Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Add support for branch protection required_status_check 'checks' object #1212

Closed
david-bain opened this issue Jul 4, 2022 · 4 comments
Labels
Status: Stale Used by stalebot to clean house

Comments

@david-bain
Copy link
Contributor

Github has updated protected branches to include an app_id along with the status_check context as a new object named checks. This has depreciated context at the higher level and is required to be able to set the source of a required status check.
Is it possible to get an update to the branch_protection resource and utils to add support for this in the graphQL call?

I believe we could make the app_id optional as it is currently optional on the REST API call, and therefore could come in as a minor update.

@ardakuyumcu
Copy link

I took a stab at implementing this locally, but there are some decisions to be made around how to implement this new field in the state file. Below are my notes:

  • The GitHub API does not allow you to pass both the contexts field and the checks field together in an update API call, you have to pass only one of the two.
Error: PUT https://api.github.com/repos/ardakuyumcuorg/tf-acc-test-6emb0/branches/main/protection: 422 Invalid request.

        No subschema in "anyOf" matched.
        More than one subschema in "oneOf" matched.
        Not all subschemas of "allOf" matched.
        For 'anyOf/1', {"strict"=>true, "contexts"=>["github/foo", "github/bar"], "checks"=>[{"context"=>"github/foo"}, {"context"=>"github/bar", "app_id"=>-1}]} is not a null. []
  • Even if you set only the checks field in the Terraform resource definition, when reading back the resource from GitHub both the contexts field and the checks field are populated, as they are the same from GitHub's perspective. This causes issues with the terraform plan output when you try to apply the same resource definition twice:
➜  ~ curl -L -H "Authorization: token $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/ardakuyumcuorg/tf-acc-test-oqozw/branches/main/protection
...
  "required_status_checks": {
    "url": "https://api.github.com/repos/ardakuyumcuorg/tf-acc-test-oqozw/branches/main/protection/required_status_checks",
    "strict": true,
    "contexts": [
      "github/foo"
    ],
    "contexts_url": "https://api.github.com/repos/ardakuyumcuorg/tf-acc-test-oqozw/branches/main/protection/required_status_checks/contexts",
    "checks": [
      {
        "context": "github/foo",
        "app_id": null
      }
    ]
  },
...
  • The app_id field of the checks object is optional. However, there are special cases to handle here:
    • If you omit the app_id, the default behavior is to require the check from the last GitHub App which set the context on a commit in that repository. If that context was never set by any app before, the default behavior is to require it from any source, e.g. app_id = null from GitHub's perspective.
    • If you pass in -1 as the app_id, the behavior is to require it from any source again, e.g. app_id = null from GitHub's perspective.

@luisdavim
Copy link

luisdavim commented Sep 18, 2022

see: #1147, google/go-github#2467 and https://github.com/orgs/community/discussions/24642
The contexts field is deprecated and checks should be used instead.

@JaSiLez
Copy link

JaSiLez commented Sep 20, 2022

Not working in version provider 5.1.0

@github-actions
Copy link

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

@github-actions github-actions bot added the Status: Stale Used by stalebot to clean house label Jun 18, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Status: Stale Used by stalebot to clean house
Projects
None yet
Development

No branches or pull requests

4 participants