Skip to content

Commit

Permalink
Add vulnerability_alerts attribute for repositories (#444)
Browse files Browse the repository at this point in the history
* Add vulnerability_alerts attribute for repositories

* Check change of vulnerability alerts only if new resource

* No default value for vulnerability alerts

* Remove redundant test code

* Update website on repository vulnerability alerts

* Add newline

* Update website/docs/r/repository.html.markdown

Co-authored-by: Jeremy Udit <[email protected]>
  • Loading branch information
jtsaito and Jeremy Udit authored Sep 18, 2020
1 parent fda286e commit a4eb4fa
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 0 deletions.
42 changes: 42 additions & 0 deletions github/resource_github_repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,10 @@ func resourceGithubRepository() *schema.Resource {
ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[a-z0-9][a-z0-9-]*$`), "must include only lowercase alphanumeric characters or hyphens and cannot start with a hyphen"),
},
},
"vulnerability_alerts": {
Type: schema.TypeBool,
Optional: true,
},

"full_name": {
Type: schema.TypeString,
Expand Down Expand Up @@ -284,6 +288,26 @@ func resourceGithubRepositoryCreate(d *schema.ResourceData, meta interface{}) er
}
}

var alerts, private bool
if a, ok := d.GetOk("vulnerability_alerts"); ok {
alerts = a.(bool)
}
if p, ok := d.GetOk("private"); ok {
private = p.(bool)
}
var createVulnerabilityAlerts func(context.Context, string, string) (*github.Response, error)
if private && alerts {
createVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
} else if !private && !alerts {
createVulnerabilityAlerts = client.Repositories.DisableVulnerabilityAlerts
}
if createVulnerabilityAlerts != nil {
_, err = createVulnerabilityAlerts(ctx, orgName, repoName)
if err != nil {
return err
}
}

return resourceGithubRepositoryUpdate(d, meta)
}

Expand Down Expand Up @@ -352,6 +376,12 @@ func resourceGithubRepositoryRead(d *schema.ResourceData, meta interface{}) erro
d.Set("template", []interface{}{})
}

vulnerabilityAlerts, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName)
if err != nil {
return fmt.Errorf("Error reading repository vulnerability alerts: %v", err)
}
d.Set("vulnerability_alerts", vulnerabilityAlerts)

return nil
}

Expand Down Expand Up @@ -410,6 +440,18 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er
}
}

if !d.IsNewResource() && d.HasChange("vulnerability_alerts") {
updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts
if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) {
updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
}

_, err = updateVulnerabilityAlerts(ctx, orgName, repoName)
if err != nil {
return err
}
}

return resourceGithubRepositoryRead(d, meta)
}

Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/repository.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ initial repository creation and create the target branch inside of the repositor

* `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details.

* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details.

### Template Repositories

`template` supports the following arguments:
Expand Down

0 comments on commit a4eb4fa

Please sign in to comment.