@@ -409,6 +409,7 @@ func resourceGithubRepository() *schema.Resource {
409409 "ignore_vulnerability_alerts_during_read" : {
410410 Type : schema .TypeBool ,
411411 Optional : true ,
412+ Default : false ,
412413 Description : "Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read." ,
413414 },
414415 "full_name" : {
@@ -634,7 +635,7 @@ func resourceGithubRepositoryObject(d *schema.ResourceData) *github.Repository {
634635 }
635636
636637 // only configure allow forking if repository is not public
637- if allowForking , ok := d .GetOk ("allow_forking" ); ok && visibility != "public" {
638+ if allowForking , ok := d .GetOkExists ("allow_forking" ); ok && visibility != "public" { //nolint:staticcheck,SA1019 // We sometimes need to use GetOkExists for booleans
638639 if val , ok := allowForking .(bool ); ok {
639640 repository .AllowForking = github .Ptr (val )
640641 }
@@ -773,11 +774,6 @@ func resourceGithubRepositoryCreate(ctx context.Context, d *schema.ResourceData,
773774 }
774775 }
775776
776- err := updateVulnerabilityAlerts (d , client , ctx , owner , repoName )
777- if err != nil {
778- return diag .FromErr (err )
779- }
780-
781777 return resourceGithubRepositoryUpdate (ctx , d , meta )
782778}
783779
@@ -1013,10 +1009,12 @@ func resourceGithubRepositoryUpdate(ctx context.Context, d *schema.ResourceData,
10131009 }
10141010 }
10151011
1016- if d .HasChange ("vulnerability_alerts" ) {
1017- err = updateVulnerabilityAlerts (d , client , ctx , owner , repoName )
1018- if err != nil {
1019- return diag .FromErr (err )
1012+ if v , ok := d .GetOkExists ("vulnerability_alerts" ); ok { //nolint:staticcheck,SA1019 // We sometimes need to use GetOkExists for booleans
1013+ if val , ok := v .(bool ); ok {
1014+ err := updateVulnerabilityAlerts (ctx , client , owner , repoName , val )
1015+ if err != nil {
1016+ return diag .FromErr (err )
1017+ }
10201018 }
10211019 }
10221020
@@ -1240,23 +1238,17 @@ func resourceGithubParseFullName(resourceDataLike interface {
12401238 return parts [0 ], parts [1 ], true
12411239}
12421240
1243- func updateVulnerabilityAlerts (d * schema.ResourceData , client * github.Client , ctx context.Context , owner , repoName string ) error {
1244- updateVulnerabilityAlertsSDK := client .Repositories .DisableVulnerabilityAlerts
1245- vulnerabilityAlerts , ok := d .GetOk ("vulnerability_alerts" )
1241+ func updateVulnerabilityAlerts (ctx context.Context , client * github.Client , owner , repoName string , state bool ) error {
1242+ var err error
12461243
1247- // Only if the vulnerability alerts are specifically set to true, enable them.
1248- // Otherwise, disable them as GitHub defaults to enabled and we have not wanted to introduce a breaking change for this yet.
1249- if ok && vulnerabilityAlerts .( bool ) {
1250- updateVulnerabilityAlertsSDK = client .Repositories .EnableVulnerabilityAlerts
1244+ if state {
1245+ _ , err = client . Repositories . EnableVulnerabilityAlerts ( ctx , owner , repoName )
1246+ } else {
1247+ _ , err = client .Repositories .DisableVulnerabilityAlerts ( ctx , owner , repoName )
12511248 }
1252-
1253- resp , err := updateVulnerabilityAlertsSDK (ctx , owner , repoName )
12541249 if err != nil {
1255- // Check if the error is because an Organization or Enterprise policy is preventing the change
1256- // This is a temporary workaround while we extract Vulnerability Alerts into a separate resource.
1257- if resp .StatusCode == http .StatusUnprocessableEntity && strings .Contains (err .Error (), "An enforced security configuration prevented modifying" ) && ! ok {
1258- return nil
1259- }
1250+ return err
12601251 }
1261- return err
1252+
1253+ return nil
12621254}
0 commit comments