[#803] Allow GitHub App PEM data to be passed directly

[jspiro]

This is a generic (but breaking) solution to #803 that supports the current functionality via Terraform's file function to emulate previous behavior (wherein you provide a path to a PEM file).

This is cleaner and simpler than providing more named options for file contents, and the original behavior has only been around for a few days or weeks, so it's a good time to break it (and it's trivial to emulate with file()).

We've tested it with our real workspace in Terraform Cloud. It's also the only way we can use this feature, because that private key cannot be secured any other way and has root access to everything.

[gusnuf]

I like it, definitely not backwards compatible but the feature was only released last Friday.

[jspiro]

Also a reminder we need a maintainer to approve Actions to run.

[jspiro]

And it would be awesome if someone wanted to write docs on how to make the GitHub Application for this. We hacked ours together and got it working, but had to give it perms to everything since we weren't sure what was absolutely needed or not needed–can't say we understand it well enough to document it.

[jspiro]

@jcudit I see this is in the 5.0 milestone–when is that targeted to land?

Might this not be better to merge in v4.11.0 before too many people use the existing method of PEM, since it is not backwards-compatible, and the old method has only been out two weeks? The changes are very simple and more general than the original approach, while still supporting the original approach trivially.

[jcudit]

Agreed, lets run with v4.11.0 and hope that friction is minimal when releasing breaking changes in a minor version 🤞🏾

[jspiro]

Cool, thanks for everyone's eyes and understanding! We're very much looking forward to using this too :-)

As this is my first contribution, I'm assuming you'll handle the merge when you're ready! 🖖🏻

[jodok]

can someone point me to the documentation on how to set the environment variable for GITHUB_APP_PEM_FILE in terraform cloud? i've tried without newlines, quoted, without the begin and end line,... but always receive an │ Error: No decodeable PEM data found error.

[jspiro]

can someone point me to the documentation on how to set the environment variable for GITHUB_APP_PEM_FILE in terraform cloud? i've tried without newlines, quoted, without the begin and end line,... but always receive an │ Error: No decodeable PEM data found error.

It looks like someone removed my documentation for this: https://github.com/integrations/terraform-provider-github/pull/804/files#diff-4839085b71de83d7294472f5f8fa6652faf4b0b24df211c8eaf945ac96933aa5R109

As for setting it, what have you tried? Can you try it with a variable first as above?

[shrink]

@jspiro are you using a Terraform Variable in Terraform Cloud, or an Environment Variable? As far as I can tell, it's impossible to use GITHUB_APP_PEM_FILE with Terraform Cloud at the moment, so I think you're actually using a Terraform Variable (i.e: pem_file = var...) -- can you confirm?

@jodok I've had the same issue and as far as I know there's no userland workaround, but I've created a PR for what I think will fix it: #931

[jspiro]

@shrink We use a variable, just as you describe, in Terraform Cloud.

[hargut]

can someone point me to the documentation on how to set the environment variable for GITHUB_APP_PEM_FILE in terraform cloud? i've tried without newlines, quoted, without the begin and end line,... but always receive an │ Error: No decodeable PEM data found error.

Have seen the same problem, needed to use \\n within the GITHUB_APP_PEM_FILE environment instead of \n to get it working.