[BUG]: github_repository's archive_on_destroy attempts to modify code scanning settings causing HTTP 422 w/ GHAS

[chris-pinola-rf]

Expected Behavior

1. Generate a Terraform plan to destroy a github_repository resource with the archive_on_destory flag set to true in an org with a GitHub Advanced Security policy requiring code scanning to be enabled on all repos.
2. Apply the plan. terraform plan does not fail.
3. The repository is archived.

Actual Behavior

terraform plan fails with:

Error: PATCH https://api.github.com/repos/MY_ORG/MY_REPO: 422 An enforced security configuration prevented modifying secret scanning enablement. Contact your organization owner for details.

Terraform Version

Terraform v1.11.4
on darwin_arm64
+ provider registry.terraform.io/integrations/github v6.6.0

Affected Resource(s)

• github_repository

Terraform Configuration Files

Steps to Reproduce

1. Generate a Terraform plan to destroy a github_repository resource with the archive_on_destory flag set to true in an org with a GitHub Advanced Security policy requiring code scanning to be enabled on all repos.
2. Apply the plan. terraform plan fails with:

Error: PATCH https://api.github.com/repos/MY_ORG/MY_REPO: 422 An enforced security configuration prevented modifying secret scanning enablement. Contact your organization owner for details.

Debug Output

Panic Output

Code of Conduct

• I agree to follow this project's Code of Conduct

[chris-pinola-rf]

Curiously I was just able to successfully archive some repos using the same version of the provider (v6.6.0) that originally resulted in this issue. Perhaps this was fixed on the API? 🤔