Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explore setting vulnerability alerts correctly #768

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 4 additions & 22 deletions github/resource_github_repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -369,24 +369,6 @@ func resourceGithubRepositoryCreate(d *schema.ResourceData, meta interface{}) er
}
}

var alerts bool
if a, ok := d.GetOk("vulnerability_alerts"); ok {
alerts = a.(bool)
}

var createVulnerabilityAlerts func(context.Context, string, string) (*github.Response, error)
if isPrivate && alerts {
createVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
} else if !isPrivate && !alerts {
createVulnerabilityAlerts = client.Repositories.DisableVulnerabilityAlerts
}
if createVulnerabilityAlerts != nil {
_, err := createVulnerabilityAlerts(ctx, owner, repoName)
if err != nil {
return err
}
}

pages := expandPages(d.Get("pages").([]interface{}))
if pages != nil {
_, _, err := client.Repositories.EnablePages(ctx, owner, repoName, pages)
Expand Down Expand Up @@ -549,7 +531,7 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er
}
}

if !d.IsNewResource() && d.HasChange("vulnerability_alerts") {
if d.HasChange("vulnerability_alerts") {
updateVulnerabilityAlerts := client.Repositories.DisableVulnerabilityAlerts
if vulnerabilityAlerts, ok := d.GetOk("vulnerability_alerts"); ok && vulnerabilityAlerts.(bool) {
updateVulnerabilityAlerts = client.Repositories.EnableVulnerabilityAlerts
Expand All @@ -564,21 +546,21 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er
if d.HasChange("visibility") {
o, n := d.GetChange("visibility")
repoReq.Visibility = github.String(n.(string))
log.Printf("[DEBUG] <<<<<<<<<<<<< Updating repository visibility from %s to %s", o, n)
log.Printf("[DEBUG] Updating repository visibility from %s to %s", o, n)
_, _, err = client.Repositories.Edit(ctx, owner, repoName, repoReq)
if err != nil {
if !strings.Contains(err.Error(), "422 Visibility is already private") {
return err
}
}
} else {
log.Printf("[DEBUG] <<<<<<<<<< no visibility update required. visibility: %s", d.Get("visibility"))
log.Printf("[DEBUG] No visibility update required. visibility: %s", d.Get("visibility"))
}

if d.HasChange("private") {
o, n := d.GetChange("private")
repoReq.Private = github.Bool(n.(bool))
log.Printf("[DEBUG] <<<<<<<<<<<<< Updating repository privacy from %v to %v", o, n)
log.Printf("[DEBUG] Updating repository privacy from %v to %v", o, n)
_, _, err = client.Repositories.Edit(ctx, owner, repoName, repoReq)
if err != nil {
if !strings.Contains(err.Error(), "422 Privacy is already set") {
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/repository.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ initial repository creation and create the target branch inside of the repositor

* `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details.

* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details.
* `vulnerability_alerts` (Optional) - Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See [GitHub Documentation](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have been unable to set vulnerability alerts successfully in multiple GitHub Enterprise instances. I've updated the docs to say so with the following wording:

Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings.

I'm happy to change the wording as desired!


### GitHub Pages Configuration

Expand Down