diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index b6a496745f..c5eab27fad 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -130,6 +130,10 @@ func resourceGithubRepository() *schema.Resource { ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[a-z0-9][a-z0-9-]*$`), "must include only lowercase alphanumeric characters or hyphens and cannot start with a hyphen"), }, }, + "vulnerability_alerts": { + Type: schema.TypeBool, + Optional: true, + }, "full_name": { Type: schema.TypeString, @@ -284,6 +288,26 @@ func resourceGithubRepositoryCreate(d *schema.ResourceData, meta interface{}) er } } + var alerts, private bool + if a, ok := d.GetOk("vulnerability_alerts"); ok { + alerts = a.(bool) + } + if p, ok := d.GetOk("private"); ok { + private = p.(bool) + } + var createVulnerabilityAlerts func(context.Context, string, string) (*github.Response, error) + if private && alerts { + createVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts + } else if !private && !alerts { + createVulnerabilityAlerts = client.Repositories.DisableVulnerabilityAlerts + } + if createVulnerabilityAlerts != nil { + _, err = createVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return err + } + } + return resourceGithubRepositoryUpdate(d, meta) } @@ -352,6 +376,12 @@ func resourceGithubRepositoryRead(d *schema.ResourceData, meta interface{}) erro d.Set("template", []interface{}{}) } + vulnerabilityAlerts, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return fmt.Errorf("Error reading repository vulnerability alerts: %v", err) + } + d.Set("vulnerability_alerts", vulnerabilityAlerts) + return nil } @@ -410,6 +440,18 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er } } + if !d.IsNewResource() && d.HasChange("vulnerability_alerts") { + updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts + if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) { + updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts + } + + _, err = updateVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return err + } + } + return resourceGithubRepositoryRead(d, meta) } diff --git a/website/docs/r/repository.html.markdown b/website/docs/r/repository.html.markdown index 0b2be1f518..1f9532c3f0 100644 --- a/website/docs/r/repository.html.markdown +++ b/website/docs/r/repository.html.markdown @@ -79,6 +79,8 @@ initial repository creation and create the target branch inside of the repositor * `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. +* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. + ### Template Repositories `template` supports the following arguments: