Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package flux2-cli for openSUSE:Factory 
checked in at 2026-07-01 16:54:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/flux2-cli (Old)
 and      /work/SRC/openSUSE:Factory/.flux2-cli.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "flux2-cli"

Wed Jul  1 16:54:58 2026 rev:34 rq:1362909 version:2.9.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/flux2-cli/flux2-cli.changes      2026-05-21 
18:28:50.854278881 +0200
+++ /work/SRC/openSUSE:Factory/.flux2-cli.new.11887/flux2-cli.changes   
2026-07-01 16:55:46.944926996 +0200
@@ -1,0 +2,138 @@
+Wed Jul 01 07:58:18 UTC 2026 - Johannes Kastl 
<[email protected]>
+
+- Update to version 2.9.0:
+  Flux v2.9.0 is a feature release. Users are encouraged to upgrade
+  for the best experience.
+  For a compressive overview of new features and API changes
+  included in this release, please refer to the Announcing Flux 2.9
+  GA blog post.
+  https://fluxcd.io/blog/2026/06/flux-v2.9.0/
+  * Overview of the new features:
+    - Flux CLI Plugin System with the Mirror and Schema plugins
+      (flux plugin)
+    - Server-Side Apply field ignore rules for fine-grained drift
+      control (Kustomization)
+    - SOPS decryption with the Age post-quantum cipher
+      (Kustomization)
+    - Kubernetes Workload Identity authentication for OpenBao and
+      Vault (Kustomization)
+    - Helm post-render strategies, including chart hooks support
+      (HelmRelease)
+    - Literal mode for Helm values references mirroring helm
+      --set-literal (HelmRelease)
+    - Allow empty kind in CEL health check expressions
+      (Kustomization, HelmRelease)
+    - Git commit signing and verification with SSH keys
+      (GitRepository, ImageUpdateAutomation)
+    - AWS CodeCommit authentication using Workload Identity
+      (GitRepository)
+    - Custom Sigstore trusted root for keyless verification in
+      air-gapped environments (OCIRepository)
+    - Path pattern directory discovery for monorepos
+      (ArtifactGenerator)
+    - Secret-less, OIDC-secured webhook Receivers (Receiver)
+  * Components changelog
+    - source-controller v1.9.1
+    - kustomize-controller v1.9.1
+    - notification-controller v1.9.1
+    - helm-controller v1.6.1
+    - image-reflector-controller v1.2.1
+    - image-automation-controller v1.2.1
+    - source-watcher v2.2.1
+  * CLI changelog
+    - Add backport label for Flux 2.8 by @matheuscscp in #5732
+    - Remove no longer needed workaround for Flux 2.8 by
+      @matheuscscp in #5733
+    - Update toolkit components by @fluxcdbot in #5740
+    - Add missing things to release notes template by @matheuscscp
+      in #5743
+    - ci: add top-level permissions to upgrade-fluxcd-pkg workflow
+      by @gaganhr94 in #5763
+    - build(deps): bump the ci group across 1 directory with 11
+      updates by @dependabot[bot] in #5764
+    - Update fluxcd/pkg dependencies by @fluxcdbot in #5766
+    - Update toolkit components by @fluxcdbot in #5769
+    - Add target branch name to update branch by @matheuscscp in
+      #5773
+    - Fix/resume exit code by @Aman-Cool in #5701
+    - Mark RFC 0010, 0011 and 0012 as implemented by @stefanprodan
+      in #5776
+    - Update toolkit components by @fluxcdbot in #5780
+    - Add --resolve-symlinks flag to build and push artifact
+      commands by @rohansood10 in #5724
+    - fix: validate --source flag in create kustomization command
+      by @gma1k in #5798
+    - Update toolkit components by @fluxcdbot in #5821
+    - Add --show-source to flux get ks and flux get hr by
+      @rafaelperoco in #5828
+    - Add flux create secret receiver command by @stefanprodan in
+      #5835
+    - fix: handle multiple symlinks to same target in build
+      artifact by @Iam-Karan-Suresh in #5833
+    - Add --in-memory-build to flux build ks and flux diff ks by
+      @rycli in #5794
+    - Migrate end-to-end test to latest cloud SDKs by @stefanprodan
+      in #5840
+    - docs: Add AI Coding Assistants Guidance by @stefanprodan in
+      #5841
+    - Add AI Agents guidance by @stefanprodan in #5847
+    - [RFC-0013] Flux CLI Plugin System by @stefanprodan in #5795
+    - Add --ignore-not-found to flux diff ks by @rycli in #5845
+    - [RFC-0013] Implement plugin system by @stefanprodan in #5849
+    - build(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to
+      5.18.0 by @dependabot[bot] in #5853
+    - Update toolkit components by @fluxcdbot in #5856
+    - Add digest pinning support to flux plugin install by
+      @Iam-Karan-Suresh in #5872
+    - Add --ns-follows-kube-context global flag for using the
+      kubeconfig context namespace by @jtyr in #5831
+    - include source-watcher in install.yaml manifests by @tmmorin
+      in #5881
+    - Update toolkit components by @fluxcdbot in #5890
+    - Update toolkit components by @fluxcdbot in #5903
+    - Update fluxcd/pkg dependencies by @fluxcdbot in #5907
+    - Validate Helm source URL schemes by @immanuwell in #5909
+    - Introduce flux trigger receiver by @matheuscscp in #5908
+    - refactor(api): migrate MakeDependsOn to shared apis/meta func
+      by @vecil in #5912
+    - Update to Kubernetes 1.36 and Go 1.26 by @stefanprodan in
+      #5924
+    - build(deps): bump the ci group across 1 directory with 19
+      updates by @dependabot[bot] in #5925
+    - Run conformance tests for Kubernetes 1.36 by @stefanprodan in
+      #5926
+    - Add support for AWS CodeCommit to flux bootstrap git by
+      @taraspos in #5868
+    - Validate plugin binary path by @stefanprodan in #5927
+    - Update fluxcd/pkg dependencies by @fluxcdbot in #5928
+    - fix: preserve invalid metadata.labels in flux build ks by
+      @raffis in #5906
+    - build: target host arch for local builds/envtest by
+      @stealthybox in #5932
+    - build(deps): bump the ci group with 6 updates by
+      @dependabot[bot] in #5938
+    - Support specifing sparseCheckout in flux bootstrap by
+      @piny940 in #5918
+    - Update toolkit components by @fluxcdbot in #5944
+    - Honor ks.spec.postBuild.substituteStrategy by @matheuscscp in
+      #5945
+    - Add DriftIgnoreRules support to flux diff kustomization by
+      @dipti-pai in #5923
+    - Allow signing commits using SSH key by @hiddeco in #5920
+    - Update toolkit components by @fluxcdbot in #5950
+    - Update fluxcd/pkg dependencies by @fluxcdbot in #5937
+    - cmd: support type!=status in get --status-selector by
+      @3uzbcqje in #5952
+    - Fix flux get all --status-selector for empty results and
+      notification resources by @matheuscscp in #5954
+    - Upgrade go-git-providers to v0.27.0 by @matheuscscp in #5956
+    - Fix using Receiver adapter for ArtifactGenerator by
+      @matheuscscp in #5957
+    - feat: Install Plugins alongside Flux setup in gh actions by
+      @gat786 in #5955
+    - Update fluxcd/pkg dependencies by @fluxcdbot in #5960
+    - Add CLI support for OCIRepository.spec.layerSelector in flux
+      create source oci by @dme86 in #5892
+    - Update toolkit components by @fluxcdbot in #5963
+
+-------------------------------------------------------------------

Old:
----
  flux2-cli-2.8.8.obscpio

New:
----
  flux2-cli-2.9.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ flux2-cli.spec ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:58.197308528 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:58.197308528 +0200
@@ -20,16 +20,16 @@
 
 # check these versions on updates
 # see flux2/manifests/bases/*/kustomization.yaml
-%define helm_controller_version             v1.5.5
-%define image_automation_controller_version v1.1.4
-%define image_reflector_controller_version  v1.1.2
-%define kustomize_controller_version        v1.8.5
-%define notification_controller_version     v1.8.4
-%define source_controller_version           v1.8.5
-%define source_watcher_version              v2.1.1
+%define helm_controller_version             v1.6.1
+%define image_automation_controller_version v1.2.1
+%define image_reflector_controller_version  v1.2.1
+%define kustomize_controller_version        v1.9.1
+%define notification_controller_version     v1.9.1
+%define source_controller_version           v1.9.1
+%define source_watcher_version              v2.2.1
 
 Name:           flux2-cli
-Version:        2.8.8
+Version:        2.9.0
 Release:        0
 Summary:        CLI for Flux2CD
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:58.301312052 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:58.309312323 +0200
@@ -1,9 +1,9 @@
 <services>
   <service name="obs_scm" mode="manual">
-    <param name="url">https://github.com/fluxcd/flux2</param>
+    <param name="url">https://github.com/fluxcd/flux2.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v2.8.8</param>
+    <param name="revision">refs/tags/v2.9.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:58.333313137 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:58.337313272 +0200
@@ -1,6 +1,8 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/fluxcd/flux2</param>
-              <param 
name="changesrevision">1fd61a06264d71cf445ed55c4f14d401d26a1c64</param></service></servicedata>
+              <param 
name="changesrevision">1fd61a06264d71cf445ed55c4f14d401d26a1c64</param></service><service
 name="tar_scm">
+                <param name="url">https://github.com/fluxcd/flux2.git</param>
+              <param 
name="changesrevision">dcc7def046cba2fe8d15d9737a4c250100f62fe0</param></service></servicedata>
 (No newline at EOF)
 

++++++ flux2-cli-2.8.8.obscpio -> flux2-cli-2.9.0.obscpio ++++++
++++ 12611 lines of diff (skipped)

++++++ flux2-cli.obsinfo ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.325346753 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.333347025 +0200
@@ -1,5 +1,5 @@
 name: flux2-cli
-version: 2.8.8
-mtime: 1779274700
-commit: 1fd61a06264d71cf445ed55c4f14d401d26a1c64
+version: 2.9.0
+mtime: 1782824451
+commit: dcc7def046cba2fe8d15d9737a4c250100f62fe0
 

++++++ helm-controller.crds.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.381348651 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.393349058 +0200
@@ -2,11 +2,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: helmreleases.helm.toolkit.fluxcd.io
 spec:
   group: helm.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-appliers
     kind: HelmRelease
     listKind: HelmReleaseList
     plural: helmreleases
@@ -243,16 +247,17 @@
                   references to HelmRelease resources that must be ready 
before this HelmRelease
                   can be reconciled.
                 items:
-                  description: DependencyReference defines a HelmRelease 
dependency
-                    on another HelmRelease resource.
+                  description: |-
+                    DependencyReference contains enough information to locate 
the referenced Kubernetes resource object
+                    and optional CEL expression to assess its readiness.
                   properties:
                     name:
                       description: Name of the referent.
                       type: string
                     namespace:
                       description: |-
-                        Namespace of the referent, defaults to the namespace 
of the HelmRelease
-                        resource object that contains the reference.
+                        Namespace of the referent, defaults to the namespace 
of the resource
+                        object that contains the reference.
                       type: string
                     readyExpr:
                       description: |-
@@ -383,7 +388,6 @@
                   required:
                   - apiVersion
                   - current
-                  - kind
                   type: object
                 type: array
               install:
@@ -621,6 +625,18 @@
 
                   If not set, it defaults to true.
                 type: boolean
+              postRenderStrategy:
+                description: |-
+                  PostRenderStrategy defines the strategy for sending hooks to 
post-renderers.
+                  Valid values are 'nohooks' (hooks not sent to 
post-renderers, Helm 3 behavior),
+                  'combined' (hooks and templates sent together, Helm 4 
default), and 'separate'
+                  (hooks and templates sent in separate streams, Helm 4.2 
opt-in).
+                  Defaults to 'combined', or 'nohooks' when the 
UseHelm3Defaults feature gate is enabled.
+                enum:
+                - nohooks
+                - combined
+                - separate
+                type: string
               postRenderers:
                 description: |-
                   PostRenderers holds an array of Helm PostRenderers, which 
will be applied in order
@@ -906,6 +922,18 @@
                 description: Upgrade holds the configuration for Helm upgrade 
actions
                   for this HelmRelease.
                 properties:
+                  chartNameChangeStrategy:
+                    description: |-
+                      ChartNameChangeStrategy defines the strategy to use when 
a Helm chart name changes.
+                      Valid values are 'Reinstall' or 'InPlaceUpdate'. 
Defaults to 'Reinstall' if omitted.
+
+                      Reinstall: Reinstall the Helm release, uninstalling the 
existing Helm release.
+
+                      InPlaceUpdate: Update the Helm release in place.
+                    enum:
+                    - InPlaceUpdate
+                    - Reinstall
+                    type: string
                   cleanupOnFail:
                     description: |-
                       CleanupOnFail allows deletion of new resources created 
during the Helm
@@ -1068,6 +1096,17 @@
                       - Secret
                       - ConfigMap
                       type: string
+                    literal:
+                      description: |-
+                        Literal marks this ValuesReference as a literal value. 
When set in
+                        combination with TargetPath, the referenced value is 
merged at the target
+                        path without interpreting Helm's `--set` syntax 
(commas, brackets, dots,
+                        equal signs, etc.), mirroring the behavior of `helm 
--set-literal`. This
+                        is the only safe way to inject arbitrary file content 
(config files, JSON
+                        blobs, multi-line strings containing special 
characters) through
+                        `valuesFrom`. Has no effect when TargetPath is empty: 
in that mode the
+                        referenced value is always YAML-merged at the root.
+                      type: boolean
                     name:
                       description: |-
                         Name of the values referent. Should reside in the same 
namespace as the

++++++ helm-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.421350007 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.425350142 +0200
@@ -28,7 +28,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/helm-controller:v1.5.5
+        image: fluxcd/helm-controller:v1.6.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ image-automation-controller.crds.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.477351905 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.485352176 +0200
@@ -2,11 +2,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: imageupdateautomations.image.toolkit.fluxcd.io
 spec:
   group: image.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-images
     kind: ImageUpdateAutomation
     listKind: ImageUpdateAutomationList
     plural: imageupdateautomations
@@ -136,15 +140,28 @@
                           templating rendering.
                         type: object
                       signingKey:
-                        description: SigningKey provides the option to sign 
commits
-                          with a GPG key
+                        description: |-
+                          SigningKey provides the option to sign commits with 
an OpenPGP or
+                          SSH signing key, referenced from a Secret. See 
SigningKey.
                         properties:
                           secretRef:
                             description: |-
-                              SecretRef holds the name to a secret that 
contains a 'git.asc' key
-                              corresponding to the ASCII Armored file 
containing the GPG signing
-                              keypair as the value. It must be in the same 
namespace as the
+                              SecretRef references a Secret containing the 
signing key. For type
+                              'gpg', the Secret must contain a 'git.asc' 
(ASCII-armored OpenPGP
+                              keypair) and may contain a 'passphrase'. For 
type 'ssh', the Secret
+                              must contain an 'identity' (an SSH private key 
in any format
+                              golang.org/x/crypto/ssh.ParsePrivateKey accepts; 
typically the
+                              OpenSSH format produced by 'ssh-keygen') and may 
contain a 'password'
+                              (the key's passphrase). The SSH conventions 
match the GitRepository
+                              SSH transport-auth Secret format, allowing a 
single Secret to serve
+                              both transport and signing when the 
ImageUpdateAutomation lives in
+                              the same namespace as the GitRepository.
+
+                              The Secret itself must live in the same 
namespace as the
                               ImageUpdateAutomation.
+
+                              Supported SSH key algorithms: ed25519, 
ecdsa-sha2-nistp256/384/521,
+                              and rsa (>= 2048-bit).
                             properties:
                               name:
                                 description: Name of the referent.
@@ -152,411 +169,15 @@
                             required:
                             - name
                             type: object
-                        required:
-                        - secretRef
-                        type: object
-                    required:
-                    - author
-                    type: object
-                  push:
-                    description: |-
-                      Push specifies how and where to push commits made by the
-                      automation. If missing, commits are pushed (back) to
-                      `.spec.checkout.branch` or its default.
-                    properties:
-                      branch:
-                        description: |-
-                          Branch specifies that commits should be pushed to 
the branch
-                          named. The branch is created using 
`.spec.checkout.branch` as the
-                          starting point, if it doesn't already exist.
-                        type: string
-                      options:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          Options specifies the push options that are sent to 
the Git
-                          server when performing a push operation. For 
details, see:
-                          
https://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt
-                        type: object
-                      refspec:
-                        description: |-
-                          Refspec specifies the Git Refspec to use for a push 
operation.
-                          If both Branch and Refspec are provided, then the 
commit is pushed
-                          to the branch and also using the specified refspec.
-                          For more details about Git Refspecs, see:
-                          
https://git-scm.com/book/en/v2/Git-Internals-The-Refspec
-                        type: string
-                    type: object
-                required:
-                - commit
-                type: object
-              interval:
-                description: |-
-                  Interval gives an lower bound for how often the automation
-                  run should be attempted.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              policySelector:
-                description: |-
-                  PolicySelector allows to filter applied policies based on 
labels.
-                  By default includes all policies in namespace.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector 
requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: |-
-                        A label selector requirement is a selector that 
contains values, a key, and an operator that
-                        relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector 
applies
-                            to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set 
of values.
-                            Valid operators are In, NotIn, Exists and 
DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the 
operator is In or NotIn,
-                            the values array must be non-empty. If the 
operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is 
replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      matchLabels is a map of {key,value} pairs. A single 
{key,value} in the matchLabels
-                      map is equivalent to an element of matchExpressions, 
whose key field is "key", the
-                      operator is "In", and the values array contains only 
"value". The requirements are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              sourceRef:
-                description: |-
-                  SourceRef refers to the resource giving access details
-                  to a git repository.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  kind:
-                    default: GitRepository
-                    description: Kind of the referent.
-                    enum:
-                    - GitRepository
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                  namespace:
-                    description: Namespace of the referent, defaults to the 
namespace
-                      of the Kubernetes resource object that contains the 
reference.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: |-
-                  Suspend tells the controller to not run this automation, 
until
-                  it is unset (or set to false). Defaults to false.
-                type: boolean
-              update:
-                default:
-                  strategy: Setters
-                description: |-
-                  Update gives the specification for how to update the files in
-                  the repository. This can be left empty, to use the default
-                  value.
-                properties:
-                  path:
-                    description: |-
-                      Path to the directory containing the manifests to be 
updated.
-                      Defaults to 'None', which translates to the root path
-                      of the GitRepositoryRef.
-                    type: string
-                  strategy:
-                    default: Setters
-                    description: Strategy names the strategy to be used.
-                    enum:
-                    - Setters
-                    type: string
-                type: object
-            required:
-            - interval
-            - sourceRef
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: ImageUpdateAutomationStatus defines the observed 
state of
-              ImageUpdateAutomation
-            properties:
-              conditions:
-                items:
-                  description: Condition contains details for one aspect of 
the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition 
transitioned from one status to another.
-                        This should be when the underlying condition changed.  
If that is not known, then using the time when the API field changed is 
acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details 
about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation 
that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, 
but the .status.conditions[x].observedGeneration is 9, the condition is out of 
date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating 
the reason for the condition's last transition.
-                        Producers of specific condition types may define 
expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, 
False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in 
foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: 
^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastAutomationRunTime:
-                description: |-
-                  LastAutomationRunTime records the last time the controller 
ran
-                  this automation through to completion (even if no updates 
were
-                  made).
-                format: date-time
-                type: string
-              lastHandledReconcileAt:
-                description: |-
-                  LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value
-                  can be detected.
-                type: string
-              lastPushCommit:
-                description: |-
-                  LastPushCommit records the SHA1 of the last commit made by 
the
-                  controller, for this automation object
-                type: string
-              lastPushTime:
-                description: LastPushTime records the time of the last pushed 
change.
-                format: date-time
-                type: string
-              observedGeneration:
-                format: int64
-                type: integer
-              observedPolicies:
-                additionalProperties:
-                  description: ImageRef represents an image reference.
-                  properties:
-                    digest:
-                      description: Digest is the image's digest.
-                      type: string
-                    name:
-                      description: Name is the bare image's name.
-                      type: string
-                    tag:
-                      description: Tag is the image's tag.
-                      type: string
-                  required:
-                  - name
-                  - tag
-                  type: object
-                description: |-
-                  ObservedPolicies is the list of observed ImagePolicies that 
were
-                  considered by the ImageUpdateAutomation update process.
-                type: object
-              observedSourceRevision:
-                description: |-
-                  ObservedPolicies []ObservedPolicy 
`json:"observedPolicies,omitempty"`
-                  ObservedSourceRevision is the last observed source revision. 
This can be
-                  used to determine if the source has been updated since last 
observation.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .status.lastAutomationRunTime
-      name: Last run
-      priority: 1
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    deprecated: true
-    deprecationWarning: v1beta2 ImageUpdateAutomation is deprecated, upgrade 
to v1
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: ImageUpdateAutomation is the Schema for the 
imageupdateautomations
-          API
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation 
of an object.
-              Servers should convert recognized schemas to the latest internal 
value, and
-              may reject unrecognized values.
-              More info: 
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this 
object represents.
-              Servers may infer this from the endpoint the client submits 
requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: 
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ImageUpdateAutomationSpec defines the desired state 
of ImageUpdateAutomation
-            properties:
-              git:
-                description: |-
-                  GitSpec contains all the git-specific definitions. This is
-                  technically optional, but in practice mandatory until there 
are
-                  other kinds of source allowed.
-                properties:
-                  checkout:
-                    description: |-
-                      Checkout gives the parameters for cloning the git 
repository,
-                      ready to make changes. If not present, the `spec.ref` 
field from the
-                      referenced `GitRepository` or its default will be used.
-                    properties:
-                      ref:
-                        description: |-
-                          Reference gives a branch, tag or commit to clone 
from the Git
-                          repository.
-                        properties:
-                          branch:
-                            description: Branch to check out, defaults to 
'master'
-                              if no other field is defined.
-                            type: string
-                          commit:
+                          type:
                             description: |-
-                              Commit SHA to check out, takes precedence over 
all reference fields.
-
-                              This can be combined with Branch to shallow 
clone the branch, in which
-                              the commit is expected to exist.
-                            type: string
-                          name:
-                            description: |-
-                              Name of the reference to check out; takes 
precedence over Branch, Tag and SemVer.
-
-                              It must be a valid Git reference: 
https://git-scm.com/docs/git-check-ref-format#_description
-                              Examples: "refs/heads/main", "refs/tags/v0.1.0", 
"refs/pull/420/head", "refs/merge-requests/1/head"
-                            type: string
-                          semver:
-                            description: SemVer tag expression to check out, 
takes
-                              precedence over Tag.
-                            type: string
-                          tag:
-                            description: Tag to check out, takes precedence 
over Branch.
-                            type: string
-                        type: object
-                    required:
-                    - ref
-                    type: object
-                  commit:
-                    description: Commit specifies how to commit to the git 
repository.
-                    properties:
-                      author:
-                        description: |-
-                          Author gives the email and optionally the name to 
use as the
-                          author of commits.
-                        properties:
-                          email:
-                            description: Email gives the email to provide when 
making
-                              a commit.
-                            type: string
-                          name:
-                            description: Name gives the name to provide when 
making
-                              a commit.
+                              Type selects the signing-key format expected in 
the referenced
+                              Secret. When empty, the controller defaults to 
'gpg'.
+                            enum:
+                            - gpg
+                            - ssh
                             type: string
                         required:
-                        - email
-                        type: object
-                      messageTemplate:
-                        description: |-
-                          MessageTemplate provides a template for the commit 
message,
-                          into which will be interpolated the details of the 
change made.
-                          Note: The `Updated` template field has been removed. 
Use `Changed` instead.
-                        type: string
-                      messageTemplateValues:
-                        additionalProperties:
-                          type: string
-                        description: |-
-                          MessageTemplateValues provides additional values to 
be available to the
-                          templating rendering.
-                        type: object
-                      signingKey:
-                        description: SigningKey provides the option to sign 
commits
-                          with a GPG key
-                        properties:
-                          secretRef:
-                            description: |-
-                              SecretRef holds the name to a secret that 
contains a 'git.asc' key
-                              corresponding to the ASCII Armored file 
containing the GPG signing
-                              keypair as the value. It must be in the same 
namespace as the
-                              ImageUpdateAutomation.
-                            properties:
-                              name:
-                                description: Name of the referent.
-                                type: string
-                            required:
-                            - name
-                            type: object
-                        required:
                         - secretRef
                         type: object
                     required:
@@ -820,7 +441,7 @@
             type: object
         type: object
     served: true
-    storage: false
+    storage: true
     subresources:
       status: {}
 

++++++ image-automation-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.517353260 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.521353396 +0200
@@ -28,7 +28,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/image-automation-controller:v1.1.4
+        image: fluxcd/image-automation-controller:v1.2.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ image-reflector-controller.crds.yaml ++++++
++++ 626 lines (skipped)
++++ between 
/work/SRC/openSUSE:Factory/flux2-cli/image-reflector-controller.crds.yaml
++++ and 
/work/SRC/openSUSE:Factory/.flux2-cli.new.11887/image-reflector-controller.crds.yaml

++++++ image-reflector-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.585355564 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.593355835 +0200
@@ -28,7 +28,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/image-reflector-controller:v1.1.2
+        image: fluxcd/image-reflector-controller:v1.2.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ kustomize-controller.crds.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.637357326 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.653357869 +0200
@@ -2,11 +2,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: kustomizations.kustomize.toolkit.fluxcd.io
 spec:
   group: kustomize.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-appliers
     kind: Kustomization
     listKind: KustomizationList
     plural: kustomizations
@@ -52,6 +56,20 @@
               KustomizationSpec defines the configuration to calculate the 
desired state
               from a Source using Kustomize.
             properties:
+              buildMetadata:
+                description: |-
+                  BuildMetadata specifies which kustomize build metadata 
should be added
+                  to the built resources. The allowed values are 
'originAnnotations' to
+                  annotate resources with their source origin, and 
'transformerAnnotations'
+                  to annotate resources with the transformers that produced 
them.
+                items:
+                  description: BuildMetadataOption defines the supported 
buildMetadata
+                    options.
+                  enum:
+                  - originAnnotations
+                  - transformerAnnotations
+                  type: string
+                type: array
               commonMetadata:
                 description: |-
                   CommonMetadata specifies the common labels and annotations 
that are
@@ -125,16 +143,17 @@
                   with references to Kustomization resources that must be 
ready before this
                   Kustomization can be reconciled.
                 items:
-                  description: DependencyReference defines a Kustomization 
dependency
-                    on another Kustomization resource.
+                  description: |-
+                    DependencyReference contains enough information to locate 
the referenced Kubernetes resource object
+                    and optional CEL expression to assess its readiness.
                   properties:
                     name:
                       description: Name of the referent.
                       type: string
                     namespace:
                       description: |-
-                        Namespace of the referent, defaults to the namespace 
of the Kustomization
-                        resource object that contains the reference.
+                        Namespace of the referent, defaults to the namespace 
of the resource
+                        object that contains the reference.
                       type: string
                     readyExpr:
                       description: |-
@@ -187,7 +206,6 @@
                   required:
                   - apiVersion
                   - current
-                  - kind
                   type: object
                 type: array
               healthChecks:
@@ -216,6 +234,73 @@
                   - name
                   type: object
                 type: array
+              ignore:
+                description: |-
+                  Ignore is a list of rules for specifying which changes to 
ignore
+                  during drift detection. These rules are applied to the 
resources managed
+                  by the Kustomization and are used to exclude specific JSON 
pointer paths
+                  from the drift detection and apply process.
+                items:
+                  description: |-
+                    IgnoreRule defines a rule to selectively disregard 
specific changes during
+                    the drift detection process.
+                  properties:
+                    paths:
+                      description: |-
+                        Paths is a list of JSON Pointer (RFC 6901) paths to be 
excluded from
+                        consideration in a Kubernetes object.
+                      items:
+                        type: string
+                      type: array
+                    target:
+                      description: |-
+                        Target is a selector for specifying Kubernetes objects 
to which this
+                        rule applies.
+                        If Target is not set, the Paths will be ignored for 
all Kubernetes
+                        objects within the manifest of the Kustomization.
+                      properties:
+                        annotationSelector:
+                          description: |-
+                            AnnotationSelector is a string that follows the 
label selection expression
+                            
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource annotations.
+                          type: string
+                        group:
+                          description: |-
+                            Group is the API group to select resources from.
+                            Together with Version and Kind it is capable of 
unambiguously identifying and/or selecting resources.
+                            
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        kind:
+                          description: |-
+                            Kind of the API Group to select resources from.
+                            Together with Group and Version it is capable of 
unambiguously
+                            identifying and/or selecting resources.
+                            
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                        labelSelector:
+                          description: |-
+                            LabelSelector is a string that follows the label 
selection expression
+                            
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                            It matches with the resource labels.
+                          type: string
+                        name:
+                          description: Name to match resources with.
+                          type: string
+                        namespace:
+                          description: Namespace to select resources from.
+                          type: string
+                        version:
+                          description: |-
+                            Version of the API Group to select resources from.
+                            Together with Group and Kind it is capable of 
unambiguously identifying and/or selecting resources.
+                            
https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                          type: string
+                      type: object
+                  required:
+                  - paths
+                  type: object
+                type: array
               ignoreMissingComponents:
                 description: |-
                   IgnoreMissingComponents instructs the controller to ignore 
Components paths
@@ -464,6 +549,19 @@
                       - name
                       type: object
                     type: array
+                  substituteStrategy:
+                    description: |-
+                      SubstituteStrategy defines the strategy for substituting 
variables in the YAML manifests.
+                      Valid values are:
+
+                       - WithVariables (the default): require at least one 
variable to be defined,
+                         either through the inline map or through the resolved 
references to ConfigMaps
+                         and Secrets.
+                       - Always: perform the substitution even if no variables 
are defined.
+                    enum:
+                    - WithVariables
+                    - Always
+                    type: string
                 type: object
               prune:
                 description: Prune enables garbage collection.

++++++ kustomize-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.733360580 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.757361393 +0200
@@ -28,7 +28,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/kustomize-controller:v1.8.5
+        image: fluxcd/kustomize-controller:v1.9.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ notification-controller.crds.yaml ++++++
++++ 905 lines (skipped)
++++ between 
/work/SRC/openSUSE:Factory/flux2-cli/notification-controller.crds.yaml
++++ and 
/work/SRC/openSUSE:Factory/.flux2-cli.new.11887/notification-controller.crds.yaml

++++++ notification-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.845364375 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.849364511 +0200
@@ -60,7 +60,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/notification-controller:v1.8.4
+        image: fluxcd/notification-controller:v1.9.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ source-controller.crds.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:55:59.913366679 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:55:59.961368306 +0200
@@ -2,11 +2,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: buckets.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: Bucket
     listKind: BucketList
     plural: buckets
@@ -384,14 +388,20 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: externalartifacts.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: ExternalArtifact
     listKind: ExternalArtifactList
     plural: externalartifacts
+    shortNames:
+    - ea
     singular: externalartifact
   scope: Namespaced
   versions:
@@ -575,11 +585,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: gitrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: GitRepository
     listKind: GitRepositoryList
     plural: gitrepositories
@@ -677,10 +691,11 @@
                 type: string
               provider:
                 description: |-
-                  Provider used for authentication, can be 'azure', 'github', 
'generic'.
+                  Provider used for authentication, can be 'aws', 'azure', 
'github', 'generic'.
                   When not specified, defaults to 'generic'.
                 enum:
                 - generic
+                - aws
                 - azure
                 - github
                 type: string
@@ -749,7 +764,7 @@
               serviceAccountName:
                 description: |-
                   ServiceAccountName is the name of the Kubernetes 
ServiceAccount used to
-                  authenticate to the GitRepository. This field is only 
supported for 'azure' provider.
+                  authenticate to the GitRepository. This field is only 
supported for 'azure' and 'aws' providers.
                 type: string
               sparseCheckout:
                 description: |-
@@ -797,7 +812,8 @@
                   secretRef:
                     description: |-
                       SecretRef specifies the Secret containing the public 
keys of trusted Git
-                      authors.
+                      authors. PGP public keys must be stored under keys with 
the .asc suffix,
+                      and SSH public keys must be stored under keys with the 
.sshpub suffix.
                     properties:
                       name:
                         description: Name of the referent.
@@ -814,8 +830,9 @@
             type: object
             x-kubernetes-validations:
             - message: serviceAccountName can only be set when provider is 
'azure'
-              rule: '!has(self.serviceAccountName) || (has(self.provider) && 
self.provider
-                == ''azure'')'
+                or 'aws'
+              rule: '!has(self.serviceAccountName) || (has(self.provider) && 
(self.provider
+                == ''azure'' || self.provider == ''aws''))'
           status:
             default:
               observedGeneration: -1
@@ -1057,11 +1074,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: helmcharts.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: HelmChart
     listKind: HelmChartList
     plural: helmcharts
@@ -1411,11 +1432,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: helmrepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: HelmRepository
     listKind: HelmRepositoryList
     plural: helmrepositories
@@ -1732,11 +1757,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: ocirepositories.source.toolkit.fluxcd.io
 spec:
   group: source.toolkit.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: OCIRepository
     listKind: OCIRepositoryList
     plural: ocirepositories
@@ -1971,6 +2000,19 @@
                     properties:
                       name:
                         description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  trustedRootSecretRef:
+                    description: |-
+                      TrustedRootSecretRef specifies the Kubernetes Secret 
containing a
+                      Sigstore trusted_root.json file. This enables 
verification against
+                      self-hosted Sigstore infrastructure (custom Fulcio CA, 
self-hosted
+                      Rekor instance). The Secret must contain a key named 
"trusted_root.json".
+                    properties:
+                      name:
+                        description: Name of the referent.
                         type: string
                     required:
                     - name

++++++ source-controller.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:56:00.061371695 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:56:00.093372779 +0200
@@ -50,7 +50,7 @@
               fieldPath: metadata.namespace
         - name: TUF_ROOT
           value: /tmp/.sigstore
-        image: fluxcd/source-controller:v1.8.5
+        image: fluxcd/source-controller:v1.9.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ source-watcher.crds.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:56:00.161375084 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:56:00.205376575 +0200
@@ -2,11 +2,15 @@
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.21.0
   name: artifactgenerators.source.extensions.fluxcd.io
 spec:
   group: source.extensions.fluxcd.io
   names:
+    categories:
+    - all
+    - fluxcd
+    - fluxcd-sources
     kind: ArtifactGenerator
     listKind: ArtifactGeneratorList
     plural: artifactgenerators
@@ -67,7 +71,10 @@
                           exclude:
                             description: |-
                               Exclude specifies a list of glob patterns to 
exclude
-                              files and dirs matched by the 'From' field.
+                              files and dirs matched by the 'From' field. 
Patterns are matched
+                              against paths relative to the source alias root 
or to the non-glob
+                              prefix of 'From'. Patterns without a separator 
(e.g. "*.md") match
+                              the file name at any depth.
                             items:
                               type: string
                             maxItems: 100
@@ -75,8 +82,10 @@
                           from:
                             description: |-
                               From specifies the source (by alias) and the 
glob pattern to match files.
-                              The format is "@<alias>/<glob-pattern>".
+                              The format is "@<alias>/<glob-pattern>". When 
pathPattern is set,
+                              the path may use capture placeholders such as 
"{app}".
                             maxLength: 1024
+                            minLength: 1
                             pattern: ^@([a-z0-9]([a-z0-9_-]*[a-z0-9])?)/(.*)$
                             type: string
                           strategy:
@@ -97,8 +106,10 @@
                             description: |-
                               To specifies the destination path within the 
artifact.
                               The format is "@artifact/path", the alias 
"artifact"
-                              refers to the root path of the generated 
artifact.
+                              refers to the root path of the generated 
artifact. When pathPattern
+                              is set, the path may use capture placeholders 
such as "{app}".
                             maxLength: 1024
+                            minLength: 1
                             pattern: ^@(artifact)/(.*)$
                             type: string
                         required:
@@ -108,9 +119,11 @@
                       minItems: 1
                       type: array
                     name:
-                      description: Name is the name of the generated artifact.
+                      description: |-
+                        Name is the name of the generated artifact.
+                        When pathPattern is set, this field may use capture 
placeholders such as "{app}".
                       maxLength: 253
-                      pattern: ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
+                      minLength: 1
                       type: string
                     originRevision:
                       description: |-
@@ -138,6 +151,31 @@
                 maxItems: 1000
                 minItems: 1
                 type: array
+              commonMetadata:
+                description: |-
+                  CommonMetadata specifies the common labels and annotations 
that are
+                  applied to all resources. Any existing label or annotation 
will be
+                  overridden if its key matches a common one.
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: Annotations to be added to the object's 
metadata.
+                    type: object
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: Labels to be added to the object's metadata.
+                    type: object
+                type: object
+              pathPattern:
+                description: |-
+                  PathPattern specifies a directory traversal pattern to match 
within the sources.
+                  The format is "@<alias>/<pattern>". Named captures in the 
pattern (e.g. "{app}")
+                  can be used as placeholders in OutputArtifacts fields.
+                maxLength: 1024
+                pattern: ^@([a-z0-9]([a-z0-9_-]*[a-z0-9])?)/(.*)$
+                type: string
               sources:
                 description: |-
                   Sources is a list of references to the Flux source-controller
@@ -189,6 +227,11 @@
             - artifacts
             - sources
             type: object
+            x-kubernetes-validations:
+            - message: artifact names must be valid Kubernetes object names 
when pathPattern
+                is not set
+              rule: has(self.pathPattern) && size(self.pathPattern) > 0 || 
self.artifacts.all(a,
+                
a.name.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'))
           status:
             description: ArtifactGeneratorStatus defines the observed state of 
ArtifactGenerator.
             properties:

++++++ source-watcher.deployment.yaml ++++++
--- /var/tmp/diff_new_pack.wjiEoR/_old  2026-07-01 16:56:00.277379015 +0200
+++ /var/tmp/diff_new_pack.wjiEoR/_new  2026-07-01 16:56:00.297379692 +0200
@@ -48,7 +48,7 @@
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: fluxcd/source-watcher:v2.1.1
+        image: fluxcd/source-watcher:v2.2.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/flux2-cli/vendor.tar.gz 
/work/SRC/openSUSE:Factory/.flux2-cli.new.11887/vendor.tar.gz differ: char 14, 
line 1

Reply via email to