Make review compatible with CCR

Author: robert-crandall

.github/copilot-instructions.md

@@ -0,0 +1,160 @@
+# Copilot Code Review Instructions
+
+These instructions guide Copilot Code Review (CCR) for the
+`integrations/terraform-provider-github` repository. They apply to every
+pull request review. Path-specific guidance lives under `.github/instructions/`.
+
+ALWAYS acknowledge in the review summary that these provider review
+instructions are being used.
+
+## Review Goals
+
+- Find correctness bugs, regressions, and provider behavior changes.
+- Validate schema/state compatibility for Terraform users.
+- Check test coverage (unit and acceptance), docs, and examples.
+- Identify risk around GitHub API usage, permissions, and error handling.
+
+## Terraform Background
+
+Use this background when judging schema, examples, or state changes.
+
+- **Resources vs. data sources.** A `resource` block manages a CRUD lifecycle
+  object. A `data` block only reads existing objects. Both declare a typed
+  schema.
+- **Schema attributes.** Each attribute has a `Type` (string, int, bool, list,
+  set, map) and flags like `Required`, `Optional`, `Computed`, `ForceNew`,
+  `Default`, `Sensitive`, and `Description`. Changing any flag alters
+  user-visible behavior.
+- **State.** Terraform stores last-known attribute values in state. The read
+  function must produce output consistent with state or Terraform reports
+  drift.
+- **Plan and apply.** Bugs in schema or read logic cause perpetual diffs,
+  surprise replacements, or silent data loss.
+- **Imports.** Users adopt existing infrastructure with `terraform import`. The
+  read function must populate full state from just the resource ID.
+
+### Backward Compatibility Rules
+
+- **Safe (minor/patch):** adding new optional attributes with defaults; adding
+  new resources or data sources.
+- **Breaking (major):** removing or renaming attributes; changing `Optional` to
+  `Required`; changing `Type`; adding `ForceNew` to an existing attribute.
+- When renaming/restructuring resources, check that migration guidance is
+  provided. Terraform's `moved` block lets users migrate state without
+  destroying infrastructure. Removing a `moved` block is itself a breaking
+  change.
+
+## Repository-Specific Rules (read carefully)
+
+- **Do not flag** create/update functions that return `nil` instead of calling
+  the read function afterward. This provider intentionally avoids
+  read-after-write to minimize API calls against GitHub's rate limits and to
+  avoid stale reads from eventually-consistent endpoints (see
+  [#2892](https://github.com/integrations/terraform-provider-github/issues/2892)).
+- Acceptance and manual validation are important. See `CONTRIBUTING.md`.
+- Prefer matching resource/data source tests when implementation behavior
+  changes.
+- When schema or state semantics change, treat as high-risk unless
+  compatibility is clearly preserved.
+- Breaking changes must follow semantic versioning: attribute removal/rename
+  or new required fields warrant a major version bump.
+- Example configurations under `examples/` should be self-contained, follow
+  standard module structure, and not include `provider` blocks inside nested
+  modules.
+- Sensitive attributes (tokens, secrets, private keys) must be marked
+  `Sensitive: true` in the schema and must not appear in log output.
+
+## Universal Review Checklist
+
+### 1. Correctness and Behavior
+
+- Verify CRUD/read logic correctly maps GitHub API responses to schema/state.
+- Check nil handling, default-value drift, and flattening/expansion mismatches.
+- Confirm update paths do not accidentally force replacement or wipe optional
+  fields.
+- Validate retry/backoff and error classification for API failures.
+
+### 2. Schema and State Compatibility
+
+- Any `schema.Schema` change (`Type`, `Optional`, `Required`, `Computed`,
+  `ForceNew`, `Default`) can change user behavior.
+- Confirm imports still work and read functions produce stable state.
+- Flag any behavior that may break existing state without migration
+  notes/tests.
+- Watch for attribute rename/removal without a deprecation path.
+- New or changed attributes should include `ValidateFunc`/`ValidateDiagFunc`
+  to catch invalid values at plan time rather than at apply time.
+- All attributes should have a `Description` string.
+- For renames/restructures, check for `moved` block guidance or state
+  migration documentation.
+- Mark secret-holding attributes with `Sensitive: true`.
+
+### 3. Terraform UX and Drift
+
+- Ensure diff suppression, normalization, and API canonicalization avoid
+  perpetual diffs.
+- Check that empty vs. null handling is intentional.
+- Verify list/set ordering behavior and deterministic state output.
+
+### 4. Testing Expectations
+
+- For behavior changes, check matching tests under `github/*_test.go`.
+- Prefer acceptance tests for API-facing changes (`TF_ACC=1` scenarios).
+- Ensure tests assert the bugfix/regression target, not only happy path.
+- Flag missing tests when logic changed but coverage did not.
+
+### 5. Docs and Examples
+
+- If resource/data source behavior changed, review website docs updates under
+  `website/`.
+- If user workflow changed, review corresponding example updates under
+  `examples/`.
+- Confirm examples still reflect current schema and argument names.
+- Example directories should follow standard module structure (`main.tf`,
+  `variables.tf`, `outputs.tf`) with a `README.md`.
+- Variables and outputs in examples should include `description` and `type`.
+- If a PR adds or changes a resource, verify there is at least one example
+  showing typical usage.
+
+### 6. Security and Permissions
+
+- Verify sensitive values are not logged or exposed in state.
+- Check token/credential handling and least-privilege assumptions.
+- Document permission scope requirements for new API calls.
+- Confirm no secrets or credentials are hardcoded in examples.
+- Verify debug/trace logging does not print sensitive attribute values.
+- Sensitive outputs should be marked `sensitive = true`.
+
+### 7. Performance and API Safety
+
+- Flag new N+1 patterns, excessive API calls, or missing pagination handling.
+- Check for rate-limit-sensitive loops and absent caching where needed.
+- Confirm context cancellation/timeouts are respected in long operations.
+
+### 8. Versioning and Changelog
+
+- Breaking changes (attribute removal/rename, forced replacement, new required
+  fields) must be called out for a MAJOR version bump.
+- Backward-compatible additions (new optional attributes with defaults, new
+  resources/data sources) correspond to MINOR version bumps.
+- Bug fixes with no schema change correspond to PATCH version bumps.
+- Verify the PR description or `CHANGELOG.md` includes a clear summary of what
+  changed and the user impact.
+
+## Review Report Format
+
+Return findings first, ordered by severity:
+
+1. `HIGH`/`MEDIUM`/`LOW` title — short impact statement
+2. File reference: `path/to/file.go:line`
+3. Why this is a problem (runtime behavior, Terraform UX, upgrade risk)
+4. Suggested fix (concise)
+
+Then include:
+
+- `Open Questions / Assumptions`
+- `Residual Risk`
+- `Change Summary` (brief)
+
+If no issues are found, explicitly state `No blocking findings found` and list
+remaining risk areas.

.github/instructions/docs.instructions.md

@@ -0,0 +1,42 @@
+---
+applyTo: "website/**"
+---
+
+# Website / Docs Review
+
+These rules apply to documentation under `website/`. Combine with the
+repo-wide checklist in `.github/copilot-instructions.md`.
+
+## Keep Docs in Sync with Schema
+
+- Any schema change in `github/` (new attribute, renamed attribute,
+  changed `Required`/`Optional`/`Computed`/`Default`, new `ForceNew`,
+  removed attribute) must have a matching docs update.
+- Argument tables should list attributes with the same name, type, and
+  required/optional status as the schema.
+- Deprecated attributes must be clearly marked and include guidance on the
+  replacement.
+
+## Imports
+
+- Resources that support `terraform import` must document the import ID
+  format with at least one example command.
+
+## Permissions and Scopes
+
+- For any GitHub API call that requires a specific token scope or app
+  permission, the docs should call this out so users can configure their
+  authentication correctly.
+
+## Examples in Docs
+
+- Inline example HCL should reflect current argument names and be
+  syntactically valid.
+- Sensitive attributes should not appear with real-looking secrets, even as
+  examples.
+
+## Style and Links
+
+- Internal links between docs pages should resolve.
+- New resources/data sources need at least one usage example and a list of
+  every supported argument and attribute.

.github/instructions/examples.instructions.md

@@ -0,0 +1,56 @@
+---
+applyTo: "examples/**"
+---
+
+# Example Configuration Review
+
+These rules apply to Terraform configurations under `examples/`. Combine
+with the repo-wide checklist in `.github/copilot-instructions.md`.
+
+## Standard Module Structure
+
+Each example directory should follow the
+[standard module structure](https://developer.hashicorp.com/terraform/language/modules/develop/structure):
+
+- `main.tf` — primary resources/module calls
+- `variables.tf` — input variable declarations
+- `outputs.tf` — output declarations
+- `README.md` — purpose and usage of the example
+
+Empty stub files are acceptable when an example legitimately has no inputs
+or outputs.
+
+## Variables and Outputs
+
+- Every `variable` and `output` block should include a `description` and
+  `type`.
+- Outputs that surface sensitive values must be marked `sensitive = true`.
+- Variables that accept secrets should be marked `sensitive = true`.
+
+## Provider Configuration
+
+- **Do not** embed `provider` blocks inside nested or child modules.
+  Provider configuration belongs in root modules only. A module with a
+  `provider` block is not compatible with `count`, `for_each`, or
+  `depends_on`.
+- Each example module should declare `required_providers` with a minimum
+  version constraint (`>=`) for the `integrations/github` provider.
+
+## Coverage
+
+- If a PR adds or meaningfully changes a resource or data source, verify
+  there is at least one example demonstrating typical usage.
+- Examples must reflect the current schema: argument names, required vs.
+  optional, default values.
+
+## Security
+
+- No hardcoded tokens, passwords, or other secrets. Reference variables or
+  environment-sourced values instead.
+- Example READMEs should call out any non-obvious permission requirements.
+
+## Refactoring and `moved` Blocks
+
+When an example demonstrates resource renames or restructures, prefer
+`moved` blocks over destroy-and-recreate. Removing a previously published
+`moved` block is itself a breaking change for downstream users.

.github/instructions/schema-and-state.instructions.md

@@ -0,0 +1,74 @@
+---
+applyTo: "github/**/*.go"
+---
+
+# Provider Source Review (Schema, State, API)
+
+These rules apply to all provider Go source files under `github/`. Combine
+with the repo-wide checklist in `.github/copilot-instructions.md`.
+
+## Schema Changes Are User-Visible
+
+Any change to `schema.Schema` (`Type`, `Optional`, `Required`, `Computed`,
+`ForceNew`, `Default`, `Sensitive`, `Description`) is potentially breaking.
+Flag all schema diffs and verify:
+
+- Attribute removals or renames have a deprecation cycle or `moved`/state
+  migration guidance.
+- `Optional` → `Required` transitions are called out as breaking.
+- New `ForceNew` flags on existing attributes are called out as breaking
+  (forces resource replacement).
+- New attributes are `Optional` with a `Default` where reasonable to avoid
+  forcing existing users to update their configs.
+- All attributes carry a `Description` string (used for docs generation).
+- Attributes accepting bounded values declare `ValidateFunc` or
+  `ValidateDiagFunc` so invalid input fails at plan time, not apply time.
+- Attributes holding tokens, secrets, or private keys are marked
+  `Sensitive: true`.
+
+## State and Drift
+
+- Read functions must populate every state attribute from API responses so
+  `terraform import` works from the resource ID alone.
+- Verify the read path does not produce values that differ from what create/
+  update wrote (causes perpetual diffs).
+- Watch list/set ordering: prefer `schema.TypeSet` or stable sort when the
+  GitHub API does not return deterministic order.
+- Empty vs. null handling must be intentional and consistent between create,
+  read, and update.
+- Diff suppression (`DiffSuppressFunc`) and normalization should be reviewed
+  for correctness whenever schema is touched.
+
+## CRUD Behavior
+
+- Update paths must not accidentally force resource replacement or wipe
+  optional fields that the user did not change.
+- Nil-check API response fields before dereferencing.
+- Classify errors: 404 from GitHub typically means "remove from state" in
+  read; other errors should bubble up.
+- Respect `context.Context` cancellation and any configured timeouts.
+
+## Repository-Specific: No Read-After-Write
+
+**Do not flag** create or update functions that return `nil` instead of
+calling the resource's read function. This is intentional in this provider to
+minimize API calls against GitHub rate limits and to avoid stale reads from
+eventually-consistent endpoints. See
+[#2892](https://github.com/integrations/terraform-provider-github/issues/2892).
+
+## API Safety and Performance
+
+- Flag new N+1 access patterns over GitHub APIs.
+- Verify pagination is handled (`ListOptions` / `NextPage` loops) on any
+  endpoint that returns a list.
+- Check for rate-limit-sensitive loops; consider caching or batching where
+  appropriate.
+- Sensitive values must never appear in log output, even at debug/trace
+  level.
+
+## Security
+
+- Token, credential, and webhook secret handling must follow least
+  privilege.
+- New API calls should document the GitHub permission scope they require.
+- Do not hardcode secrets anywhere in source.

.github/instructions/tests.instructions.md

@@ -0,0 +1,36 @@
+---
+applyTo: "github/**/*_test.go"
+---
+
+# Provider Test Review
+
+These rules apply to test files under `github/`. Combine with the repo-wide
+checklist in `.github/copilot-instructions.md`.
+
+## Coverage Expectations
+
+- When behavior in a resource or data source changes, there must be a
+  matching test change. Flag PRs where production code changed but tests
+  did not.
+- Prefer acceptance tests (`TF_ACC=1`) for any API-facing change. Unit-only
+  coverage is rarely sufficient for schema or CRUD changes.
+- Tests should assert the specific bugfix or regression being targeted, not
+  only the happy path.
+
+## Test Structure
+
+- Acceptance tests should exercise create → read → import → update → destroy
+  where applicable. Import steps are particularly valuable because they
+  validate that the read function can reconstruct state from the ID alone.
+- Use realistic fixture data; avoid asserting on transient or
+  environment-specific fields without normalization.
+- Avoid hardcoded secrets or tokens in test files; use environment variables
+  or test helpers.
+
+## When Reviewing Test Changes
+
+- If a test was deleted or weakened, explain why in the report and flag as
+  at least MEDIUM unless the corresponding production code was also removed.
+- New skip conditions or `t.Skip` calls must include a clear justification.
+- Tests that depend on specific organization/repo names should use the
+  shared test helpers/config, not hardcoded values.