Describe the need
Currently, the provider supports the github_actions_organization_permissions resource, but there is no corresponding data source.
Organization-level Actions permissions are typically a global, "singleton" setting. When building distributed, modularized Terraform for repositories, it is often necessary to conditionally configure github_actions_repository_permissions based on the organization's overarching Actions policy (e.g., propagating the exact list of patterns_allowed).
Because there is no data source, Terraform authors must either hardcode these settings across environments or pass them down via complex variable chains from a root module.
Attempting to use the github_actions_organization_permissions resource inside a module with lifecycle { ignore_changes = all } as a workaround is dangerous, as destroying the module attempts to destroy the organization's permissions.
Proposal
A new data source: github_actions_organization_permissions
This would wrap the existing GET /orgs/{org}/actions/permissions GitHub API and expose the exact same attributes as the existing resource:
- allowed_actions
- enabled_repositories
- allowed_actions_config (block)
- enabled_repositories_config (block)
- secret_scanning_push_protection_custom_link
Example usage:
data "github_actions_organization_permissions" "org_policy" {}
resource "github_actions_repository_permissions" "repo_policy" {
repository = "my-repo"
allowed_actions = data.github_actions_organization_permissions.org_policy.allowed_actions
allowed_actions_config {
github_owned_allowed = data.github_actions_organization_permissions.org_policy.allowed_actions_config[0].github_owned_allowed
verified_allowed = data.github_actions_organization_permissions.org_policy.allowed_actions_config[0].verified_allowed
patterns_allowed = data.github_actions_organization_permissions.org_policy.allowed_actions_config[0].patterns_allowed
}
}
The GetActionsPermissions method already exists on the OrganizationsService and is currently used by the resource's read function.
GitHub Installation Type
Relevant log output
Code of Conduct
Describe the need
Currently, the provider supports the github_actions_organization_permissions resource, but there is no corresponding data source.
Organization-level Actions permissions are typically a global, "singleton" setting. When building distributed, modularized Terraform for repositories, it is often necessary to conditionally configure github_actions_repository_permissions based on the organization's overarching Actions policy (e.g., propagating the exact list of patterns_allowed).
Because there is no data source, Terraform authors must either hardcode these settings across environments or pass them down via complex variable chains from a root module.
Attempting to use the github_actions_organization_permissions resource inside a module with lifecycle { ignore_changes = all } as a workaround is dangerous, as destroying the module attempts to destroy the organization's permissions.
Proposal
A new data source:
github_actions_organization_permissionsThis would wrap the existing
GET /orgs/{org}/actions/permissionsGitHub API and expose the exact same attributes as the existing resource:Example usage:
The GetActionsPermissions method already exists on the OrganizationsService and is currently used by the resource's read function.
GitHub Installation Type
Relevant log output
Code of Conduct