diff --git a/.travis.yml b/.travis.yml index 1aff8f5e6a..c64c2b4961 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,10 +8,8 @@ go: env: - GOFLAGS=-mod=vendor - -branches: - only: - - master + - LINUX_BINARY_PATH=${GOPATH}/bin/terraform-provider-github + - DARWIN_BINARY_PATH=${GOPATH}/bin/darwin_amd64/terraform-provider-github install: # This script is used by the Travis build to install a cookie for @@ -34,3 +32,26 @@ matrix: script: make website-lint - name: "make website-test" script: make website-test + +before_deploy: + - GIT_TAG=$(git describe --tags) + - GOOS=linux GOARCH=amd64 make build + - mv ${LINUX_BINARY_PATH} ${LINUX_BINARY_PATH}_${GIT_TAG} + - zip -j ${LINUX_BINARY_PATH}_${GIT_TAG}_linux_amd64.zip ${LINUX_BINARY_PATH}_${GIT_TAG} + - GOOS=darwin GOARCH=amd64 make build + - mv ${DARWIN_BINARY_PATH} ${DARWIN_BINARY_PATH}_${GIT_TAG} + - zip -j ${DARWIN_BINARY_PATH}_${GIT_TAG}_darwin_amd64.zip ${DARWIN_BINARY_PATH}_${GIT_TAG} + +# Deploy only when a tag is created and pushed to the master branch. +deploy: + provider: releases + api_key: ${GITHUB_API_KEY} + file: + - ${LINUX_BINARY_PATH}_${GIT_TAG}_linux_amd64.zip + - ${DARWIN_BINARY_PATH}_${GIT_TAG}_darwin_amd64.zip + skip_cleanup: true + file_glob: true + on: + branch: master + tags: true + condition: ${GIT_TAG} =~ ^v[0-9]+\.[0-9]+\.[0-9]$ AND ${JOB_NAME} = "make test" diff --git a/github/provider.go b/github/provider.go index 6ba1ccb7c9..04127849da 100644 --- a/github/provider.go +++ b/github/provider.go @@ -46,26 +46,27 @@ func Provider() terraform.ResourceProvider { }, ResourcesMap: map[string]*schema.Resource{ - "github_actions_secret": resourceGithubActionsSecret(), - "github_branch_protection": resourceGithubBranchProtection(), - "github_issue_label": resourceGithubIssueLabel(), - "github_membership": resourceGithubMembership(), - "github_organization_block": resourceOrganizationBlock(), - "github_organization_project": resourceGithubOrganizationProject(), - "github_organization_webhook": resourceGithubOrganizationWebhook(), - "github_project_column": resourceGithubProjectColumn(), - "github_repository_collaborator": resourceGithubRepositoryCollaborator(), - "github_repository_deploy_key": resourceGithubRepositoryDeployKey(), - "github_repository_file": resourceGithubRepositoryFile(), - "github_repository_project": resourceGithubRepositoryProject(), - "github_repository_webhook": resourceGithubRepositoryWebhook(), - "github_repository": resourceGithubRepository(), - "github_team_membership": resourceGithubTeamMembership(), - "github_team_repository": resourceGithubTeamRepository(), - "github_team": resourceGithubTeam(), - "github_user_gpg_key": resourceGithubUserGpgKey(), - "github_user_invitation_accepter": resourceGithubUserInvitationAccepter(), - "github_user_ssh_key": resourceGithubUserSshKey(), + "github_actions_secret": resourceGithubActionsSecret(), + "github_branch_protection": resourceGithubBranchProtection(), + "github_issue_label": resourceGithubIssueLabel(), + "github_membership": resourceGithubMembership(), + "github_organization_block": resourceOrganizationBlock(), + "github_organization_project": resourceGithubOrganizationProject(), + "github_organization_webhook": resourceGithubOrganizationWebhook(), + "github_project_column": resourceGithubProjectColumn(), + "github_repository_collaborator": resourceGithubRepositoryCollaborator(), + "github_repository_deploy_key": resourceGithubRepositoryDeployKey(), + "github_repository_file": resourceGithubRepositoryFile(), + "github_repository_project": resourceGithubRepositoryProject(), + "github_repository_vulnerability_alerts": resourceGithubRepositoryVulnerabilityAlerts(), + "github_repository_webhook": resourceGithubRepositoryWebhook(), + "github_repository": resourceGithubRepository(), + "github_team_membership": resourceGithubTeamMembership(), + "github_team_repository": resourceGithubTeamRepository(), + "github_team": resourceGithubTeam(), + "github_user_gpg_key": resourceGithubUserGpgKey(), + "github_user_invitation_accepter": resourceGithubUserInvitationAccepter(), + "github_user_ssh_key": resourceGithubUserSshKey(), }, DataSourcesMap: map[string]*schema.Resource{ diff --git a/github/resource_github_repository_vulnerability_alerts.go b/github/resource_github_repository_vulnerability_alerts.go new file mode 100644 index 0000000000..d5a2496bf9 --- /dev/null +++ b/github/resource_github_repository_vulnerability_alerts.go @@ -0,0 +1,95 @@ +package github + +import ( + "context" + "fmt" + "log" + + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceGithubRepositoryVulnerabilityAlerts() *schema.Resource { + return &schema.Resource{ + Create: resourceGithubRepositoryVulnerabilityAlertsCreate, + Read: resourceGithubRepositoryVulnerabilityAlertsRead, + Delete: resourceGithubRepositoryVulnerabilityAlertsDelete, + + Schema: map[string]*schema.Schema{ + "repository": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceGithubRepositoryVulnerabilityAlertsCreate(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Organization).client + + orgName := meta.(*Organization).name + repoName := d.Get("repository").(string) + + log.Printf("[DEBUG] Creating repository vulnerability alerts: %s/%s", orgName, repoName) + ctx := context.WithValue(context.Background(), ctxId, d.Id()) + _, err = client.Repositories.EnableVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return err + } + + d.SetId(repoName) + + return resourceGithubRepositoryVulnerabilityAlertsRead(d, meta) +} + +func resourceGithubRepositoryVulnerabilityAlertsRead(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Organization).client + + repoName := d.Id() + if err != nil { + return err + } + orgName := meta.(*Organization).name + + log.Printf("[DEBUG] Reading repository vulnerability alerts: %s/%s", orgName, repoName) + ctx := context.WithValue(context.Background(), ctxId, d.Id()) + enabled, _, err := client.Repositories.GetVulnerabilityAlerts(ctx, orgName, repoName) + if err != nil { + return fmt.Errorf("Error reading repository vulnerability alerts: %v", err) + } + if !enabled { + d.SetId("") + } + + return nil +} + +func resourceGithubRepositoryVulnerabilityAlertsDelete(d *schema.ResourceData, meta interface{}) error { + err := checkOrganization(meta) + if err != nil { + return err + } + + client := meta.(*Organization).client + repoName := d.Id() + if err != nil { + return err + } + + orgName := meta.(*Organization).name + ctx := context.WithValue(context.Background(), ctxId, d.Id()) + log.Printf("[DEBUG] Deleting repository vulnerability alerts%s/%s", orgName, repoName) + _, err = client.Repositories.DisableVulnerabilityAlerts(ctx, orgName, repoName) + + return err +} diff --git a/github/resource_github_repository_vulnerability_alerts_test.go b/github/resource_github_repository_vulnerability_alerts_test.go new file mode 100644 index 0000000000..08d845b040 --- /dev/null +++ b/github/resource_github_repository_vulnerability_alerts_test.go @@ -0,0 +1,94 @@ +package github + +import ( + "context" + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccGithubRepositoryVulnerabilityAlerts_basic(t *testing.T) { + rn := "github_repository_vulnerability_alerts.test" + rString := acctest.RandString(5) + repoName := fmt.Sprintf("tf-acc-test-repository-vulnerability-alerts-%s", rString) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccGithubRepositoryVulnerabilityAlertsDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGithubRepositoryVulnerabilityAlertsConfig(repoName), + Check: resource.ComposeTestCheckFunc( + testAccCheckGithubRepositoryVulnerabilityAlertsExists(rn, repoName), + resource.TestCheckResourceAttr(rn, "repository", repoName), + ), + }, + }, + }) +} + +func testAccCheckGithubRepositoryVulnerabilityAlertsExists(n, id string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not Found: %s", n) + } + + if rs.Primary.ID != id { + return fmt.Errorf("Expected ID to be %v, got %v", id, rs.Primary.ID) + } + + conn := testAccProvider.Meta().(*Organization).client + o := testAccProvider.Meta().(*Organization).name + + enabled, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), o, id) + if err != nil { + return err + } + + if !enabled { + return fmt.Errorf("Expected vulnerability alerts to be enabled on %v", id) + } + + return nil + } +} + +func testAccGithubRepositoryVulnerabilityAlertsDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*Organization).client + + for _, rs := range s.RootModule().Resources { + if rs.Type != "github_repository_vulnerability_alerts" { + continue + } + + o := testAccProvider.Meta().(*Organization).name + enabled, _, err := conn.Repositories.GetVulnerabilityAlerts(context.TODO(), o, rs.Primary.ID) + + if err == nil { + if enabled { + return fmt.Errorf("Repositor vulnerability alerts still exist") + } + } + return nil + } + return nil +} + +func testAccGithubRepositoryVulnerabilityAlertsConfig(repoName string) string { + return fmt.Sprintf(` +resource "github_repository" "test" { + name = "%s" + description = "Terraform Acceptance Test %s" + auto_init = true +} + +resource "github_repository_vulnerability_alerts" "test" { + repository = "${github_repository.test.name}" +} +`, repoName, repoName) +} diff --git a/website/docs/r/repository_vulnerability_alerts.html.markdown b/website/docs/r/repository_vulnerability_alerts.html.markdown new file mode 100644 index 0000000000..bcf59bbcc6 --- /dev/null +++ b/website/docs/r/repository_vulnerability_alerts.html.markdown @@ -0,0 +1,47 @@ +--- +layout: "github" +page_title: "GitHub: github_repository_vulnerability_alerts" +description: |- + Provides a resource for vulnerability alerts on Github repositories. +--- + +# github_repository_vulnerability_alerts + +Provides a GitHub repository vulnerability alerts resource. + +This resource allows you to enable/disable vulnerability alerts on a repository in your organization. + +Check the documentation below for preconditions a repository needs to fulfill for having vulenerability alerts. + +Further documentation on GitHub vulnerability alerts can be found here: + +- [About automated security updates](https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates#about-automated-security-updates) +- [Enable or disable vulnerability alerts for a repository by API](https://developer.github.com/changes/2019-04-24-vulnerability-alerts/) + +## Example Usage + +```hcl +# Enable vulenerability alerts on a repository +resource "github_repository" "foo" { + name = "foo" + auto_init = true +} + +resource "github_repository_vulnerability_alerts" "foo" { + repository = "${github_repository.foo.name}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `repository` - (Required) The GitHub repository + +## Attribute Reference + +In addition to the above arguments there no further attributes. + +## Import + +Importing this resource is currently not supported. diff --git a/website/github.erb b/website/github.erb index f111c75717..d6ba037e7c 100644 --- a/website/github.erb +++ b/website/github.erb @@ -85,6 +85,9 @@
  • github_repository_project
  • +
  • + github_repository_vulnerability_alerts +
  • github_repository_webhook