-outputs.outputs.running_on_tag }}
       ssh_key_kubeapps_deploy_filename: ${{ steps.set-outputs.outputs.ssh_key_kubeapps_deploy_filename }}
       ssh_key_forked_charts_deploy_filename: ${{ steps.set-outputs.outputs.ssh_key_forked_charts_deploy_filename }}
       triggered_from_fork: ${{ steps.set-outputs.outputs.triggered_from_fork }}
@@ -134,12 +137,6 @@ jobs:
             echo "running_on_main=false" >> $GITHUB_OUTPUT
           fi
 
-          if [[ ${GITHUB_REF_TYPE} == "tag" && ${GITHUB_REF_NAME} =~ ^v[0-9]+ ]]; then
-            echo "running_on_tag=true" >> $GITHUB_OUTPUT
-          else
-            echo "running_on_tag=false" >> $GITHUB_OUTPUT
-          fi
-
           # TODO(bjesus) Once we've properly tested the release job, we can/should remove this hack, just leave the content from the else branch
           if [[ ${GITHUB_REF_TYPE} == "tag" &&  ${GITHUB_REF_NAME} == 'test-'* ]]; then
             echo "dev_mode=true" >> $GITHUB_OUTPUT
@@ -165,7 +162,6 @@ jobs:
           echo "POSTGRESQL_VERSION: ${{steps.set-outputs.outputs.postgresql_version}}"
           echo "RUST_VERSION: ${{steps.set-outputs.outputs.rust_version}}"
           echo "RUNNING_ON_MAIN: ${{steps.set-outputs.outputs.running_on_main}}"
-          echo "RUNNING_ON_TAG: ${{steps.set-outputs.outputs.running_on_tag}}"
           echo "SSH_KEY_KUBEAPPS_DEPLOY_FILENAME: ${{steps.set-outputs.outputs.ssh_key_kubeapps_deploy_filename}}"
           echo "SSH_KEY_FORKED_CHARTS_DEPLOY_FILENAME: ${{steps.set-outputs.outputs.ssh_key_forked_charts_deploy_filename}}"
           echo "TRIGGERED_FROM_FORK: ${{steps.set-outputs.outputs.triggered_from_fork}}"
@@ -554,7 +550,7 @@ jobs:
         run: exit 1
 
   push_images:
-    if: needs.setup.outputs.running_on_main == 'true' || needs.setup.outputs.running_on_tag == 'true'
+    if: needs.setup.outputs.running_on_main == 'true' || inputs.trigger_release
     runs-on: ubuntu-latest
     needs:
       - setup
@@ -617,7 +613,7 @@ jobs:
   sync_chart_from_bitnami:
     needs:
       - setup
-    if: needs.setup.outputs.running_on_main == 'true'
+    if: needs.setup.outputs.running_on_main == 'true' || inputs.trigger_release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -676,7 +672,7 @@ jobs:
       - local_e2e_tests
       - GKE_REGULAR_VERSION
       - GKE_STABLE_VERSION
-    if: needs.setup.outputs.running_on_tag == 'true'
+    if: inputs.trigger_release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -727,7 +723,7 @@ jobs:
               ${DEV_MODE}
 
   release:
-    if: needs.setup.outputs.running_on_tag == 'true'
+    if: inputs.trigger_release
     needs:
       - setup
       - sync_chart_to_bitnami
@@ -744,12 +740,14 @@ jobs:
       - # Assuming there is a personal access token created in GitHub granted with the scopes
         # "repo:status", "public_repo" and "read:org"
         name: Run the create_release script
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           set -eu
           ./script/create_release.sh "${GITHUB_REF_NAME}" "${KUBEAPPS_REPO}"
 
   gke_setup:
-    if: needs.setup.outputs.running_on_tag == 'true' || inputs.run_gke_tests
+    if: inputs.run_gke_tests
     needs:
       - setup
       - test_go
 
@@ -9,7 +9,7 @@ on:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+'
       # TODO(bjesus) Remove the following line once we have tested the release process
-      - 'test-.*'
+      - 'test-v[0-9]+.[0-9]+.[0-9]+'
 
 concurrency:
   group: ${{ github.head_ref || github.ref_name }}_release
@@ -22,3 +22,4 @@ jobs:
     with:
       run_gke_tests: true
       run_linters: false
+      trigger_release: true
@@ -78,7 +78,7 @@ func (s *Server) newRepo(ctx context.Context, repo *HelmRepository) (*corev1.Pac
 	}
 
 	// Handle imagesPullSecret if any
-	imagePullSecret, imagePullSecretIsKubeappsManaged, err := handleImagesPullSecretForCreate(ctx, typedClient, repo)
+	imagePullSecret, imagePullSecretIsKubeappsManaged, err := handleImagesPullSecretForCreate(ctx, typedClient, repo.name, repo.customDetail)
 	if err != nil {
 		return nil, err
 	}
@@ -300,7 +300,7 @@ func (s *Server) updateRepo(ctx context.Context,
 	appRepo.Spec.TLSInsecureSkipVerify = repo.tlsConfig != nil && repo.tlsConfig.InsecureSkipVerify
 
 	// validate and get updated (or newly created) secret
-	secret, secretIsKubeappsManaged, secretIsUpdated, err := handleAuthSecretForUpdate(ctx, typedClient, repo.name, repo.tlsConfig, repo.auth, secret)
+	secret, secretIsKubeappsManaged, secretIsUpdated, err := handleAuthSecretForUpdate(ctx, typedClient, appRepo, repo.tlsConfig, repo.auth, secret)
 	if err != nil {
 		return nil, err
 	}
@@ -315,7 +315,7 @@ func (s *Server) updateRepo(ctx context.Context,
 	}
 
 	// Handle imagesPullSecret if any
-	imagePullSecret, imagePullSecretIsKubeappsManaged, imagePullSecretIsUpdated, err := handleImagesPullSecretForUpdate(ctx, typedClient, repo, imagePullSecret)
+	imagePullSecret, imagePullSecretIsKubeappsManaged, imagePullSecretIsUpdated, err := handleImagesPullSecretForUpdate(ctx, typedClient, appRepo, repo.customDetail, imagePullSecret)
 	if err != nil {
 		return nil, err
 	}
 
@@ -31,12 +31,16 @@ const (
 	SecretCaKey         = "ca.crt"
 	SecretAuthHeaderKey = "authorizationHeader"
 	DockerConfigJsonKey = ".dockerconfigjson"
+
+	Annotation_ManagedBy_Key   = "kubeapps.dev/managed-by"
+	Annotation_ManagedBy_Value = "plugin:helm"
 )
 
-func newLocalOpaqueSecret(ownerRepo types.NamespacedName) *k8scorev1.Secret {
+func newLocalOpaqueSecret(repoName string) *k8scorev1.Secret {
 	return &k8scorev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: helm.SecretNameForRepo(ownerRepo.Name),
+			Name:        helm.SecretNameForRepo(repoName),
+			Annotations: map[string]string{Annotation_ManagedBy_Key: Annotation_ManagedBy_Value},
 		},
 		Type: k8scorev1.SecretTypeOpaque,
 		Data: map[string][]byte{},
@@ -62,10 +66,10 @@ func handleAuthSecretForCreate(
 
 	// create/get secret
 	if hasCaRef || hasAuthRef {
-		secret, err := validateUserManagedRepoSecret(ctx, typedClient, repoName, tlsConfig, auth)
+		secret, err := validateUserManagedRepoSecret(ctx, typedClient, repoName.Namespace, tlsConfig, auth)
 		return secret, false, err
 	} else if hasCaData || hasAuthData {
-		secret, _, err := newSecretFromTlsConfigAndAuth(repoName, tlsConfig, auth)
+		secret, _, err := newSecretFromTlsConfigAndAuth(repoName.Name, tlsConfig, auth)
 		return secret, true, err
 	} else {
 		return nil, false, nil
@@ -75,17 +79,18 @@ func handleAuthSecretForCreate(
 func handleImagesPullSecretForCreate(
 	ctx context.Context,
 	typedClient kubernetes.Interface,
-	repo *HelmRepository) (*k8scorev1.Secret, bool, error) {
+	repoName types.NamespacedName,
+	customDetail *v1alpha1.HelmPackageRepositoryCustomDetail) (*k8scorev1.Secret, bool, error) {
 
-	hasRef := repo.customDetail != nil && repo.customDetail.ImagesPullSecret != nil && repo.customDetail.ImagesPullSecret.GetSecretRef() != ""
-	hasData := repo.customDetail != nil && repo.customDetail.ImagesPullSecret != nil && repo.customDetail.ImagesPullSecret.GetCredentials() != nil
+	hasRef := customDetail != nil && customDetail.ImagesPullSecret != nil && customDetail.ImagesPullSecret.GetSecretRef() != ""
+	hasData := customDetail != nil && customDetail.ImagesPullSecret != nil && customDetail.ImagesPullSecret.GetCredentials() != nil
 
 	// create/get secret
 	if hasRef {
-		secret, err := validateDockerImagePullSecret(ctx, typedClient, repo.name, repo.customDetail.ImagesPullSecret.GetSecretRef())
+		secret, err := validateDockerImagePullSecret(ctx, typedClient, repoName.Namespace, customDetail.ImagesPullSecret.GetSecretRef())
 		return secret, false, err
 	} else if hasData {
-		secret, _, err := newDockerImagePullSecret(repo.name, repo.customDetail.ImagesPullSecret.GetCredentials())
+		secret, _, err := newDockerImagePullSecret(repoName.Name, customDetail.ImagesPullSecret.GetCredentials())
 		return secret, true, err
 	} else {
 		return nil, false, nil
@@ -95,7 +100,7 @@ func handleImagesPullSecretForCreate(
 func handleAuthSecretForUpdate(
 	ctx context.Context,
 	typedClient kubernetes.Interface,
-	repoName types.NamespacedName,
+	repo *apprepov1alpha1.AppRepository,
 	tlsConfig *corev1.PackageRepositoryTlsConfig,
 	auth *corev1.PackageRepositoryAuth,
 	secret *k8scorev1.Secret) (updatedSecret *k8scorev1.Secret, secretIsKubeappsManaged bool, secretIsUpdated bool, err error) {
@@ -112,19 +117,19 @@ func handleAuthSecretForUpdate(
 
 	// check we cannot change mode (per design spec)
 	if secret != nil && (hasCaRef || hasCaData || hasAuthRef || hasAuthData) {
-		if isAuthSecretKubeappsManaged(repoName.Name, secret) != (hasAuthData || hasCaData) {
+		if isAuthSecretKubeappsManaged(repo, secret) != (hasAuthData || hasCaData) {
 			return nil, false, false, status.Errorf(codes.InvalidArgument, "Auth management mode cannot be changed")
 		}
 	}
 
 	// handle user managed secret
 	if hasCaRef || hasAuthRef {
-		updatedSecret, err := validateUserManagedRepoSecret(ctx, typedClient, repoName, tlsConfig, auth)
+		updatedSecret, err := validateUserManagedRepoSecret(ctx, typedClient, repo.GetNamespace(), tlsConfig, auth)
 		return updatedSecret, false, true, err
 	}
 
 	// handle kubeapps managed secret
-	updatedSecret, isSameSecret, err := newSecretFromTlsConfigAndAuth(repoName, tlsConfig, auth)
+	updatedSecret, isSameSecret, err := newSecretFromTlsConfigAndAuth(repo.GetName(), tlsConfig, auth)
 	if err != nil {
 		return nil, true, false, err
 	} else if isSameSecret {
@@ -146,12 +151,13 @@ func handleAuthSecretForUpdate(
 func handleImagesPullSecretForUpdate(
 	ctx context.Context,
 	typedClient kubernetes.Interface,
-	repo *HelmRepository,
+	repo *apprepov1alpha1.AppRepository,
+	customDetail *v1alpha1.HelmPackageRepositoryCustomDetail,
 	secret *k8scorev1.Secret) (updatedSecret *k8scorev1.Secret, secretIsKubeappsManaged bool, secretIsUpdated bool, err error) {
 
 	var imagesPullSecrets *v1alpha1.ImagesPullSecret
-	if repo.customDetail != nil && repo.customDetail.ImagesPullSecret != nil {
-		imagesPullSecrets = repo.customDetail.ImagesPullSecret
+	if customDetail != nil && customDetail.ImagesPullSecret != nil {
+		imagesPullSecrets = customDetail.ImagesPullSecret
 	} else {
 		imagesPullSecrets = &v1alpha1.ImagesPullSecret{}
 	}
@@ -161,19 +167,19 @@ func handleImagesPullSecretForUpdate(
 
 	// check we are not changing mode
 	if secret != nil && (hasRef || hasData) {
-		if isImagesPullSecretKubeappsManaged(repo.name.Name, secret) != hasData {
+		if isImagesPullSecretKubeappsManaged(repo, secret) != hasData {
 			return nil, false, false, status.Errorf(codes.InvalidArgument, "Auth management mode cannot be changed")
 		}
 	}
 
 	// handle user managed secret
 	if hasRef {
-		updatedSecret, err := validateDockerImagePullSecret(ctx, typedClient, repo.name, imagesPullSecrets.GetSecretRef())
+		updatedSecret, err := validateDockerImagePullSecret(ctx, typedClient, repo.GetNamespace(), imagesPullSecrets.GetSecretRef())
 		return updatedSecret, false, true, err
 	}
 
 	// handle kubeapps managed secret
-	updatedSecret, isSameSecret, err := newDockerImagePullSecret(repo.name, imagesPullSecrets.GetCredentials())
+	updatedSecret, isSameSecret, err := newDockerImagePullSecret(repo.GetName(), imagesPullSecrets.GetCredentials())
 	if err != nil {
 		return nil, true, false, err
 	} else if isSameSecret {
@@ -193,7 +199,7 @@ func handleImagesPullSecretForUpdate(
 }
 
 // this func is only used with kubeapps-managed secrets
-func newSecretFromTlsConfigAndAuth(repoName types.NamespacedName,
+func newSecretFromTlsConfigAndAuth(repoName string,
 	tlsConfig *corev1.PackageRepositoryTlsConfig,
 	auth *corev1.PackageRepositoryAuth) (secret *k8scorev1.Secret, isSameSecret bool, err error) {
 	if tlsConfig != nil {
@@ -370,10 +376,10 @@ func createKubeappsManagedRepoSecret(
 
 func validateDockerImagePullSecret(ctx context.Context,
 	typedClient kubernetes.Interface,
-	repoName types.NamespacedName,
+	namespace string,
 	secretName string) (*k8scorev1.Secret, error) {
 
-	if secret, err := typedClient.CoreV1().Secrets(repoName.Namespace).Get(ctx, secretName, metav1.GetOptions{}); err != nil {
+	if secret, err := typedClient.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{}); err != nil {
 		return nil, statuserror.FromK8sError("get", "secret", secretName, err)
 	} else if secret.Type != k8scorev1.SecretTypeDockerConfigJson {
 		return nil, status.Errorf(codes.InvalidArgument, "Images Docker pull secret %s does not have valid type", secretName)
@@ -388,15 +394,16 @@ func imagesPullSecretName(repoName string) string {
 	return fmt.Sprintf("pullsecret-%s", repoName)
 }
 
-func newDockerImagePullSecret(ownerRepo types.NamespacedName, credentials *corev1.DockerCredentials) (secret *k8scorev1.Secret, isSameSecret bool, err error) {
+func newDockerImagePullSecret(repoName string, credentials *corev1.DockerCredentials) (secret *k8scorev1.Secret, isSameSecret bool, err error) {
 	if credentials != nil {
 		if credentials.Server == "" || credentials.Username == "" || credentials.Password == "" || credentials.Email == "" {
 			return nil, false, status.Errorf(codes.InvalidArgument, "Images pull secret Docker credentials are wrong")
 		}
 
 		secret = &k8scorev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Name: imagesPullSecretName(ownerRepo.Name),
+				Name:        imagesPullSecretName(repoName),
+				Annotations: map[string]string{Annotation_ManagedBy_Key: Annotation_ManagedBy_Value},
 			},
 			Type: k8scorev1.SecretTypeDockerConfigJson,
 			Data: map[string][]byte{},
@@ -461,7 +468,7 @@ func (s *Server) deleteRepositorySecretFromNamespace(typedClient kubernetes.Inte
 func validateUserManagedRepoSecret(
 	ctx context.Context,
 	typedClient kubernetes.Interface,
-	repoName types.NamespacedName,
+	namespace string,
 	tlsConfig *corev1.PackageRepositoryTlsConfig,
 	auth *corev1.PackageRepositoryAuth) (*k8scorev1.Secret, error) {
 	var secretRefTls, secretRefAuth string
@@ -498,7 +505,7 @@ func validateUserManagedRepoSecret(
 	if secretRef != "" {
 		var err error
 		// check that the specified secret exists
-		if secret, err = typedClient.CoreV1().Secrets(repoName.Namespace).Get(ctx, secretRef, metav1.GetOptions{}); err != nil {
+		if secret, err = typedClient.CoreV1().Secrets(namespace).Get(ctx, secretRef, metav1.GetOptions{}); err != nil {
 			return nil, statuserror.FromK8sError("get", "secret", secretRef, err)
 		} else {
 			// also check that the data in the opaque secret corresponds
@@ -532,7 +539,7 @@ func validateUserManagedRepoSecret(
 func getRepoImagesPullSecret(source *apprepov1alpha1.AppRepository, imagesPullSecret *k8scorev1.Secret) *v1alpha1.ImagesPullSecret {
 	if imagesPullSecret == nil {
 		return nil
-	} else if isImagesPullSecretKubeappsManaged(source.GetName(), imagesPullSecret) {
+	} else if isImagesPullSecretKubeappsManaged(source, imagesPullSecret) {
 		return &v1alpha1.ImagesPullSecret{
 			DockerRegistryCredentialOneOf: &v1alpha1.ImagesPullSecret_Credentials{
 				Credentials: &corev1.DockerCredentials{
@@ -577,7 +584,7 @@ func getRepoTlsConfigAndAuth(
 				tlsConfig = &corev1.PackageRepositoryTlsConfig{}
 			}
 
-			if isAuthSecretKubeappsManaged(source.GetName(), caSecret) {
+			if isAuthSecretKubeappsManaged(source, caSecret) {
 				tlsConfig.PackageRepoTlsConfigOneOf = &corev1.PackageRepositoryTlsConfig_CertAuthority{
 					CertAuthority: RedactedString,
 				}
@@ -614,7 +621,7 @@ func getRepoTlsConfigAndAuth(
 		}
 
 		// create data
-		if isAuthSecretKubeappsManaged(source.GetName(), authSecret) {
+		if isAuthSecretKubeappsManaged(source, authSecret) {
 			switch auth.Type {
 			case corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH:
 				auth.PackageRepoAuthOneOf = &corev1.PackageRepositoryAuth_UsernamePassword{
@@ -666,12 +673,30 @@ func getRepoTlsConfigAndAuth(
 	return tlsConfig, auth, nil
 }
 
-// note: for now, checking based on name pattern for backward compatibility
-func isAuthSecretKubeappsManaged(repoName string, secret *k8scorev1.Secret) bool {
-	return secret.GetName() == helm.SecretNameForRepo(repoName)
+func isAuthSecretKubeappsManaged(repo *apprepov1alpha1.AppRepository, secret *k8scorev1.Secret) bool {
+	if isSecretKubeappsManaged(repo, secret) {
+		return true
+	}
+
+	// note: until fully deprecated, we also check based on name pattern for backward compatibility
+	return secret.GetName() == helm.SecretNameForRepo(repo.GetName())
 }
 
-// note: for now, checking based on name pattern for backward compatibility
-func isImagesPullSecretKubeappsManaged(repoName string, secret *k8scorev1.Secret) bool {
-	return secret.GetName() == imagesPullSecretName(repoName)
+func isImagesPullSecretKubeappsManaged(repo *apprepov1alpha1.AppRepository, secret *k8scorev1.Secret) bool {
+	if isSecretKubeappsManaged(repo, secret) {
+		return true
+	}
+
+	// note: until fully deprecated, we also check based on name pattern for backward compatibility
+	return secret.GetName() == imagesPullSecretName(repo.GetName())
+}
+
+func isSecretKubeappsManaged(repo *apprepov1alpha1.AppRepository, secret *k8scorev1.Secret) bool {
+	if !metav1.IsControlledBy(secret, repo) {
+		return false
+	}
+	if managedby := secret.GetAnnotations()[Annotation_ManagedBy_Key]; managedby != Annotation_ManagedBy_Value {
+		return false
+	}
+	return true
 }
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ func (s Server) newRepo(ctx context.Context, repo HelmRepository) (*corev1.Pac`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`// Handle imagesPullSecret if any`
`81`		`- imagePullSecret, imagePullSecretIsKubeappsManaged, err := handleImagesPullSecretForCreate(ctx, typedClient, repo)`
	`81`	`+ imagePullSecret, imagePullSecretIsKubeappsManaged, err := handleImagesPullSecretForCreate(ctx, typedClient, repo.name, repo.customDetail)`
`82`	`82`	`if err != nil {`
`83`	`83`	`return nil, err`
`84`	`84`	`}`
`@@ -300,7 +300,7 @@ func (s *Server) updateRepo(ctx context.Context,`
`300`	`300`	`appRepo.Spec.TLSInsecureSkipVerify = repo.tlsConfig != nil && repo.tlsConfig.InsecureSkipVerify`
`301`	`301`
`302`	`302`	`// validate and get updated (or newly created) secret`
`303`		`- secret, secretIsKubeappsManaged, secretIsUpdated, err := handleAuthSecretForUpdate(ctx, typedClient, repo.name, repo.tlsConfig, repo.auth, secret)`
	`303`	`+ secret, secretIsKubeappsManaged, secretIsUpdated, err := handleAuthSecretForUpdate(ctx, typedClient, appRepo, repo.tlsConfig, repo.auth, secret)`
`304`	`304`	`if err != nil {`
`305`	`305`	`return nil, err`
`306`	`306`	`}`
`@@ -315,7 +315,7 @@ func (s *Server) updateRepo(ctx context.Context,`
`315`	`315`	`}`
`316`	`316`
`317`	`317`	`// Handle imagesPullSecret if any`
`318`		`- imagePullSecret, imagePullSecretIsKubeappsManaged, imagePullSecretIsUpdated, err := handleImagesPullSecretForUpdate(ctx, typedClient, repo, imagePullSecret)`
	`318`	`+ imagePullSecret, imagePullSecretIsKubeappsManaged, imagePullSecretIsUpdated, err := handleImagesPullSecretForUpdate(ctx, typedClient, appRepo, repo.customDetail, imagePullSecret)`
`319`	`319`	`if err != nil {`
`320`	`320`	`return nil, err`
`321`	`321`	`}`