Skip to content

[BUG]: security_and_analysis in repository requires optional values to be set #3177

@yamatt

Description

@yamatt

Expected Behavior

When using the security_and_analysis block in github_repository we only specify code_security block as status = "enabled". Other values secret_scanningandsecret_scanning_push_protection` we do not define. These are optional in the docs.

We use a module. This is a partial:

  security_and_analysis {
    code_security {
      status = var.code_scanning # set to "enabled" but can be over-ridden.
    }
  }

This should not cause any problems.

Actual Behavior

We're currently getting this for the plan:

  # module.repository_auth0_config.github_repository.repository will be updated in-place
  ~ resource "github_repository" "repository" {
        id                          = "auth0-config"
        name                        = "auth0-config"
        # (40 unchanged attributes hidden)

      ~ security_and_analysis {
          + code_security {
              + status = "enabled"
            }
          - secret_scanning {
              - status = "disabled" -> null
            }
          - secret_scanning_push_protection {
              - status = "disabled" -> null
            }
        }
    }

Meaning the Terraform is seeing the value is defined and is trying to undefine it.

I suspect this might be a change in GitHub and possibly a bug in GitHub as well, but it's hard to say for certain.

Terraform Version

These are running in a pipeline so I don't have easy access to finding the version, but I've pulled these out of the code.

They're not super recent, but I checked the changes and I can't see anything related to security_and_analysis.

1.14.0

    github = {
      source  = "integrations/github"
      version = ">= 6.9.1"
    }

Affected Resource(s)

  • github_repository

Terraform Configuration Files

Steps to Reproduce

$ terraform plan

Debug Output

Panic Output

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions