Branch protection for a branch that does not yet exist or regex pattern

[paulness]

Terraform Version

0.11.8

Affected Resource(s)

• github_branch_protection

Issue

Using the Github UI I can create branch protection rules for release/* and develop even if neither exist. Using the Github terraform provider this is not possible.

Expected

Using the terraform provider I should be able to create branch protection regardless on whether the branch exists or not.

[majormoses]

This was a new change, not sure if the api has been updated, I would check but

Assuming they have exposed said branch protections being created in the new manner it would need to be added in https://github.com/google/go-github and then consumed here. I'll try to remember to open an issue later when their docs are back online.

[paulness]

@majormoses
It's a limitation of the v3 rest API. Which is what the github terraform provider is using. I wrote a python script for the v4 GraphQL API that does what I need for now.

[majormoses]

I think this should be kept open so that once its available via the upstream library we can implement it here.

[evagonz]

@paulness how is your script working out? Would you be willing/able to share it? I'm running into the same situation (not able to set release-* protections).

[erezinchy]

Hi,
Any update on this?

[zlepper]

According to some feedback from GitHub's developer support, this has to be done through the v4 api.

@majormoses I'm not sure if you are the correct person to ask about this, but here goes: Is there any chance we can use the V4 library in this project? Then we I would be willing to take a go at implementing this. I seems google/go-github will only implement things from the v3 api.

[majormoses]

I can't really say I have not really used the v4 api but its VERY different and would require an entire rip out and replace every resource with the appropriate changes which would be no small task. Short of someone being incredibly motivated or hashicorp sponsoring the changes I dont see it any time soon. The "currently recommended" library would be https://github.com/shurcooL/githubv4

[kpfleming]

I suspect we could use both client libraries in the provider at once; they shouldn't interfere with each other. Each resource implementation could use one or the other (or possibly both).

[majormoses]

It's very possible they can run side by side but investigation is needed before we can jump to that conclusion. We need to be careful of namespace conflicts, auth, etc. For example I see that the v3 api supports basic auth and oauth where v4 only supports oauth. I can't recall if we allow basic auth in our implementation but it's one of the things that needs investigation before assuming its 100% capable of running side by side.

[kpfleming]

The provider supports unauthenticated connections and OAuth2 token authenticated connections, but not basic auth connections.

[patrickmarabeas]

I've written a GraphQL replacement for branch_protection resource. I'll get started on opening some PRs.

[patrickmarabeas]

Uplifted v4 branch_protection resource: https://github.com/terraform-providers/terraform-provider-github/pull/337

[jbornemann]

Any update on this? This would be great to have

[patrickmarabeas]

@jbornemann discussion in #83 as to how we move forward with GraphQL.

If you want something immediate, given it doesn't matter if the branch protection resource is recreated, you can always build and use the v4 provider I made: https://github.com/patrickmarabeas/terraform-provider-github-v4

provider "github" {
  organization = "myorg"
  ...
}

provider "github-v4" {
  organization = "myorg"
  ...
}

resource "github_branch_protection" "master" {
  provider = github-v4 # defaults to github
  ...
}

It does require using object_id's for teams / users, though, so you'll need to use the data sources provided in that provider to return them. Depending on your use, it could be a ton more API calls.