Skip to content

Commit 055b0ff

Browse files
deigadeiga
committed
refactor(actions-org-secret): migrate to context-aware CRUD functions
Migrate resource_github_actions_organization_secret.go from legacy CRUD to context-aware CRUD functions (CreateContext, ReadContext, DeleteContext) per Terraform Plugin SDK v2 best practices. Ref: #2996
1 parent f81dd66 commit 055b0ff

1 file changed

Lines changed: 25 additions & 27 deletions

File tree

github/resource_github_actions_organization_secret.go

Lines changed: 25 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -4,22 +4,22 @@ import (
44
"context"
55
"encoding/base64"
66
"errors"
7-
"fmt"
87
"log"
98
"net/http"
109

1110
"github.com/google/go-github/v81/github"
11+
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
1212
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
1313
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
1414
)
1515

1616
func resourceGithubActionsOrganizationSecret() *schema.Resource {
1717
return &schema.Resource{
18-
Create: resourceGithubActionsOrganizationSecretCreateOrUpdate,
19-
Read: resourceGithubActionsOrganizationSecretRead,
20-
Delete: resourceGithubActionsOrganizationSecretDelete,
18+
CreateContext: resourceGithubActionsOrganizationSecretCreateOrUpdate,
19+
ReadContext: resourceGithubActionsOrganizationSecretRead,
20+
DeleteContext: resourceGithubActionsOrganizationSecretDelete,
2121
Importer: &schema.ResourceImporter{
22-
State: func(d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) {
22+
StateContext: func(ctx context.Context, d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) {
2323
if err := d.Set("secret_name", d.Id()); err != nil {
2424
return nil, err
2525
}
@@ -104,10 +104,9 @@ func resourceGithubActionsOrganizationSecret() *schema.Resource {
104104
}
105105
}
106106

107-
func resourceGithubActionsOrganizationSecretCreateOrUpdate(d *schema.ResourceData, meta any) error {
107+
func resourceGithubActionsOrganizationSecretCreateOrUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
108108
client := meta.(*Owner).v3client
109109
owner := meta.(*Owner).name
110-
ctx := context.Background()
111110

112111
secretName := d.Get("secret_name").(string)
113112
plaintextValue := d.Get("plaintext_value").(string)
@@ -117,7 +116,7 @@ func resourceGithubActionsOrganizationSecretCreateOrUpdate(d *schema.ResourceDat
117116
selectedRepositories, hasSelectedRepositories := d.GetOk("selected_repository_ids")
118117

119118
if visibility != "selected" && hasSelectedRepositories {
120-
return fmt.Errorf("cannot use selected_repository_ids without visibility being set to selected")
119+
return diag.Errorf("cannot use selected_repository_ids without visibility being set to selected")
121120
}
122121

123122
selectedRepositoryIDs := []int64{}
@@ -132,15 +131,15 @@ func resourceGithubActionsOrganizationSecretCreateOrUpdate(d *schema.ResourceDat
132131

133132
keyId, publicKey, err := getOrganizationPublicKeyDetails(owner, meta)
134133
if err != nil {
135-
return err
134+
return diag.FromErr(err)
136135
}
137136

138137
if encryptedText, ok := d.GetOk("encrypted_value"); ok {
139138
encryptedValue = encryptedText.(string)
140139
} else {
141140
encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey)
142141
if err != nil {
143-
return err
142+
return diag.FromErr(err)
144143
}
145144
encryptedValue = base64.StdEncoding.EncodeToString(encryptedBytes)
146145
}
@@ -156,17 +155,16 @@ func resourceGithubActionsOrganizationSecretCreateOrUpdate(d *schema.ResourceDat
156155

157156
_, err = client.Actions.CreateOrUpdateOrgSecret(ctx, owner, eSecret)
158157
if err != nil {
159-
return err
158+
return diag.FromErr(err)
160159
}
161160

162161
d.SetId(secretName)
163-
return resourceGithubActionsOrganizationSecretRead(d, meta)
162+
return resourceGithubActionsOrganizationSecretRead(ctx, d, meta)
164163
}
165164

166-
func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta any) error {
165+
func resourceGithubActionsOrganizationSecretRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
167166
client := meta.(*Owner).v3client
168167
owner := meta.(*Owner).name
169-
ctx := context.Background()
170168

171169
secret, _, err := client.Actions.GetOrgSecret(ctx, owner, d.Id())
172170
if err != nil {
@@ -179,14 +177,14 @@ func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta an
179177
return nil
180178
}
181179
}
182-
return err
180+
return diag.FromErr(err)
183181
}
184182

185183
if err = d.Set("created_at", secret.CreatedAt.String()); err != nil {
186-
return err
184+
return diag.FromErr(err)
187185
}
188186
if err = d.Set("visibility", secret.Visibility); err != nil {
189-
return err
187+
return diag.FromErr(err)
190188
}
191189

192190
selectedRepositoryIDs := []int64{}
@@ -198,7 +196,7 @@ func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta an
198196
for {
199197
results, resp, err := client.Actions.ListSelectedReposForOrgSecret(ctx, owner, d.Id(), opt)
200198
if err != nil {
201-
return err
199+
return diag.FromErr(err)
202200
}
203201

204202
for _, repo := range results.Repositories {
@@ -213,7 +211,7 @@ func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta an
213211
}
214212

215213
if err = d.Set("selected_repository_ids", selectedRepositoryIDs); err != nil {
216-
return err
214+
return diag.FromErr(err)
217215
}
218216

219217
// This is a drift detection mechanism based on timestamps.
@@ -241,39 +239,39 @@ func resourceGithubActionsOrganizationSecretRead(d *schema.ResourceData, meta an
241239
// Alternative approach: set sensitive values to empty to trigger update plan
242240
// This tells Terraform that the current state is unknown and needs reconciliation
243241
if err = d.Set("encrypted_value", ""); err != nil {
244-
return err
242+
return diag.FromErr(err)
245243
}
246244
if err = d.Set("plaintext_value", ""); err != nil {
247-
return err
245+
return diag.FromErr(err)
248246
}
249247
log.Printf("[INFO] Detected drift but destroy_on_drift=false, clearing sensitive values to trigger update")
250248
}
251249
} else {
252250
// No drift detected, preserve the configured values in state
253251
if err = d.Set("encrypted_value", d.Get("encrypted_value")); err != nil {
254-
return err
252+
return diag.FromErr(err)
255253
}
256254
if err = d.Set("plaintext_value", d.Get("plaintext_value")); err != nil {
257-
return err
255+
return diag.FromErr(err)
258256
}
259257
}
260258

261259
// Always update the timestamp to prevent repeated drift detection
262260
if err = d.Set("updated_at", secret.UpdatedAt.String()); err != nil {
263-
return err
261+
return diag.FromErr(err)
264262
}
265263

266264
return nil
267265
}
268266

269-
func resourceGithubActionsOrganizationSecretDelete(d *schema.ResourceData, meta any) error {
267+
func resourceGithubActionsOrganizationSecretDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
270268
client := meta.(*Owner).v3client
271269
orgName := meta.(*Owner).name
272-
ctx := context.WithValue(context.Background(), ctxId, d.Id())
270+
ctx = context.WithValue(ctx, ctxId, d.Id())
273271

274272
log.Printf("[INFO] Deleting secret: %s", d.Id())
275273
_, err := client.Actions.DeleteOrgSecret(ctx, orgName, d.Id())
276-
return err
274+
return diag.FromErr(err)
277275
}
278276

279277
func getOrganizationPublicKeyDetails(owner string, meta any) (keyId, pkValue string, err error) {

0 commit comments

Comments
 (0)