Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: github_repository_environment resouce fails when reviewers (users or teams) are passed to GHE 3.10 #2457

Open
1 task done
vkanproton opened this issue Nov 12, 2024 · 1 comment
Open
1 task done

[BUG]: github_repository_environment resouce fails when reviewers (users or teams) are passed to GHE 3.10 #2457

vkanproton opened this issue Nov 12, 2024 · 1 comment
Labels
Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented

Comments

@vkanproton
Copy link

vkanproton commented Nov 12, 2024
edited
Loading

Expected Behavior

Environment should be created on Github Enterprise 3.10 regardless of the fact if reviewers are passed or not.

Actual Behavior

Environment fail to be created on GH Enterprise 3.10 when I use reviewers block with teams or users.

It turns out the GHE 3.10 doesn't have that tick available - https://i0.wp.com/user-images.githubusercontent.com/25389593/275635597-ad54403a-5898-4e20-b2bd-c4677ba95d5d.png

If no reviewers are provided, the prevent_self_review key is accepted.

The actual problem is when you pass reviewers - then prevent_self_review is not expected.

The error:
│ Error: PUT https://github-instance.net/api/v3/repos/ORG/test-repo/environments/PRODUCTION: 422 Invalid request.

│ Invalid input: "prevent_self_review" is not a permitted key. []

Terraform Version

OpenTofu v1.8.5
on darwin_amd64

  • provider registry.opentofu.org/integrations/github v6.3.1

terragrunt version 0.66.0

GitHub Enterprise Server 3.10

Affected Resource(s)

  • github_repository_environment

Terraform Configuration Files

# main.tf (snippet from a module)
resource "github_repository_environment" "this" {
  for_each = { for k, v in var.environments : k => v if var.environments != [] }

  repository          = github_repository.repository.name
  environment         = each.value.environment
  wait_timer          = each.value.wait_timer
  can_admins_bypass   = each.value.can_admins_bypass
  prevent_self_review = each.value.prevent_self_review

  reviewers {
    users = each.value.users
    teams = each.value.teams
  }

  deployment_branch_policy {
    protected_branches     = each.value.protected_branches
    custom_branch_policies = each.value.custom_branch_policies
  }
}

# variables.tf (snippet from a module)
variable "environments" {
  type = list(object({
    environment            = string
    wait_timer             = optional(number, null)
    can_admins_bypass      = optional(bool, false)
    prevent_self_review    = optional(bool, true)
    users                  = optional(list(number), [])
    teams                  = optional(list(number), [])
    protected_branches     = optional(bool, true)
    custom_branch_policies = optional(bool, false)
  }))
  default = []
}

# terragrunt.hcl snippet
terraform {
  source = "../modules/github-repo/"
}

inputs = {
  environments = [
    {
      environment = "STAGING"
    },
    {
      environment         = "PRODUCTION"
      teams               = [1234]
      can_admins_bypass   = true
    }
  ]
}

Steps to Reproduce

terragrunt apply

Debug Output

OpenTofu will perform the following actions:

  # github_repository_environment.this["0"] will be created
  + resource "github_repository_environment" "this" {
      + can_admins_bypass   = false
      + environment         = "STAGING"
      + id                  = (known after apply)
      + prevent_self_review = true
      + repository          = "test-repo"

      + deployment_branch_policy {
          + custom_branch_policies = false
          + protected_branches     = true
        }

      + reviewers {}
    }

  # github_repository_environment.this["1"] will be created
  + resource "github_repository_environment" "this" {
      + can_admins_bypass   = true
      + environment         = "PRODUCTION"
      + id                  = (known after apply)
      + prevent_self_review = false
      + repository          = "test-repo"

      + deployment_branch_policy {
          + custom_branch_policies = false
          + protected_branches     = true
        }

      + reviewers {
          + teams = [
              + 1234,
            ]
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.


Output:
github_repository_environment.this["0"]: Creating...
github_repository_environment.this["0"]: Creation complete after 5s [id=test-repo:STAGING]
github_repository_environment.this["1"]: Creating...
╷
│ Error: PUT https://github-instance.net/api/v3/repos/ORG/test-repo/environments/PRODUCTION: 422 Invalid request.
│ 
│ Invalid input: "prevent_self_review" is not a permitted key. []
│ 
│   with github_repository_environment.this["1"],
│   on main.tf line 333, in resource "github_repository_environment" "this":
│  333: resource "github_repository_environment" "this" {
│

Panic Output

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@vkanproton vkanproton added Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented labels Nov 12, 2024
@vkanproton vkanproton changed the title [BUG]: github_repository_environment resouce fails when reviewers (users or teams) are passed [BUG]: github_repository_environment resouce fails when reviewers (users or teams) are passed to GHE 3.10 Nov 15, 2024
@vkanproton
Copy link
Author

It turns out the GHE 3.10 doesn't have that tick available - https://i0.wp.com/user-images.githubusercontent.com/25389593/275635597-ad54403a-5898-4e20-b2bd-c4677ba95d5d.png

If no reviewers are provided, the prevent_self_review key is accepted.

The actual problem is when you pass reviewers - then prevent_self_review is not expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vkanproton