feat(secrets): allow description-only updates and show global secrets

Enables updating secret descriptions without changing the value by making the data field optional during updates. Displays global secrets as read-only in org/user/repo secret pages for visibility. Adds validation to require data only when creating new secrets. Updates locale strings for the new functionality.

models/secret/secret.go

@@ -133,14 +133,28 @@ func (opts FindSecretsOptions) ToConds() builder.Cond {
 	return cond
 }
 
-// UpdateSecret changes org or user reop secret.
+// UpdateSecret changes org or user repo secret.
+// If data is empty, only the description is updated.
 func UpdateSecret(ctx context.Context, secretID int64, data, description string) error {
+	description = util.TruncateRunes(description, SecretDescriptionMaxLength)
+
+	// If data is empty, only update description
+	if data == "" {
+		s := &Secret{
+			Description: description,
+		}
+		affected, err := db.GetEngine(ctx).ID(secretID).Cols("description").Update(s)
+		if affected != 1 && err == nil {
+			return ErrSecretNotFound{}
+		}
+		return err
+	}
+
+	// Update both data and description
 	if len(data) > SecretDataMaxLength {
 		return util.NewInvalidArgumentErrorf("data too long")
 	}
 
-	description = util.TruncateRunes(description, SecretDescriptionMaxLength)
-
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return err
@@ -151,7 +165,7 @@ func UpdateSecret(ctx context.Context, secretID int64, data, description string)
 		Description: description,
 	}
 	affected, err := db.GetEngine(ctx).ID(secretID).Cols("data", "description").Update(s)
-	if affected != 1 {
+	if affected != 1 && err == nil {
 		return ErrSecretNotFound{}
 	}
 	return err