-
Notifications
You must be signed in to change notification settings - Fork 741
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security_and_analysis segment not applying properly #1487
Comments
For anyone else facing this issue - I suspect that some part of my company's GitHub Enterprise configuration conflicts with some changes GitHub made to security scanning behavior last year. I believe this is still an issue that needs to be addressed but I was able to move forward by ignoring changes to security_and_analysis.
|
@halversonea this should be resolved by #1489, which I'll release shortly. Please reopen this issue if it persists after the latest release! |
I'm still getting the same error when trying to make a change in 5.15.0:
Strangely my workaround with the ignore lifecycle that worked once has also stopped working in 5.14.0 and 5.15.0, not sure why it would be inconsistent. Editing to add: |
We also ran into issues on 5.15.0 and our workaround was to declare a dynamic block that states when repo visibility is private, set status for advanced security and if public repo, send nothing. Variables advanced security/secret_scanning/secret_scanning_push_protection are set to enabled by default.
|
@fgeronimo-panther Can you share what settings you're using for public repos? Every combination we've tried has an issue. I thought we had it fixed with that lifecycle rule but that has also failed except for that one initial success. |
@halversonea Have you tried removing the advanced_security block from the security_and_analysis block since the latest update? This works on our end for public repos.
|
I still have this issue: https://github.com/osinfra-io/github-organization-management/actions/runs/4710976433/jobs/8355054613#step:7:131 If I keep running my workflow (plan/apply) a few times it eventually goes through. |
👋 Hey Friends, this issue has been automatically marked as |
I'm still interested in seeing a resolution to this issue. It's a sore spot in an otherwise great TF provider. I think the root cause is that the github_repository resource is just too big and trying to do too much. The provider would be more flexible with less unexpected behavior if the security_and_analysis attribute were factored out and split into a few composable resources. As an example, the aws_security_group resource used to be monolithic. Then the aws_vpc_security_group_egress_rule and aws_vpc_security_group_ingress_rule resources were added to make it composable. Now rules can be modified independently of the security group resource itself. A similar design approach would benefit the |
I believe I've found a bug in the provider registry.terraform.io/integrations/github.
I'm able to create repos successfully with the following code:
But then when I try to update them in any way I get the following error:
So I tried including the following security_and_analysis segment:
But this results in the following error:
So I attempted to force-disable the extra security settings:
But this again gives the following error:
All of these attempts were done fresh with a destroy cleaning up everything before attempting the create again and this is when creating a public repo.
I'm using Terraform v1.3.7 and provider registry.terraform.io/integrations/github v5.14.0 though I was getting the same errors on earlier versions of both terraform and the github provider.
Any suggestions would be greatly appreciated.
The text was updated successfully, but these errors were encountered: