feat: add support for ignore_vulnerability_alerts_during_read

Author: soerenmartius

Diff for: CHANGELOG.md

@@ -12,11 +12,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - BREAKING: update to provider `~> 4.31` for supporting default squash and merge commit titles and messages
 
 ### Added
+
 - Add support for `squash_merge_commit_title`
 - Add support for `squash_merge_commit_message`
 - Add support for `merge_commit_title`
 - Add support for `merge_commit_message`
-
+- Add support for `ignore_vulnerability_alerts_during_read`
 
 ## [0.17.0]
 

Diff for: README.md

@@ -330,6 +330,10 @@ See [variables.tf] and [examples/] for details and use-cases.
   Set to `false` to disable security alerts for vulnerable dependencies.
   Enabling requires alerts to be enabled on the owner level.
 
+- [**`ignore_vulnerability_alerts_during_read`**](#var-ignore_vulnerability_alerts_during_read): *(Optional `bool`)*<a name="var-ignore_vulnerability_alerts_during_read"></a>
+
+  Set to `true` to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+
 - [**`archive_on_destroy`**](#var-archive_on_destroy): *(Optional `bool`)*<a name="var-archive_on_destroy"></a>
 
   Set to `false` to not archive the repository instead of deleting on destroy.

Diff for: README.tfdoc.hcl

@@ -409,6 +409,13 @@ section {
         END
       }
 
+      variable "ignore_vulnerability_alerts_during_read" {
+        type        = bool
+        description = <<-END
+          Set to `true` to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read.
+        END
+      }
+
       variable "archive_on_destroy" {
         type        = bool
         default     = true

Diff for: main.tf

@@ -11,14 +11,14 @@ locals {
   visibility             = var.visibility == null ? lookup(var.defaults, "visibility", local.private_visibility) : var.visibility
   has_issues             = var.has_issues == null ? lookup(var.defaults, "has_issues", false) : var.has_issues
   has_projects           = var.has_projects == null ? lookup(var.defaults, "has_projects", false) : length(var.projects) > 0 ? true : var.has_projects
+  has_downloads          = var.has_downloads == null ? lookup(var.defaults, "has_downloads", false) : var.has_downloads
   has_wiki               = var.has_wiki == null ? lookup(var.defaults, "has_wiki", false) : var.has_wiki
   allow_merge_commit     = var.allow_merge_commit == null ? lookup(var.defaults, "allow_merge_commit", true) : var.allow_merge_commit
   allow_rebase_merge     = var.allow_rebase_merge == null ? lookup(var.defaults, "allow_rebase_merge", false) : var.allow_rebase_merge
   allow_squash_merge     = var.allow_squash_merge == null ? lookup(var.defaults, "allow_squash_merge", false) : var.allow_squash_merge
   allow_auto_merge       = var.allow_auto_merge == null ? lookup(var.defaults, "allow_auto_merge", false) : var.allow_auto_merge
   delete_branch_on_merge = var.delete_branch_on_merge == null ? lookup(var.defaults, "delete_branch_on_merge", true) : var.delete_branch_on_merge
   is_template            = var.is_template == null ? lookup(var.defaults, "is_template", false) : var.is_template
-  has_downloads          = var.has_downloads == null ? lookup(var.defaults, "has_downloads", false) : var.has_downloads
   auto_init              = var.auto_init == null ? lookup(var.defaults, "auto_init", true) : var.auto_init
   gitignore_template     = var.gitignore_template == null ? lookup(var.defaults, "gitignore_template", "") : var.gitignore_template
   license_template       = var.license_template == null ? lookup(var.defaults, "license_template", "") : var.license_template
@@ -42,7 +42,8 @@ locals {
 
   issue_labels_merge_with_github_labels = local.gh_labels
   # Per default, GitHub activates vulnerability  alerts for public repositories and disables it for private repositories
-  vulnerability_alerts = var.vulnerability_alerts != null ? var.vulnerability_alerts : local.private ? false : true
+  vulnerability_alerts                    = var.vulnerability_alerts != null ? var.vulnerability_alerts : local.private ? false : true
+  ignore_vulnerability_alerts_during_read = var.ignore_vulnerability_alerts_during_read == null ? try(var.defaults.ignore_vulnerability_alerts_during_read, null) : var.ignore_vulnerability_alerts_during_read
 }
 
 locals {

Diff for: variables.tf

@@ -46,7 +46,6 @@ variable "defaults" {
   #   gitignore_template                      = "terraform"
   #   license_template                        = "mit"
   #   default_branch                          = "main"
-  #   branch_protections_v3                   = []
   #   topics                                  = ["topic-1", "topic-2"]
   #   template                                = "terraform-module-template"
   #   vulnerability_alerts                    = true
@@ -56,6 +55,8 @@ variable "defaults" {
   #   squash_merge_commit_message             = "COMMIT_MESSAGES"
   #   merge_commit_title                      = "PR_TITLE"
   #   merge_commit_message                    = "PR_BODY"
+  #   vulnerability_alerts                    = true
+  #   ignore_vulnerability_alerts_during_read = true
   # }
 
   default = {}