diff --git a/github/data_source_github_organization.go b/github/data_source_github_organization.go index c588515a61..9968cb9e84 100644 --- a/github/data_source_github_organization.go +++ b/github/data_source_github_organization.go @@ -141,6 +141,14 @@ func dataSourceGithubOrganization() *schema.Resource { Type: schema.TypeBool, Computed: true, }, + "secret_scanning_validity_checks_enabled": { + Type: schema.TypeBool, + Computed: true, + }, + "default_repository_branch": { + Type: schema.TypeString, + Computed: true, + }, "summary_only": { Type: schema.TypeBool, Optional: true, @@ -265,6 +273,8 @@ func dataSourceGithubOrganizationRead(ctx context.Context, d *schema.ResourceDat _ = d.Set("dependency_graph_enabled_for_new_repositories", organization.GetDependencyGraphEnabledForNewRepos()) _ = d.Set("secret_scanning_enabled_for_new_repositories", organization.GetSecretScanningEnabledForNewRepos()) _ = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", organization.GetSecretScanningPushProtectionEnabledForNewRepos()) + _ = d.Set("secret_scanning_validity_checks_enabled", organization.GetSecretScanningValidityChecksEnabled()) + _ = d.Set("default_repository_branch", organization.GetDefaultRepositoryBranch()) } d.SetId(strconv.FormatInt(organization.GetID(), 10)) diff --git a/github/data_source_github_organization_test.go b/github/data_source_github_organization_test.go index 5d8da74a42..e23d63b2d1 100644 --- a/github/data_source_github_organization_test.go +++ b/github/data_source_github_organization_test.go @@ -41,6 +41,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckResourceAttrSet("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_validity_checks_enabled"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "default_repository_branch"), ) resource.Test(t, resource.TestCase{ @@ -139,6 +141,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckNoResourceAttr("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_validity_checks_enabled"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "default_repository_branch"), ) resource.Test(t, resource.TestCase{ diff --git a/github/resource_github_organization_settings.go b/github/resource_github_organization_settings.go index 5b8d0b7062..0c547c0998 100644 --- a/github/resource_github_organization_settings.go +++ b/github/resource_github_organization_settings.go @@ -169,6 +169,18 @@ func resourceGithubOrganizationSettings() *schema.Resource { Default: false, Description: "Whether or not secret scanning push protection is enabled for new repositories.", }, + "secret_scanning_validity_checks_enabled": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Whether or not secret scanning automatic validity checks on supported partner tokens are enabled for the organization.", + }, + "default_repository_branch": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The default branch name applied to new repositories created in the organization (for example, 'main').", + }, }, } } @@ -290,6 +302,14 @@ func buildOrganizationSettings(d *schema.ResourceData, isEnterprise bool) *githu if shouldInclude("secret_scanning_push_protection_enabled_for_new_repositories") { settings.SecretScanningPushProtectionEnabledForNewRepos = new(d.Get("secret_scanning_push_protection_enabled_for_new_repositories").(bool)) } + if shouldInclude("secret_scanning_validity_checks_enabled") { + settings.SecretScanningValidityChecksEnabled = new(d.Get("secret_scanning_validity_checks_enabled").(bool)) + } + if shouldInclude("default_repository_branch") { + if v, ok := d.GetOk("default_repository_branch"); ok { + settings.DefaultRepositoryBranch = new(v.(string)) + } + } // Enterprise-specific field if isEnterprise { @@ -399,6 +419,12 @@ func resourceGithubOrganizationSettingsCreateOrUpdate(d *schema.ResourceData, me if settings.SecretScanningPushProtectionEnabledForNewRepos != nil { log.Printf("[DEBUG] SecretScanningPushProtectionEnabledForNewRepos: %v", *settings.SecretScanningPushProtectionEnabledForNewRepos) } + if settings.SecretScanningValidityChecksEnabled != nil { + log.Printf("[DEBUG] SecretScanningValidityChecksEnabled: %v", *settings.SecretScanningValidityChecksEnabled) + } + if settings.DefaultRepositoryBranch != nil { + log.Printf("[DEBUG] DefaultRepositoryBranch: %s", *settings.DefaultRepositoryBranch) + } orgSettings, _, err := client.Organizations.Edit(ctx, org, settings) if err != nil { @@ -513,6 +539,12 @@ func resourceGithubOrganizationSettingsRead(d *schema.ResourceData, meta any) er if err = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", orgSettings.GetSecretScanningPushProtectionEnabledForNewRepos()); err != nil { return err } + if err = d.Set("secret_scanning_validity_checks_enabled", orgSettings.GetSecretScanningValidityChecksEnabled()); err != nil { + return err + } + if err = d.Set("default_repository_branch", orgSettings.GetDefaultRepositoryBranch()); err != nil { + return err + } return nil } diff --git a/github/resource_github_organization_settings_test.go b/github/resource_github_organization_settings_test.go index 742f779b3e..532390c26b 100644 --- a/github/resource_github_organization_settings_test.go +++ b/github/resource_github_organization_settings_test.go @@ -586,6 +586,32 @@ func TestAccGithubOrganizationSettings(t *testing.T) { }) }) + t.Run("test default_repository_branch and secret_scanning_validity_checks_enabled", func(t *testing.T) { + config := ` + resource "github_organization_settings" "test" { + billing_email = "test@example.com" + default_repository_branch = "main" + secret_scanning_validity_checks_enabled = false + }` + + check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("github_organization_settings.test", "billing_email", "test@example.com"), + resource.TestCheckResourceAttr("github_organization_settings.test", "default_repository_branch", "main"), + resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_validity_checks_enabled", "false"), + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessHasOrgs(t) }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: config, + Check: check, + }, + }, + }) + }) + t.Run("test enum field variations", func(t *testing.T) { config := ` resource "github_organization_settings" "test" { diff --git a/website/docs/d/organization.html.markdown b/website/docs/d/organization.html.markdown index 55979f8be1..3a3806c288 100644 --- a/website/docs/d/organization.html.markdown +++ b/website/docs/d/organization.html.markdown @@ -57,3 +57,5 @@ data "github_organization" "example" { * `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. * `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. * `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. + * `secret_scanning_validity_checks_enabled` - Whether secret scanning automatic validity checks on supported partner tokens are enabled for the organization. + * `default_repository_branch` - The default branch name applied to new repositories created in the organization. diff --git a/website/docs/r/organization_settings.html.markdown b/website/docs/r/organization_settings.html.markdown index c8a4db54a6..8524503945 100644 --- a/website/docs/r/organization_settings.html.markdown +++ b/website/docs/r/organization_settings.html.markdown @@ -39,6 +39,8 @@ resource "github_organization_settings" "test" { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_validity_checks_enabled = false + default_repository_branch = "main" } ``` @@ -71,7 +73,9 @@ The following arguments are supported: * `dependabot_security_updates_enabled_for_new_repositories` - (Optional) Whether or not dependabot security updates are enabled for new repositories. Defaults to `false`. * `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. * `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. -* `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +* `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +* `secret_scanning_validity_checks_enabled` - (Optional) Whether or not secret scanning automatic validity checks on supported partner tokens are enabled for the organization. The current value is read from the API when not set. +* `default_repository_branch` - (Optional) The default branch name applied to new repositories created in the organization (for example, `main`). The current value is read from the API when not set. ## Attributes Reference