Skip to content
This repository has been archived by the owner on Mar 19, 2021. It is now read-only.

Commit

Permalink
Test build 2.4.0 with vulnerability alerts
Browse files Browse the repository at this point in the history
  • Loading branch information
jtsaito authored and fmasuhr committed Jun 18, 2020
1 parent 9dd0b20 commit 0eb729b
Show file tree
Hide file tree
Showing 6 changed files with 289 additions and 27 deletions.
32 changes: 27 additions & 5 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,10 @@ go:
- "1.13.x"

env:
- GOFLAGS=-mod=vendor

branches:
only:
- master
global:
- GOFLAGS=-mod=vendor
- LINUX_BINARY_PATH=${GOPATH}/bin/terraform-provider-github
- DARWIN_BINARY_PATH=${GOPATH}/bin/darwin_amd64/terraform-provider-github

install:
- make tools
Expand All @@ -29,3 +28,26 @@ matrix:
script: make website-lint
- name: "make website-test"
script: make website-test

before_deploy:
- GIT_TAG=$(git describe --tags)
- GOOS=linux GOARCH=amd64 make build
- mv ${LINUX_BINARY_PATH} ${LINUX_BINARY_PATH}_${GIT_TAG}
- zip -j ${LINUX_BINARY_PATH}_${GIT_TAG}_linux_amd64.zip ${LINUX_BINARY_PATH}_${GIT_TAG}
- GOOS=darwin GOARCH=amd64 make build
- mv ${DARWIN_BINARY_PATH} ${DARWIN_BINARY_PATH}_${GIT_TAG}
- zip -j ${DARWIN_BINARY_PATH}_${GIT_TAG}_darwin_amd64.zip ${DARWIN_BINARY_PATH}_${GIT_TAG}

# Deploy only when a tag is created and pushed to the master branch.
deploy:
provider: releases
api_key: ${GITHUB_API_KEY}
file:
- ${LINUX_BINARY_PATH}_${GIT_TAG}_linux_amd64.zip
- ${DARWIN_BINARY_PATH}_${GIT_TAG}_darwin_amd64.zip
skip_cleanup: true
file_glob: true
on:
branch: master
tags: true
condition: ${GIT_TAG} =~ ^v[0-9]+\.[0-9]+\.[0-9]$ AND ${JOB_NAME} = "make test"
45 changes: 23 additions & 22 deletions github/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,28 +36,29 @@ func Provider() terraform.ResourceProvider {
},

ResourcesMap: map[string]*schema.Resource{
"github_actions_secret": resourceGithubActionsSecret(),
"github_branch": resourceGithubBranch(),
"github_branch_protection": resourceGithubBranchProtection(),
"github_issue_label": resourceGithubIssueLabel(),
"github_membership": resourceGithubMembership(),
"github_organization_block": resourceOrganizationBlock(),
"github_organization_project": resourceGithubOrganizationProject(),
"github_organization_webhook": resourceGithubOrganizationWebhook(),
"github_project_column": resourceGithubProjectColumn(),
"github_repository_collaborator": resourceGithubRepositoryCollaborator(),
"github_repository_deploy_key": resourceGithubRepositoryDeployKey(),
"github_repository_file": resourceGithubRepositoryFile(),
"github_repository_project": resourceGithubRepositoryProject(),
"github_repository_webhook": resourceGithubRepositoryWebhook(),
"github_repository": resourceGithubRepository(),
"github_team_membership": resourceGithubTeamMembership(),
"github_team_repository": resourceGithubTeamRepository(),
"github_team_sync_group_mapping": resourceGithubTeamSyncGroupMapping(),
"github_team": resourceGithubTeam(),
"github_user_gpg_key": resourceGithubUserGpgKey(),
"github_user_invitation_accepter": resourceGithubUserInvitationAccepter(),
"github_user_ssh_key": resourceGithubUserSshKey(),
"github_actions_secret": resourceGithubActionsSecret(),
"github_branch": resourceGithubBranch(),
"github_branch_protection": resourceGithubBranchProtection(),
"github_issue_label": resourceGithubIssueLabel(),
"github_membership": resourceGithubMembership(),
"github_organization_block": resourceOrganizationBlock(),
"github_organization_project": resourceGithubOrganizationProject(),
"github_organization_webhook": resourceGithubOrganizationWebhook(),
"github_project_column": resourceGithubProjectColumn(),
"github_repository_collaborator": resourceGithubRepositoryCollaborator(),
"github_repository_deploy_key": resourceGithubRepositoryDeployKey(),
"github_repository_file": resourceGithubRepositoryFile(),
"github_repository_project": resourceGithubRepositoryProject(),
"github_repository_vulnerability_alerts": resourceGithubRepositoryVulnerabilityAlerts(),
"github_repository_webhook": resourceGithubRepositoryWebhook(),
"github_repository": resourceGithubRepository(),
"github_team_membership": resourceGithubTeamMembership(),
"github_team_repository": resourceGithubTeamRepository(),
"github_team_sync_group_mapping": resourceGithubTeamSyncGroupMapping(),
"github_team": resourceGithubTeam(),
"github_user_gpg_key": resourceGithubUserGpgKey(),
"github_user_invitation_accepter": resourceGithubUserInvitationAccepter(),
"github_user_ssh_key": resourceGithubUserSshKey(),
},

DataSourcesMap: map[string]*schema.Resource{
Expand Down
95 changes: 95 additions & 0 deletions github/resource_github_repository_vulnerability_alerts.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
package github

import (
"context"
"fmt"
"log"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)

func resourceGithubRepositoryVulnerabilityAlerts() *schema.Resource {
return &schema.Resource{
Create: resourceGithubRepositoryVulnerabilityAlertsCreate,
Read: resourceGithubRepositoryVulnerabilityAlertsRead,
Delete: resourceGithubRepositoryVulnerabilityAlertsDelete,

Schema: map[string]*schema.Schema{
"repository": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
}
}

func resourceGithubRepositoryVulnerabilityAlertsCreate(d *schema.ResourceData, meta interface{}) error {
err := checkOrganization(meta)
if err != nil {
return err
}

client := meta.(*Organization).client

orgName := meta.(*Organization).name
repoName := d.Get("repository").(string)

log.Printf("[DEBUG] Creating repository vulnerability alerts: %s/%s", orgName, repoName)
ctx := context.WithValue(context.Background(), ctxId, d.Id())
_, err = client.Repositories.EnableVulnerabilityAlerts(ctx, orgName, repoName)
if err != nil {
return err
}

d.SetId(repoName)

return resourceGithubRepositoryVulnerabilityAlertsRead(d, meta)
}

func resourceGithubRepositoryVulnerabilityAlertsRead(d *schema.ResourceData, meta interface{}) error {
err := checkOrganization(meta)
if err != nil {
return err
}

client := meta.(*Organization).client

repoName := d.Id()
if err != nil {
return err
}
orgName := meta.(*Organization).name

log.Printf("[DEBUG] Reading repository vulnerability alerts: %s/%s", orgName, repoName)
ctx := context.WithValue(context.Background(), ctxId, d.Id())
enabled, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName)
if err != nil {
return fmt.Errorf("Error reading repository vulnerability alerts: %v", err)
}
if !enabled {
d.SetId("")
}

return nil
}

func resourceGithubRepositoryVulnerabilityAlertsDelete(d *schema.ResourceData, meta interface{}) error {
err := checkOrganization(meta)
if err != nil {
return err
}

client := meta.(*Organization).client
repoName := d.Id()
if err != nil {
return err
}

orgName := meta.(*Organization).name
ctx := context.WithValue(context.Background(), ctxId, d.Id())
log.Printf("[DEBUG] Deleting repository vulnerability alerts%s/%s", orgName, repoName)
_, err = client.Repositories.DisableVulnerabilityAlerts(ctx, orgName, repoName)

return err
}
94 changes: 94 additions & 0 deletions github/resource_github_repository_vulnerability_alerts_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
package github

import (
"context"
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
)

func TestAccGithubRepositoryVulnerabilityAlerts_basic(t *testing.T) {
rn := "github_repository_vulnerability_alerts.test"
rString := acctest.RandString(5)
repoName := fmt.Sprintf("tf-acc-test-repository-vulnerability-alerts-%s", rString)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccGithubRepositoryVulnerabilityAlertsDestroy,
Steps: []resource.TestStep{
{
Config: testAccGithubRepositoryVulnerabilityAlertsConfig(repoName),
Check: resource.ComposeTestCheckFunc(
testAccCheckGithubRepositoryVulnerabilityAlertsExists(rn, repoName),
resource.TestCheckResourceAttr(rn, "repository", repoName),
),
},
},
})
}

func testAccCheckGithubRepositoryVulnerabilityAlertsExists(n, id string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not Found: %s", n)
}

if rs.Primary.ID != id {
return fmt.Errorf("Expected ID to be %v, got %v", id, rs.Primary.ID)
}

conn := testAccProvider.Meta().(*Organization).client
o := testAccProvider.Meta().(*Organization).name

enabled, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), o, id)
if err != nil {
return err
}

if !enabled {
return fmt.Errorf("Expected vulnerability alerts to be enabled on %v", id)
}

return nil
}
}

func testAccGithubRepositoryVulnerabilityAlertsDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*Organization).client

for _, rs := range s.RootModule().Resources {
if rs.Type != "github_repository_vulnerability_alerts" {
continue
}

o := testAccProvider.Meta().(*Organization).name
enabled, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), o, rs.Primary.ID)

if err == nil {
if enabled {
return fmt.Errorf("Repositor vulnerability alerts still exist")
}
}
return nil
}
return nil
}

func testAccGithubRepositoryVulnerabilityAlertsConfig(repoName string) string {
return fmt.Sprintf(`
resource "github_repository" "test" {
name = "%s"
description = "Terraform Acceptance Test %s"
auto_init = true
}
resource "github_repository_vulnerability_alerts" "test" {
repository = "${github_repository.test.name}"
}
`, repoName, repoName)
}
47 changes: 47 additions & 0 deletions website/docs/r/repository_vulnerability_alerts.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
layout: "github"
page_title: "GitHub: github_repository_vulnerability_alerts"
description: |-
Provides a resource for vulnerability alerts on Github repositories.
---

# github_repository_vulnerability_alerts

Provides a GitHub repository vulnerability alerts resource.

This resource allows you to enable/disable vulnerability alerts on a repository in your organization.

Check the documentation below for preconditions a repository needs to fulfill for having vulenerability alerts.

Further documentation on GitHub vulnerability alerts can be found here:

- [About automated security updates](https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates#about-automated-security-updates)
- [Enable or disable vulnerability alerts for a repository by API](https://developer.github.com/changes/2019-04-24-vulnerability-alerts/)

## Example Usage

```hcl
# Enable vulenerability alerts on a repository
resource "github_repository" "foo" {
name = "foo"
auto_init = true
}
resource "github_repository_vulnerability_alerts" "foo" {
repository = "${github_repository.foo.name}"
}
```

## Argument Reference

The following arguments are supported:

* `repository` - (Required) The GitHub repository

## Attribute Reference

In addition to the above arguments there no further attributes.

## Import

Importing this resource is currently not supported.
3 changes: 3 additions & 0 deletions website/github.erb
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,9 @@
<li>
<a href="/docs/providers/github/r/repository_project.html">github_repository_project</a>
</li>
<li>
<a href="/docs/providers/github/r/repository_vulnerability_alerts.html">github_repository_vulnerability_alerts</a>
</li>
<li>
<a href="/docs/providers/github/r/repository_webhook.html">github_repository_webhook</a>
</li>
Expand Down

0 comments on commit 0eb729b

Please sign in to comment.