fix: include Depth field in Repository.Sanitized() response (#26572)

Signed-off-by: Harshil Garg <harshil562@users.noreply.github.com>

pkg/apis/application/v1alpha1/repository_types.go

@@ -362,6 +362,7 @@ func (repo *Repository) Sanitized() *Repository {
 		GithubAppInstallationId:    repo.GithubAppInstallationId,
 		GitHubAppEnterpriseBaseURL: repo.GitHubAppEnterpriseBaseURL,
 		UseAzureWorkloadIdentity:   repo.UseAzureWorkloadIdentity,
+		Depth:                      repo.Depth,
 	}
 }
 

pkg/apis/application/v1alpha1/repository_types_test.go

@@ -128,6 +128,76 @@ func TestGetGitCreds_GitHubApp_InstallationNotFound(t *testing.T) {
 	assert.Contains(t, err.Error(), "ID: 123")
 }
 
+func TestSanitizedRepository(t *testing.T) {
+	repo := &Repository{
+		Repo:                       "https://github.com/argoproj/argo-cd.git",
+		Type:                       "git",
+		Name:                       "argo-cd",
+		Username:                   "admin",
+		Password:                   "super-secret-password",
+		SSHPrivateKey:              "-----BEGIN RSA PRIVATE KEY-----",
+		BearerToken:                "eyJhbGciOiJIUzI1NiJ9",
+		TLSClientCertData:          "cert-data",
+		TLSClientCertKey:           "cert-key",
+		GCPServiceAccountKey:       "gcp-key",
+		GithubAppPrivateKey:        "github-app-key",
+		Insecure:                   true,
+		EnableLFS:                  true,
+		EnableOCI:                  true,
+		Proxy:                      "http://proxy:8080",
+		NoProxy:                    "localhost",
+		Project:                    "default",
+		ForceHttpBasicAuth:         true,
+		InheritedCreds:             true,
+		GithubAppId:                12345,
+		GithubAppInstallationId:    67890,
+		GitHubAppEnterpriseBaseURL: "https://ghe.example.com/api/v3",
+		UseAzureWorkloadIdentity:   true,
+		Depth:                      1,
+	}
+
+	sanitized := repo.Sanitized()
+
+	// Non-sensitive fields must be preserved
+	assert.Equal(t, repo.Repo, sanitized.Repo)
+	assert.Equal(t, repo.Type, sanitized.Type)
+	assert.Equal(t, repo.Name, sanitized.Name)
+	assert.True(t, sanitized.Insecure)
+	assert.Equal(t, repo.EnableLFS, sanitized.EnableLFS)
+	assert.Equal(t, repo.EnableOCI, sanitized.EnableOCI)
+	assert.Equal(t, repo.Proxy, sanitized.Proxy)
+	assert.Equal(t, repo.NoProxy, sanitized.NoProxy)
+	assert.Equal(t, repo.Project, sanitized.Project)
+	assert.Equal(t, repo.ForceHttpBasicAuth, sanitized.ForceHttpBasicAuth)
+	assert.Equal(t, repo.InheritedCreds, sanitized.InheritedCreds)
+	assert.Equal(t, repo.GithubAppId, sanitized.GithubAppId)
+	assert.Equal(t, repo.GithubAppInstallationId, sanitized.GithubAppInstallationId)
+	assert.Equal(t, repo.GitHubAppEnterpriseBaseURL, sanitized.GitHubAppEnterpriseBaseURL)
+	assert.Equal(t, repo.UseAzureWorkloadIdentity, sanitized.UseAzureWorkloadIdentity)
+	assert.Equal(t, repo.Depth, sanitized.Depth)
+
+	// Sensitive fields must be stripped
+	assert.Empty(t, sanitized.Username)
+	assert.Empty(t, sanitized.Password)
+	assert.Empty(t, sanitized.SSHPrivateKey)
+	assert.Empty(t, sanitized.BearerToken)
+	assert.Empty(t, sanitized.TLSClientCertData)
+	assert.Empty(t, sanitized.TLSClientCertKey)
+	assert.Empty(t, sanitized.GCPServiceAccountKey)
+	assert.Empty(t, sanitized.GithubAppPrivateKey)
+}
+
+func TestSanitizedRepositoryPreservesDepthZero(t *testing.T) {
+	// Depth of 0 means full clone; verify it's preserved (zero value)
+	repo := &Repository{
+		Repo:  "https://github.com/argoproj/argo-cd.git",
+		Depth: 0,
+	}
+
+	sanitized := repo.Sanitized()
+	assert.Equal(t, int64(0), sanitized.Depth)
+}
+
 func TestGetGitCreds_GitHubApp_OrgExtractionFails(t *testing.T) {
 	// This test verifies that when the organization cannot be extracted from the repo URL,
 	// the credentials are still created but will provide a clear error when used.