feat: Add github_repository_code_scanning_default_setup resource#3315
feat: Add github_repository_code_scanning_default_setup resource#3315oda251 wants to merge 2 commits intointegrations:mainfrom
Conversation
|
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with |
oda251
force-pushed
the
feat/code-scanning-default-setup
branch
from
bc108db to
b99d798
Compare
Add a new resource to manage code scanning default setup configuration for GitHub repositories via the REST API. Closes integrations#2043 (partially) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
oda251
force-pushed
the
feat/code-scanning-default-setup
branch
from
b99d798 to
f26ff06
Compare
| "repository": { | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| ForceNew: true, | ||
| Description: "The GitHub repository name.", | ||
| }, |
There was a problem hiding this comment.
Remove ForceNew and add the diffRepo structure used in other similar resources. This allows support for renaming repositories
| if repoName == "" { | ||
| repoName = d.Id() | ||
| } |
There was a problem hiding this comment.
How could this situation arise?
| repoName = d.Id() | ||
| } | ||
|
|
||
| config, _, err := client.CodeScanning.GetDefaultSetupConfiguration(ctx, owner, repoName) |
There was a problem hiding this comment.
question: does this return err or success if the repo has been archived?
If success, then we need to also check if the repo is archived and return an error
There was a problem hiding this comment.
The API returns 403 on archived repos, but with a misleading message ("Code scanning is not enabled"). Added an explicit archived check in Create/Update to provide a clear error message, along with a test case. Read does not check (consistent with other resources).
# configured before archiving
$ gh api repos/oda251/actrun-mcp/code-scanning/default-setup
{"state":"configured","languages":[],"query_suite":"default",...}
# after archiving
$ gh api repos/oda251/actrun-mcp/code-scanning/default-setup
403: "Code scanning is not enabled for this repository."
| if !errors.As(err, &acceptedErr) { | ||
| return diag.Errorf("error disabling code scanning default setup for %s/%s: %s", owner, repoName, err) | ||
| } |
There was a problem hiding this comment.
This should also not error if the repo is gone.
| } | ||
| } | ||
|
|
||
| log.Printf("[INFO] Code scanning default setup disabled for %s/%s", owner, repoName) |
| diags := resourceGithubRepositoryCodeScanningDefaultSetupRead(ctx, d, meta) | ||
| if diags.HasError() { | ||
| return nil, fmt.Errorf("error importing code scanning default setup for %s: %s", repoName, diags[0].Summary) | ||
| } |
There was a problem hiding this comment.
Don't ever call any of the CRUD functions. Read will be automatically called after import, you only need to set any important fields for Read to work
| return nil, err | ||
| } | ||
|
|
||
| return result.(*github.DefaultSetupConfiguration), nil |
There was a problem hiding this comment.
Wouldn't this panic if the wait returns nil?
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccCodeScanningDefaultSetupConfig(repoName, `state = "configured"`), | ||
| Check: resource.ComposeTestCheckFunc( |
There was a problem hiding this comment.
Please use ConfigStateChecks
There was a problem hiding this comment.
Done. Also consolidated redundant test cases (9 -> 6) and added repository_id verification in the import test.
| repoName := fmt.Sprintf("%srepo-code-scanning-%s", testResourcePrefix, randomID) | ||
| config := testAccCodeScanningDefaultSetupConfig(repoName, `state = "not-configured"`) | ||
|
|
||
| check := resource.TestCheckResourceAttr( |
There was a problem hiding this comment.
Don't use variables for checks
- Replace ForceNew with diffRepository + repository_id for rename support - Add archived repo check in Create/Update - Handle 404 in Read (remove from state) and Delete (return nil) - Use tflog instead of log.Printf - Simplify Import to only set repository (Read is called automatically) - Add nil check in waitForCodeScanningState to prevent panic - Migrate tests to ConfigStateChecks, consolidate redundant cases Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
@deiga |
2 participants
Resolves #1648
Partially addresses #2043
Before the change?
AcceptedError, which was not handled. This caused the resource creation to fail with"job scheduled on GitHub side; try again later".After the change?
github_repository_code_scanning_default_setupmanages CodeQL default setup per repository.AcceptedErrorfrom the async PATCH API, following the same pattern asresource_github_enterprise_organizationandresource_github_actions_hosted_runner.retry.StateChangeConfto poll until the target state is reached.timeoutsblock (default 5 min).languagesis optional — default setup automatically includes all supported languages when omitted.Note: The GitHub API also supports
threat_model,runner_type,runner_label, andschedule, but go-github v84 does not expose these fields yet. They can be added in a follow-up.Pull request checklist
Does this introduce a breaking change?