chore(lint): enable nestingReduce linter (#23378)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2026-02-20 01:28:45 +01:00 · 2025-06-13 13:43:16 -04:00
parent 1df47e9aa4
commit d33b9b98ba
12 changed files with 285 additions and 269 deletions
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -66,7 +66,6 @@ linters:
        - hugeParam
        - importShadow
        - mapKey
-        - nestingReduce
        - paramTypeCombine
        - ptrToRefParam
        - rangeValCopy
--- a/applicationset/generators/duck_type.go
+++ b/applicationset/generators/duck_type.go
@@ -180,14 +180,15 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A
 		found := false

 		for _, argoCluster := range clustersFromArgoCD {
-			if argoCluster.Name == strMatchValue {
-				log.WithField(matchKey, argoCluster.Name).Info("matched cluster in ArgoCD")
-				params["name"] = argoCluster.Name
-				params["server"] = argoCluster.Server
-
-				found = true
-				break // Stop looking
+			if argoCluster.Name != strMatchValue {
+				continue
 			}
+			log.WithField(matchKey, argoCluster.Name).Info("matched cluster in ArgoCD")
+			params["name"] = argoCluster.Name
+			params["server"] = argoCluster.Server
+
+			found = true
+			break // Stop looking
 		}

 		if !found {
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -1106,15 +1106,16 @@ func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, n

 		for _, kustomizeImage := range opts.kustomizeImages {
 			for i, item := range source.Kustomize.Images {
-				if argoappv1.KustomizeImage(kustomizeImage).Match(item) {
-					updated = true
-					// remove i
-					a := source.Kustomize.Images
-					copy(a[i:], a[i+1:]) // Shift a[i+1:] left one index.
-					a[len(a)-1] = ""     // Erase last element (write zero value).
-					a = a[:len(a)-1]     // Truncate slice.
-					source.Kustomize.Images = a
+				if !argoappv1.KustomizeImage(kustomizeImage).Match(item) {
+					continue
 				}
+				updated = true
+				// remove i
+				a := source.Kustomize.Images
+				copy(a[i:], a[i+1:]) // Shift a[i+1:] left one index.
+				a[len(a)-1] = ""     // Erase last element (write zero value).
+				a = a[:len(a)-1]     // Truncate slice.
+				source.Kustomize.Images = a
 			}
 		}

--- a/controller/hook.go
+++ b/controller/hook.go
@@ -153,16 +153,17 @@ func (ctrl *ApplicationController) cleanupPostDeleteHooks(liveObjs map[kube.Reso

 	for _, obj := range hooks {
 		for _, policy := range hook.DeletePolicies(obj) {
-			if policy == common.HookDeletePolicyHookFailed && aggregatedHealth == health.HealthStatusDegraded || policy == common.HookDeletePolicyHookSucceeded && aggregatedHealth == health.HealthStatusHealthy {
-				pendingDeletionCount++
-				if obj.GetDeletionTimestamp() != nil {
-					continue
-				}
-				logCtx.Infof("Deleting post-delete hook %s/%s", obj.GetNamespace(), obj.GetName())
-				err = ctrl.kubectl.DeleteResource(context.Background(), config, obj.GroupVersionKind(), obj.GetName(), obj.GetNamespace(), metav1.DeleteOptions{})
-				if err != nil {
-					return false, err
-				}
+			if (policy != common.HookDeletePolicyHookFailed || aggregatedHealth != health.HealthStatusDegraded) && (policy != common.HookDeletePolicyHookSucceeded || aggregatedHealth != health.HealthStatusHealthy) {
+				continue
+			}
+			pendingDeletionCount++
+			if obj.GetDeletionTimestamp() != nil {
+				continue
+			}
+			logCtx.Infof("Deleting post-delete hook %s/%s", obj.GetNamespace(), obj.GetName())
+			err = ctrl.kubectl.DeleteResource(context.Background(), config, obj.GroupVersionKind(), obj.GetName(), obj.GetNamespace(), metav1.DeleteOptions{})
+			if err != nil {
+				return false, err
 			}
 		}
 	}
--- a/controller/metrics/metrics.go
+++ b/controller/metrics/metrics.go
@@ -379,17 +379,18 @@ func (c *appCollector) Collect(ch chan<- prometheus.Metric) {
 		return
 	}
 	for _, app := range apps {
-		if c.appFilter(app) {
-			destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, c.db)
-			if err != nil {
-				log.Warnf("Failed to get destination cluster for application %s: %v", app.Name, err)
-			}
-			destServer := ""
-			if destCluster != nil {
-				destServer = destCluster.Server
-			}
-			c.collectApps(ch, app, destServer)
+		if !c.appFilter(app) {
+			continue
 		}
+		destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, c.db)
+		if err != nil {
+			log.Warnf("Failed to get destination cluster for application %s: %v", app.Name, err)
+		}
+		destServer := ""
+		if destCluster != nil {
+			destServer = destCluster.Server
+		}
+		c.collectApps(ch, app, destServer)
 	}
 }

--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -2747,22 +2747,23 @@ func (w *SyncWindows) inactiveAllows(currentTime time.Time) (*SyncWindows, error
 		var inactive SyncWindows
 		specParser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow)
 		for _, w := range *w {
-			if w.Kind == "allow" {
-				schedule, sErr := specParser.Parse(w.Schedule)
-				if sErr != nil {
-					return nil, fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, sErr)
-				}
-				duration, dErr := time.ParseDuration(w.Duration)
-				if dErr != nil {
-					return nil, fmt.Errorf("cannot parse duration '%s': %w", w.Duration, dErr)
-				}
-				// Offset the nextWindow time to consider the timeZone of the sync window
-				timeZoneOffsetDuration := w.scheduleOffsetByTimeZone()
-				nextWindow := schedule.Next(currentTime.Add(timeZoneOffsetDuration - duration))
+			if w.Kind != "allow" {
+				continue
+			}
+			schedule, sErr := specParser.Parse(w.Schedule)
+			if sErr != nil {
+				return nil, fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, sErr)
+			}
+			duration, dErr := time.ParseDuration(w.Duration)
+			if dErr != nil {
+				return nil, fmt.Errorf("cannot parse duration '%s': %w", w.Duration, dErr)
+			}
+			// Offset the nextWindow time to consider the timeZone of the sync window
+			timeZoneOffsetDuration := w.scheduleOffsetByTimeZone()
+			nextWindow := schedule.Next(currentTime.Add(timeZoneOffsetDuration - duration))

-				if !nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)) {
-					inactive = append(inactive, w)
-				}
+			if !nextWindow.Before(currentTime.Add(timeZoneOffsetDuration)) {
+				inactive = append(inactive, w)
 			}
 		}
 		if len(inactive) > 0 {
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -546,34 +546,35 @@ func resolveReferencedSources(hasMultipleSources bool, source *v1alpha1.Applicat
 	refCandidates := append(source.ValueFiles, refFileParams...)

 	for _, valueFile := range refCandidates {
-		if strings.HasPrefix(valueFile, "$") {
-			refVar := strings.Split(valueFile, "/")[0]
+		if !strings.HasPrefix(valueFile, "$") {
+			continue
+		}
+		refVar := strings.Split(valueFile, "/")[0]

-			refSourceMapping, ok := refSources[refVar]
-			if !ok {
-				if len(refSources) == 0 {
-					return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar)
-				}
-				refKeys := make([]string, 0)
-				for refKey := range refSources {
-					refKeys = append(refKeys, refKey)
-				}
-				return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", "))
+		refSourceMapping, ok := refSources[refVar]
+		if !ok {
+			if len(refSources) == 0 {
+				return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar)
 			}
-			if refSourceMapping.Chart != "" {
-				return nil, errors.New("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources")
+			refKeys := make([]string, 0)
+			for refKey := range refSources {
+				refKeys = append(refKeys, refKey)
+			}
+			return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", "))
+		}
+		if refSourceMapping.Chart != "" {
+			return nil, errors.New("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources")
+		}
+		normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo)
+		_, ok = repoRefs[normalizedRepoURL]
+		if !ok {
+			_, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision, gitClientOpts)
+			if err != nil {
+				log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err)
+				return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo)
 			}
-			normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo)
-			_, ok = repoRefs[normalizedRepoURL]
-			if !ok {
-				_, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision, gitClientOpts)
-				if err != nil {
-					log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err)
-					return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo)
-				}

-				repoRefs[normalizedRepoURL] = referencedCommitSHA
-			}
+			repoRefs[normalizedRepoURL] = referencedCommitSHA
 		}
 	}
 	return repoRefs, nil
@@ -790,81 +791,82 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA,

 				// Checkout every one of the referenced sources to the target revision before generating Manifests
 				for _, valueFile := range refCandidates {
-					if strings.HasPrefix(valueFile, "$") {
-						refVar := strings.Split(valueFile, "/")[0]
+					if !strings.HasPrefix(valueFile, "$") {
+						continue
+					}
+					refVar := strings.Split(valueFile, "/")[0]

-						refSourceMapping, ok := q.RefSources[refVar]
-						if !ok {
-							if len(q.RefSources) == 0 {
-								ch.errCh <- fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar)
-							}
-							refKeys := make([]string, 0)
-							for refKey := range q.RefSources {
-								refKeys = append(refKeys, refKey)
-							}
-							ch.errCh <- fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", "))
+					refSourceMapping, ok := q.RefSources[refVar]
+					if !ok {
+						if len(q.RefSources) == 0 {
+							ch.errCh <- fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar)
+						}
+						refKeys := make([]string, 0)
+						for refKey := range q.RefSources {
+							refKeys = append(refKeys, refKey)
+						}
+						ch.errCh <- fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", "))
+						return
+					}
+					if refSourceMapping.Chart != "" {
+						ch.errCh <- errors.New("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources")
+						return
+					}
+					normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo)
+					closer, ok := repoRefs[normalizedRepoURL]
+					if ok {
+						if closer.revision != refSourceMapping.TargetRevision {
+							ch.errCh <- fmt.Errorf("cannot reference multiple revisions for the same repository (%s references %q while %s references %q)", refVar, refSourceMapping.TargetRevision, closer.key, closer.revision)
 							return
 						}
-						if refSourceMapping.Chart != "" {
-							ch.errCh <- errors.New("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources")
+					} else {
+						gitClient, referencedCommitSHA, err := s.newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision, git.WithCache(s.cache, !q.NoRevisionCache && !q.NoCache))
+						if err != nil {
+							log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err)
+							ch.errCh <- fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo)
 							return
 						}
-						normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo)
-						closer, ok := repoRefs[normalizedRepoURL]
-						if ok {
-							if closer.revision != refSourceMapping.TargetRevision {
-								ch.errCh <- fmt.Errorf("cannot reference multiple revisions for the same repository (%s references %q while %s references %q)", refVar, refSourceMapping.TargetRevision, closer.key, closer.revision)
-								return
-							}
-						} else {
-							gitClient, referencedCommitSHA, err := s.newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision, git.WithCache(s.cache, !q.NoRevisionCache && !q.NoCache))
-							if err != nil {
-								log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err)
-								ch.errCh <- fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo)
-								return
-							}

-							if git.NormalizeGitURL(q.ApplicationSource.RepoURL) == normalizedRepoURL && commitSHA != referencedCommitSHA {
-								ch.errCh <- fmt.Errorf("cannot reference a different revision of the same repository (%s references %q which resolves to %q while the application references %q which resolves to %q)", refVar, refSourceMapping.TargetRevision, referencedCommitSHA, q.Revision, commitSHA)
-								return
-							}
-							closer, err := s.repoLock.Lock(gitClient.Root(), referencedCommitSHA, true, func() (goio.Closer, error) {
-								return s.checkoutRevision(gitClient, referencedCommitSHA, s.initConstants.SubmoduleEnabled)
-							})
+						if git.NormalizeGitURL(q.ApplicationSource.RepoURL) == normalizedRepoURL && commitSHA != referencedCommitSHA {
+							ch.errCh <- fmt.Errorf("cannot reference a different revision of the same repository (%s references %q which resolves to %q while the application references %q which resolves to %q)", refVar, refSourceMapping.TargetRevision, referencedCommitSHA, q.Revision, commitSHA)
+							return
+						}
+						closer, err := s.repoLock.Lock(gitClient.Root(), referencedCommitSHA, true, func() (goio.Closer, error) {
+							return s.checkoutRevision(gitClient, referencedCommitSHA, s.initConstants.SubmoduleEnabled)
+						})
+						if err != nil {
+							log.Errorf("failed to acquire lock for referenced source %s", normalizedRepoURL)
+							ch.errCh <- err
+							return
+						}
+						defer func(closer goio.Closer) {
+							err := closer.Close()
 							if err != nil {
-								log.Errorf("failed to acquire lock for referenced source %s", normalizedRepoURL)
+								log.Errorf("Failed to release repo lock: %v", err)
+							}
+						}(closer)
+
+						// Symlink check must happen after acquiring lock.
+						if !s.initConstants.AllowOutOfBoundsSymlinks {
+							err := apppathutil.CheckOutOfBoundsSymlinks(gitClient.Root())
+							if err != nil {
+								oobError := &apppathutil.OutOfBoundsSymlinkError{}
+								if errors.As(err, &oobError) {
+									log.WithFields(log.Fields{
+										common.SecurityField: common.SecurityHigh,
+										"repo":               refSourceMapping.Repo,
+										"revision":           refSourceMapping.TargetRevision,
+										"file":               oobError.File,
+									}).Warn("repository contains out-of-bounds symlink")
+									ch.errCh <- fmt.Errorf("repository contains out-of-bounds symlinks. file: %s", oobError.File)
+									return
+								}
 								ch.errCh <- err
 								return
 							}
-							defer func(closer goio.Closer) {
-								err := closer.Close()
-								if err != nil {
-									log.Errorf("Failed to release repo lock: %v", err)
-								}
-							}(closer)
-
-							// Symlink check must happen after acquiring lock.
-							if !s.initConstants.AllowOutOfBoundsSymlinks {
-								err := apppathutil.CheckOutOfBoundsSymlinks(gitClient.Root())
-								if err != nil {
-									oobError := &apppathutil.OutOfBoundsSymlinkError{}
-									if errors.As(err, &oobError) {
-										log.WithFields(log.Fields{
-											common.SecurityField: common.SecurityHigh,
-											"repo":               refSourceMapping.Repo,
-											"revision":           refSourceMapping.TargetRevision,
-											"file":               oobError.File,
-										}).Warn("repository contains out-of-bounds symlink")
-										ch.errCh <- fmt.Errorf("repository contains out-of-bounds symlinks. file: %s", oobError.File)
-										return
-									}
-									ch.errCh <- err
-									return
-								}
-							}
-
-							repoRefs[normalizedRepoURL] = repoRef{revision: refSourceMapping.TargetRevision, commitSHA: referencedCommitSHA, key: refVar}
 						}
+
+						repoRefs[normalizedRepoURL] = repoRef{revision: refSourceMapping.TargetRevision, commitSHA: referencedCommitSHA, key: refVar}
 					}
 				}
 			}
@@ -1067,9 +1069,12 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC
 				// finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname
 				// see https://github.com/argoproj/argo-cd/issues/14636
 				for _, cred := range repositories {
+					if _, err = url.Parse("oci://" + dep.Repo); err != nil {
+						continue
+					}
 					// if the repo is OCI, don't match the repository URL exactly, but only as a dependent repository prefix just like in the getRepoCredential function
 					// see https://github.com/argoproj/argo-cd/issues/12436
-					if _, err := url.Parse("oci://" + dep.Repo); err == nil && (cred.EnableOCI && (strings.HasPrefix(dep.Repo, cred.Repo) || strings.HasPrefix(cred.Repo, dep.Repo)) || (cred.Type == "oci" && (strings.HasPrefix("oci://"+dep.Repo, cred.Repo) || strings.HasPrefix(cred.Repo, "oci://"+dep.Repo)))) {
+					if cred.EnableOCI && (strings.HasPrefix(dep.Repo, cred.Repo) || strings.HasPrefix(cred.Repo, dep.Repo)) || (cred.Type == "oci" && (strings.HasPrefix("oci://"+dep.Repo, cred.Repo) || strings.HasPrefix(cred.Repo, "oci://"+dep.Repo))) {
 						repo.Username = cred.Username
 						repo.Password = cred.Password
 						repo.UseAzureWorkloadIdentity = cred.UseAzureWorkloadIdentity
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -484,35 +484,37 @@ func GetRefSources(ctx context.Context, sources argoappv1.ApplicationSources, pr
 		// Validate first to avoid unnecessary DB calls.
 		refKeys := make(map[string]bool)
 		for _, source := range sources {
-			if source.Ref != "" {
-				isValidRefKey := regexp.MustCompile(`^[a-zA-Z0-9_-]+$`).MatchString
-				if !isValidRefKey(source.Ref) {
-					return nil, fmt.Errorf("sources.ref %s cannot contain any special characters except '_' and '-'", source.Ref)
-				}
-				refKey := "$" + source.Ref
-				if _, ok := refKeys[refKey]; ok {
-					return nil, errors.New("invalid sources: multiple sources had the same `ref` key")
-				}
-				refKeys[refKey] = true
+			if source.Ref == "" {
+				continue
 			}
+			isValidRefKey := regexp.MustCompile(`^[a-zA-Z0-9_-]+$`).MatchString
+			if !isValidRefKey(source.Ref) {
+				return nil, fmt.Errorf("sources.ref %s cannot contain any special characters except '_' and '-'", source.Ref)
+			}
+			refKey := "$" + source.Ref
+			if _, ok := refKeys[refKey]; ok {
+				return nil, errors.New("invalid sources: multiple sources had the same `ref` key")
+			}
+			refKeys[refKey] = true
 		}
 		// Get Repositories for all sources before generating Manifests
 		for i, source := range sources {
-			if source.Ref != "" {
-				repo, err := getRepository(ctx, source.RepoURL, project)
-				if err != nil {
-					return nil, fmt.Errorf("failed to get repository %s: %w", source.RepoURL, err)
-				}
-				refKey := "$" + source.Ref
-				revision := source.TargetRevision
-				if isRollback {
-					revision = revisions[i]
-				}
-				refSources[refKey] = &argoappv1.RefTarget{
-					Repo:           *repo,
-					TargetRevision: revision,
-					Chart:          source.Chart,
-				}
+			if source.Ref == "" {
+				continue
+			}
+			repo, err := getRepository(ctx, source.RepoURL, project)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get repository %s: %w", source.RepoURL, err)
+			}
+			refKey := "$" + source.Ref
+			revision := source.TargetRevision
+			if isRollback {
+				revision = revisions[i]
+			}
+			refSources[refKey] = &argoappv1.RefTarget{
+				Repo:           *repo,
+				TargetRevision: revision,
+				Chart:          source.Chart,
 			}
 		}
 	}
--- a/util/gpg/gpg.go
+++ b/util/gpg/gpg.go
@@ -497,61 +497,62 @@ func GetInstalledPGPKeys(kids []string) ([]*appsv1.GnuPGPublicKey, error) {
 	scanner := bufio.NewScanner(strings.NewReader(out))
 	var curKey *appsv1.GnuPGPublicKey
 	for scanner.Scan() {
-		if strings.HasPrefix(scanner.Text(), "pub ") {
-			// This is the beginning of a new key, time to store the previously parsed one in our list and start fresh.
-			if curKey != nil {
-				keys = append(keys, curKey)
-				curKey = nil
-			}
-
-			key := appsv1.GnuPGPublicKey{}
-
-			// Second field in pub output denotes key sub type (cipher and length)
-			token := subTypeMatch.FindStringSubmatch(scanner.Text())
-			if len(token) != 2 {
-				return nil, fmt.Errorf("invalid line: %s (len=%d)", scanner.Text(), len(token))
-			}
-			key.SubType = token[1]
-
-			// Next line should be the key ID, no prefix
-			if !scanner.Scan() {
-				return nil, errors.New("invalid output from gpg, end of text after primary key")
-			}
-
-			token = keyIdMatch.FindStringSubmatch(scanner.Text())
-			if len(token) != 2 {
-				return nil, errors.New("invalid output from gpg, no key ID for primary key")
-			}
-
-			key.Fingerprint = token[1]
-			// KeyID is just the last bytes of the fingerprint
-			key.KeyID = token[1][24:]
-
-			if curKey == nil {
-				curKey = &key
-			}
-
-			// Next line should be UID
-			if !scanner.Scan() {
-				return nil, errors.New("invalid output from gpg, end of text after key ID")
-			}
-
-			if !strings.HasPrefix(scanner.Text(), "uid ") {
-				return nil, errors.New("invalid output from gpg, no identity for primary key")
-			}
-
-			token = uidMatch.FindStringSubmatch(scanner.Text())
-
-			if len(token) < 3 {
-				return nil, fmt.Errorf("malformed identity line: %s (len=%d)", scanner.Text(), len(token))
-			}
-
-			// Store trust level
-			key.Trust = token[1]
-
-			// Identity - we are only interested in the first uid
-			key.Owner = token[2]
+		if !strings.HasPrefix(scanner.Text(), "pub ") {
+			continue
 		}
+		// This is the beginning of a new key, time to store the previously parsed one in our list and start fresh.
+		if curKey != nil {
+			keys = append(keys, curKey)
+			curKey = nil
+		}
+
+		key := appsv1.GnuPGPublicKey{}
+
+		// Second field in pub output denotes key sub type (cipher and length)
+		token := subTypeMatch.FindStringSubmatch(scanner.Text())
+		if len(token) != 2 {
+			return nil, fmt.Errorf("invalid line: %s (len=%d)", scanner.Text(), len(token))
+		}
+		key.SubType = token[1]
+
+		// Next line should be the key ID, no prefix
+		if !scanner.Scan() {
+			return nil, errors.New("invalid output from gpg, end of text after primary key")
+		}
+
+		token = keyIdMatch.FindStringSubmatch(scanner.Text())
+		if len(token) != 2 {
+			return nil, errors.New("invalid output from gpg, no key ID for primary key")
+		}
+
+		key.Fingerprint = token[1]
+		// KeyID is just the last bytes of the fingerprint
+		key.KeyID = token[1][24:]
+
+		if curKey == nil {
+			curKey = &key
+		}
+
+		// Next line should be UID
+		if !scanner.Scan() {
+			return nil, errors.New("invalid output from gpg, end of text after key ID")
+		}
+
+		if !strings.HasPrefix(scanner.Text(), "uid ") {
+			return nil, errors.New("invalid output from gpg, no identity for primary key")
+		}
+
+		token = uidMatch.FindStringSubmatch(scanner.Text())
+
+		if len(token) < 3 {
+			return nil, fmt.Errorf("malformed identity line: %s (len=%d)", scanner.Text(), len(token))
+		}
+
+		// Store trust level
+		key.Trust = token[1]
+
+		// Identity - we are only interested in the first uid
+		key.Owner = token[2]
 	}

 	// Also store the last processed key into our list to be returned
@@ -724,23 +725,24 @@ func SyncKeyRingFromDirectory(basePath string) ([]string, []string, error) {

 	// First, add all keys that are found in the configuration but are not yet in the keyring
 	for key := range configured {
-		if _, ok := installed[key]; !ok {
-			addedKey, err := ImportPGPKeys(path.Join(basePath, key))
-			if err != nil {
-				return nil, nil, fmt.Errorf("error import PGP keys: %w", err)
-			}
-			if len(addedKey) != 1 {
-				return nil, nil, fmt.Errorf("invalid key found in %s", path.Join(basePath, key))
-			}
-			importedKey, err := GetInstalledPGPKeys([]string{addedKey[0].KeyID})
-			if err != nil {
-				return nil, nil, fmt.Errorf("error get installed PGP keys: %w", err)
-			} else if len(importedKey) != 1 {
-				return nil, nil, fmt.Errorf("could not get details of imported key ID %s", importedKey)
-			}
-			newKeys = append(newKeys, key)
-			fingerprints = append(fingerprints, importedKey[0].Fingerprint)
+		if _, ok := installed[key]; ok {
+			continue
 		}
+		addedKey, err := ImportPGPKeys(path.Join(basePath, key))
+		if err != nil {
+			return nil, nil, fmt.Errorf("error import PGP keys: %w", err)
+		}
+		if len(addedKey) != 1 {
+			return nil, nil, fmt.Errorf("invalid key found in %s", path.Join(basePath, key))
+		}
+		importedKey, err := GetInstalledPGPKeys([]string{addedKey[0].KeyID})
+		if err != nil {
+			return nil, nil, fmt.Errorf("error get installed PGP keys: %w", err)
+		} else if len(importedKey) != 1 {
+			return nil, nil, fmt.Errorf("could not get details of imported key ID %s", importedKey)
+		}
+		newKeys = append(newKeys, key)
+		fingerprints = append(fingerprints, importedKey[0].Fingerprint)
 	}

 	// Delete all keys from the keyring that are not found in the configuration anymore.
--- a/util/helm/helm_test.go
+++ b/util/helm/helm_test.go
@@ -42,14 +42,15 @@ func TestHelmTemplateParams(t *testing.T) {
 	assert.Len(t, objs, 5)

 	for _, obj := range objs {
-		if obj.GetKind() == "Service" && obj.GetName() == "test-minio" {
-			var svc corev1.Service
-			err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, &svc)
-			require.NoError(t, err)
-			assert.Equal(t, corev1.ServiceTypeLoadBalancer, svc.Spec.Type)
-			assert.Equal(t, int32(1234), svc.Spec.Ports[0].TargetPort.IntVal)
-			assert.Equal(t, "true", svc.Annotations["prometheus.io/scrape"])
+		if obj.GetKind() != "Service" || obj.GetName() != "test-minio" {
+			continue
 		}
+		var svc corev1.Service
+		err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, &svc)
+		require.NoError(t, err)
+		assert.Equal(t, corev1.ServiceTypeLoadBalancer, svc.Spec.Type)
+		assert.Equal(t, int32(1234), svc.Spec.Ports[0].TargetPort.IntVal)
+		assert.Equal(t, "true", svc.Annotations["prometheus.io/scrape"])
 	}
 }

--- a/util/localconfig/localconfig.go
+++ b/util/localconfig/localconfig.go
@@ -136,21 +136,22 @@ func (l *LocalConfig) ResolveContext(name string) (*Context, error) {
 		name = l.CurrentContext
 	}
 	for _, ctx := range l.Contexts {
-		if ctx.Name == name {
-			server, err := l.GetServer(ctx.Server)
-			if err != nil {
-				return nil, err
-			}
-			user, err := l.GetUser(ctx.User)
-			if err != nil {
-				return nil, err
-			}
-			return &Context{
-				Name:   ctx.Name,
-				Server: *server,
-				User:   *user,
-			}, nil
+		if ctx.Name != name {
+			continue
 		}
+		server, err := l.GetServer(ctx.Server)
+		if err != nil {
+			return nil, err
+		}
+		user, err := l.GetUser(ctx.User)
+		if err != nil {
+			return nil, err
+		}
+		return &Context{
+			Name:   ctx.Name,
+			Server: *server,
+			User:   *user,
+		}, nil
 	}
 	return nil, fmt.Errorf("Context '%s' undefined", name)
 }
--- a/util/notification/settings/legacy.go
+++ b/util/notification/settings/legacy.go
@@ -203,20 +203,21 @@ func GetLegacyDestinations(annotations map[string]string, defaultTriggers []stri
 		}

 		for _, recipient := range text.SplitRemoveEmpty(v, ",") {
-			if recipient = strings.TrimSpace(recipient); recipient != "" {
-				parts := strings.Split(recipient, ":")
-				dest := services.Destination{Service: parts[0]}
-				if len(parts) > 1 {
-					dest.Recipient = parts[1]
-				}
+			if recipient = strings.TrimSpace(recipient); recipient == "" {
+				continue
+			}
+			parts := strings.Split(recipient, ":")
+			dest := services.Destination{Service: parts[0]}
+			if len(parts) > 1 {
+				dest.Recipient = parts[1]
+			}

-				t := triggerNames
-				if v, ok := serviceDefaultTriggers[dest.Service]; ok {
-					t = v
-				}
-				for _, name := range t {
-					dests[name] = append(dests[name], dest)
-				}
+			t := triggerNames
+			if v, ok := serviceDefaultTriggers[dest.Service]; ok {
+				t = v
+			}
+			for _, name := range t {
+				dests[name] = append(dests[name], dest)
 			}
 		}
 	}