Closes a pre-existing gap where the ImageUpdateAutomation SigningKey
field was reachable only by hand-editing the rendered YAML. The two
new flags --signing-key-secret and --signing-key-type populate the
spec.git.commit.signingKey block directly.
When --signing-key-secret is set without --signing-key-type, the run
function leaves spec.git.commit.signingKey.type empty so the
controller's documented default ('gpg' when type is unset[1]) applies
server-side rather than baking the choice into the rendered YAML.
Validation rejects --signing-key-type without --signing-key-secret
and rejects values outside {gpg, ssh}, using the typed
SigningKeyType constants exported from the image-automation-
controller API so the validator and populator share a single source
of truth.
[1]: https://github.com/fluxcd/image-automation-controller/pull/1035
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Hidde Beydals
61316ccca7