Update from upstream v5.18.0

.github/ISSUE_TEMPLATE/documentation.yml

@@ -43,7 +43,7 @@ body:
     id: terms
     attributes:
       label: Code of Conduct
-      description: By submitting this issue, you agree to follow our [Code of Conduct](CODE_OF_CONDUCT.md)
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/integrations/terraform-provider-github/blob/main/CODE_OF_CONDUCT.md)
       options:
         - label: I agree to follow this project's Code of Conduct
           required: true

.github/ISSUE_TEMPLATE/feature.yml

@@ -43,7 +43,7 @@ body:
     id: terms
     attributes:
       label: Code of Conduct
-      description: By submitting this issue, you agree to follow our [Code of Conduct](CODE_OF_CONDUCT.md)
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/integrations/terraform-provider-github/blob/main/CODE_OF_CONDUCT.md)
       options:
         - label: I agree to follow this project's Code of Conduct
           required: true

.github/ISSUE_TEMPLATE/maintenance.yml

@@ -43,7 +43,7 @@ body:
     id: terms
     attributes:
       label: Code of Conduct
-      description: By submitting this issue, you agree to follow our [Code of Conduct](CODE_OF_CONDUCT.md)
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/integrations/terraform-provider-github/blob/main/CODE_OF_CONDUCT.md)
       options:
         - label: I agree to follow this project's Code of Conduct
           required: true

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.19'
+          go-version: '1.20'
       - run: make tools
       - run: make lint
       - run: make website-lint

.github/workflows/codeql.yml

@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '16 7 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/stale.yml

@@ -8,7 +8,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v6
+      - uses: actions/stale@v7
         with:
           stale-issue-message: >
             👋 Hey Friends, this issue has been automatically marked as `stale` because it has no recent activity.

.golangci.yml

@@ -9,17 +9,14 @@ issues:
 linters:
   disable-all: true
   enable:
-    - deadcode
     - errcheck
     - gofmt
     - gosimple
     - ineffassign
     - misspell
     - staticcheck
-    - structcheck
     - unconvert
     - unused
-    - varcheck
     - vet
 
 linters-settings:

CHANGELOG.md

@@ -532,7 +532,7 @@ BUG FIXES:
 
 BUG FIXES:
 
-* resource/github_branch_protection: Prevent enabling `dismissal_restrictions` in Github console if `dismissal_users` and `dismissal_teams` are not set ([#453](https://github.com/integrations/terraform-provider-github/issues/453))
+* resource/github_branch_protection: Prevent enabling `dismissal_restrictions` in GitHub console if `dismissal_users` and `dismissal_teams` are not set ([#453](https://github.com/integrations/terraform-provider-github/issues/453))
 * resource/github_repository_collaborator: Allow modifying permissions from `maintain` and `triage`  ([#457](https://github.com/integrations/terraform-provider-github/issues/457))
 * Documentation Fix for `github_actions_public_key` data-source ([#458](https://github.com/integrations/terraform-provider-github/issues/458))
 * Documentation Fix for `github_branch_protection` resource ([#410](https://github.com/integrations/terraform-provider-github/issues/410))

CONTRIBUTING.md

@@ -34,7 +34,7 @@ Once you have the repository cloned, there's a couple of additional steps you'll
 
 - If you haven't already, [create a GitHub organization you can use for testing](#github-organization).
   - Optional: some may find it beneficial to create a test user as well in order to avoid potential rate-limiting issues on your main account.
-  - Your organization _must_ have a repository called `terraform-module-template`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
+  - Your organization _must_ have a repository called `terraform-template-module`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
     - You _must_ make sure that the "Template Repository" item in Settings is checked for this repo.
 - If you haven't already, [generate a Personal Access Token (PAT) for authenticating your test runs](#github-personal-access-token).
 - Export the necessary configuration for authenticating your provider with GitHub
@@ -218,9 +218,9 @@ Once the token has been created, it must be exported in your environment as `GIT
 
 If you do not have an organization already that you are comfortable running tests against, you will need to [create one](https://help.github.com/en/articles/creating-a-new-organization-from-scratch). The free "Team for Open Source" org type is fine for these tests. The name of the organization must then be exported in your environment as `GITHUB_ORGANIZATION`.
 
-Make sure that your organization has a `terraform-module-template` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
+Make sure that your organization has a `terraform-template-module` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
 
-If you are interested in using and/or testing Github's [Team synchronization](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/synchronizing-teams-between-your-identity-provider-and-github) feature, please contact a maintainer as special arrangements can be made for your convenience.
+If you are interested in using and/or testing GitHub's [Team synchronization](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/synchronizing-teams-between-your-identity-provider-and-github) feature, please contact a maintainer as special arrangements can be made for your convenience.
 
 ## Resources
 

GNUmakefile

@@ -6,8 +6,8 @@ PKG_NAME=github
 default: build
 
 tools:
-	go install github.com/client9/misspell/cmd/misspell
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.48.0
+	go install github.com/client9/misspell/cmd/misspell@v0.3.4
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.1
 
 build: fmtcheck
 	go build ./...

examples/repository_security_and_analysis/README.md

@@ -0,0 +1,18 @@
+# Repository Visibility Example
+
+This demos setting `security_and_analysis` for a repository. See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository for details on what these settings do.
+
+This example will create a repositories in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly.
+
+Alternatively, you may use variables passed via command line:
+
+```console
+export GITHUB_OWNER=
+export GITHUB_TOKEN=
+```
+
+```console
+terraform apply \
+  -var "owner=${GITHUB_OWNER}" \
+  -var "github_token=${GITHUB_TOKEN}"
+```

examples/repository_security_and_analysis/main.tf

@@ -0,0 +1,19 @@
+resource "github_repository" "terraformed" {
+  name        = "terraformed"
+  description = "A repository created by terraform"
+  visibility  = "public"
+
+  security_and_analysis {
+    # Cannot set advanced_security for public repositories as it is always on by default.
+    # advanced_security {
+    #   status = "enabled"
+    # }
+    secret_scanning {
+      status = "enabled"
+    }
+    secret_scanning_push_protection {
+      status = "enabled"
+    }
+  }
+}
+

examples/repository_security_and_analysis/outputs.tf

@@ -0,0 +1,4 @@
+output "repository" {
+  description = "Example repository JSON blob"
+  value       = github_repository.terraformed
+}

examples/repository_security_and_analysis/providers.tf

@@ -0,0 +1,12 @@
+provider "github" {
+  owner = var.owner
+  token = var.github_token
+}
+
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+    }
+  }
+}

examples/repository_security_and_analysis/variables.tf

@@ -0,0 +1,9 @@
+variable "owner" {
+  description = "GitHub owner used to configure the provider"
+  type        = string
+}
+
+variable "github_token" {
+  description = "GitHub access token used to configure the provider"
+  type        = string
+}

github/config.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/go-github/v48/github"
+	"github.com/google/go-github/v50/github"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/logging"
 	"github.com/shurcooL/githubv4"
 	"golang.org/x/oauth2"
@@ -37,7 +37,7 @@ func RateLimitedHTTPClient(client *http.Client, writeDelay time.Duration, readDe
 
 	client.Transport = NewEtagTransport(client.Transport)
 	client.Transport = NewRateLimitTransport(client.Transport, WithWriteDelay(writeDelay), WithReadDelay(readDelay))
-	client.Transport = logging.NewTransport("Github", client.Transport)
+	client.Transport = logging.NewTransport("GitHub", client.Transport)
 	client.Transport = newPreviewHeaderInjectorTransport(map[string]string{
 		// TODO: remove when Stone Crop preview is moved to general availability in the GraphQL API
 		"Accept": "application/vnd.github.stone-crop-preview+json",

github/data_source_github_actions_organization_oidc_subject_claim_customization_template.go

@@ -0,0 +1,44 @@
+package github
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateRead,
+
+		Schema: map[string]*schema.Schema{
+			"include_claim_keys": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateRead(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*Owner).v3client
+	orgName := meta.(*Owner).name
+	ctx := meta.(*Owner).StopContext
+
+	err := checkOrganization(meta)
+	if err != nil {
+		return err
+	}
+
+	template, _, err := client.Actions.GetOrgOIDCSubjectClaimCustomTemplate(ctx, orgName)
+
+	if err != nil {
+		return err
+	}
+
+	d.SetId(orgName)
+	d.Set("include_claim_keys", template.IncludeClaimKeys)
+
+	return nil
+}

github/data_source_github_actions_organization_oidc_subject_claim_customization_template_test.go

@@ -0,0 +1,60 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplateDataSource(t *testing.T) {
+
+	t.Run("get an organization oidc subject claim customization template without error", func(t *testing.T) {
+
+		config := `
+			resource "github_actions_organization_oidc_subject_claim_customization_template" "test" {
+				include_claim_keys = ["actor", "actor_id", "head_ref", "repository"]
+			}
+		`
+
+		config2 := config + `
+			data "github_actions_organization_oidc_subject_claim_customization_template" "test" {}
+		`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.#", "4"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.0", "actor"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.1", "actor_id"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.2", "head_ref"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_oidc_subject_claim_customization_template.test", "include_claim_keys.3", "repository"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config2,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			t.Skip("individual account not supported for this operation")
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}

github/data_source_github_actions_organization_secrets.go

@@ -3,7 +3,7 @@ package github
 import (
 	"context"
 
-	"github.com/google/go-github/v48/github"
+	"github.com/google/go-github/v50/github"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
@@ -60,6 +60,7 @@ func dataSourceGithubActionsOrganizationSecretsRead(d *schema.ResourceData, meta
 				"name":       secret.Name,
 				"created_at": secret.CreatedAt.String(),
 				"updated_at": secret.UpdatedAt.String(),
+				"visibility": secret.Visibility,
 			}
 			all_secrets = append(all_secrets, new_secret)
 

github/data_source_github_actions_organization_secrets_test.go

@@ -18,7 +18,7 @@ func TestAccGithubActionsOrganizationSecretsDataSource(t *testing.T) {
 			resource "github_actions_organization_secret" "test" {
 				secret_name 		= "org_secret_1_%s"
 				plaintext_value = "foo"
-				visibility      = "private"
+				visibility      = "all" # going with all as it does not require a paid subscrption
 			}
 	`, randomID)
 
@@ -30,7 +30,7 @@ func TestAccGithubActionsOrganizationSecretsDataSource(t *testing.T) {
 		check := resource.ComposeTestCheckFunc(
 			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.#", "1"),
 			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.0.name", strings.ToUpper(fmt.Sprintf("ORG_SECRET_1_%s", randomID))),
-			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.0.visibility", "private"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.0.visibility", "all"),
 			resource.TestCheckResourceAttrSet("data.github_actions_organization_secrets.test", "secrets.0.created_at"),
 			resource.TestCheckResourceAttrSet("data.github_actions_organization_secrets.test", "secrets.0.updated_at"),
 		)