Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GitHub Code Scanning Resource and Data Source (Continuation) #2228

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add GitHub Code Scanning Resource and Data Source (Continuation) #2228

wants to merge 6 commits into from

Conversation

pacoguzman
Copy link

@pacoguzman pacoguzman commented Apr 11, 2024
edited

Resolves #1648

Before the change?

  • Before the change, code scanning was not able to be configured with a Terraform resource, and it's state was not able to be retrieved by a data source.

After the change?

  • The provider now supports configuring code scanning via its corresponding resource for a given repository, and the data source is able to retrieve it's current configuration.

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

This is a continuation of the #2036 as it looks stuck

The following is an example of a manual testing terraform apply

 terraform apply \
  -var "owner=${TF_VAR_github_owner}" \
  -var "github_token=${TF_VAR_github_token}"
╷
│ Warning: Provider development overrides are in effect
│
│ The following provider development overrides are set in the CLI configuration:
│  - integrations/github in /Users/pacoguzman/dev/github/pacoguzman-gitops/terraform-provider-github/bin
│
│ The behavior may therefore not match any released version of the provider and applying changes may cause the state to become incompatible with published releases.
╵

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # github_repository.terraformed will be created
  + resource "github_repository" "terraformed" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archived                    = false
      + auto_init                   = true
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = false
      + description                 = "A repository created by terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "terraformed"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = (known after apply)
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }
    }

  # github_repository_code_scanning.terraformed will be created
  + resource "github_repository_code_scanning" "terraformed" {
      + id          = (known after apply)
      + languages   = (known after apply)
      + query_suite = "default"
      + repository  = "terraformed"
      + state       = "configured"
      + updated_at  = (known after apply)
    }

  # github_repository_file.terraformed will be created
  + resource "github_repository_file" "terraformed" {
      + branch              = "main"
      + commit_author       = "Terraform User"
      + commit_email        = "terraform@example.com"
      + commit_message      = "Managed by Terraform"
      + commit_sha          = (known after apply)
      + content             = <<-EOT
            if __name__ == "__main__":
            				print ("This is a test")
        EOT
      + file                = "main.py"
      + id                  = (known after apply)
      + overwrite_on_create = true
      + ref                 = (known after apply)
      + repository          = "terraformed"
      + sha                 = (known after apply)
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + repository               = {
      + allow_auto_merge                        = false
      + allow_merge_commit                      = true
      + allow_rebase_merge                      = true
      + allow_squash_merge                      = true
      + allow_update_branch                     = null
      + archive_on_destroy                      = null
      + archived                                = false
      + auto_init                               = true
      + default_branch                          = (known after apply)
      + delete_branch_on_merge                  = false
      + description                             = "A repository created by terraform"
      + etag                                    = (known after apply)
      + full_name                               = (known after apply)
      + git_clone_url                           = (known after apply)
      + gitignore_template                      = null
      + has_discussions                         = null
      + has_downloads                           = null
      + has_issues                              = null
      + has_projects                            = null
      + has_wiki                                = null
      + homepage_url                            = null
      + html_url                                = (known after apply)
      + http_clone_url                          = (known after apply)
      + id                                      = (known after apply)
      + ignore_vulnerability_alerts_during_read = null
      + is_template                             = null
      + license_template                        = null
      + merge_commit_message                    = "PR_TITLE"
      + merge_commit_title                      = "MERGE_MESSAGE"
      + name                                    = "terraformed"
      + node_id                                 = (known after apply)
      + pages                                   = []
      + primary_language                        = (known after apply)
      + private                                 = (known after apply)
      + repo_id                                 = (known after apply)
      + security_and_analysis                   = [
          + {
              + advanced_security               = []
              + secret_scanning                 = [
                  + {
                      + status = "enabled"
                    },
                ]
              + secret_scanning_push_protection = [
                  + {
                      + status = "enabled"
                    },
                ]
            },
        ]
      + squash_merge_commit_message             = "COMMIT_MESSAGES"
      + squash_merge_commit_title               = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url                           = (known after apply)
      + svn_url                                 = (known after apply)
      + template                                = []
      + topics                                  = (known after apply)
      + visibility                              = "public"
      + vulnerability_alerts                    = true
      + web_commit_signoff_required             = false
    }
  + repository_code_scanning = {
      + id          = (known after apply)
      + languages   = (known after apply)
      + query_suite = "default"
      + repository  = "terraformed"
      + state       = "configured"
      + updated_at  = (known after apply)
    }

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

github_repository.terraformed: Creating...
github_repository.terraformed: Creation complete after 7s [id=terraformed]
github_repository_file.terraformed: Creating...
github_repository_file.terraformed: Creation complete after 2s [id=terraformed/main.py]
github_repository_code_scanning.terraformed: Creating...
github_repository_code_scanning.terraformed: Creation complete after 5s [id=terraformed]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

repository = {
  "allow_auto_merge" = false
  "allow_merge_commit" = true
  "allow_rebase_merge" = true
  "allow_squash_merge" = true
  "allow_update_branch" = false
  "archive_on_destroy" = tobool(null)
  "archived" = false
  "auto_init" = true
  "default_branch" = "main"
  "delete_branch_on_merge" = false
  "description" = "A repository created by terraform"
  "etag" = "W/\"e2e58f76629f7b82ff984ee4d3bfdc72a4bfe116650b9889e48ca91474c503a1\""
  "full_name" = "pacoguzman-gitops/terraformed"
  "git_clone_url" = "git://github.com/pacoguzman-gitops/terraformed.git"
  "gitignore_template" = tostring(null)
  "has_discussions" = false
  "has_downloads" = false
  "has_issues" = false
  "has_projects" = false
  "has_wiki" = false
  "homepage_url" = ""
  "html_url" = "https://github.com/pacoguzman-gitops/terraformed"
  "http_clone_url" = "https://github.com/pacoguzman-gitops/terraformed.git"
  "id" = "terraformed"
  "ignore_vulnerability_alerts_during_read" = tobool(null)
  "is_template" = false
  "license_template" = tostring(null)
  "merge_commit_message" = "PR_TITLE"
  "merge_commit_title" = "MERGE_MESSAGE"
  "name" = "terraformed"
  "node_id" = "R_kgDOLtOKmA"
  "pages" = tolist([])
  "primary_language" = ""
  "private" = false
  "repo_id" = 785615512
  "security_and_analysis" = tolist([
    {
      "advanced_security" = tolist([])
      "secret_scanning" = tolist([
        {
          "status" = "enabled"
        },
      ])
      "secret_scanning_push_protection" = tolist([
        {
          "status" = "enabled"
        },
      ])
    },
  ])
  "squash_merge_commit_message" = "COMMIT_MESSAGES"
  "squash_merge_commit_title" = "COMMIT_OR_PR_TITLE"
  "ssh_clone_url" = "git@github.com:pacoguzman-gitops/terraformed.git"
  "svn_url" = "https://github.com/pacoguzman-gitops/terraformed"
  "template" = tolist([])
  "topics" = toset([])
  "visibility" = "public"
  "vulnerability_alerts" = true
  "web_commit_signoff_required" = false
}
repository_code_scanning = {
  "id" = "terraformed"
  "languages" = tolist([])
  "query_suite" = "default"
  "repository" = "terraformed"
  "state" = "configured"
  "updated_at" = ""
}

@pacoguzman pacoguzman changed the title WIP issue1648 Add GitHub Code Scanning Resource and Data Source (Continuation) Apr 12, 2024
@pacoguzman pacoguzman marked this pull request as ready for review April 12, 2024 08:54
@pacoguzman pacoguzman mentioned this pull request Apr 12, 2024
Open
4 tasks
@kfcampbell
Copy link
Member

I approved the CI checks here but cannot proceed with validating the testing as the builds aren't successful. I appreciate you picking this up and giving it attention!

liam.baker and others added 6 commits April 24, 2024 11:38
@pacoguzman
Adds GitHub Code Scanning resource and data source
74352f6 
Signed-off-by: liam.baker <liam.baker@sage.com>
@pacoguzman
updates to test files
8ce852b 
Signed-off-by: liam.baker <liam.baker@sage.com>
@pacoguzman
add waiter for codeql setup workflow to finish before proceeding
e6af70a 
Signed-off-by: liam.baker <liam.baker@sage.com>
@pacoguzman
removes hardcoded organisation name
38ec407 
Signed-off-by: liam.baker <liam.baker@sage.com>
@pacoguzman
codeql retry using sdk v2
de00651
@pacoguzman
code_scanning: remove owner requirement
4259703 
As we make use of repository name which already includes that
@pacoguzman
Copy link
Author

@kfcampbell I've pushed changes they should pass CI checks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEAT]: Support Code Scanning default setup
2 participants
@pacoguzman @kfcampbell