-
Notifications
You must be signed in to change notification settings - Fork 733
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Dependabot secrets support (Fixes #1006) #1036
Conversation
Link the discussion I was talking about in the middle there: google/go-github#2248 (comment) |
cda7fba
to
ee979bb
Compare
Forgot to rebase to pick up #1035, also there was some minor lint in |
I'm 👍 on the general changes. When I try to run the tests, I do so with the following:
and I'm seeing the following test failures:
@liath Can you reproduce this? What happens when you do? |
It seems Github's API has changed a little. It now does a regex on "encrpyted_value" to check if it looks reasonably like base64 |
The actions secrets also fail in the same way* |
Well, I tried to clear that merge conflict. Idk why it's still complaining. |
Is there anything we (community) can do to either help with this PR? I'm really looking forward to have dependabot secret available |
It seems like Hashicorp runs on upvotes lol, get your team to bomb the 👍 :) |
@liath I agree that this is important work. Unfortunately this project is not supported officially by GitHub and I've been doing it in my spare time. I've been trying to change that (and in the meantime have been granted a few hours a week to work on it), so velocity on the project should pick up a little bit. I can't promise any specific dates, but after #1094 goes in, this and #987 are high on my radar. |
I assumed Hashicorp maintained it lol, no rush! I appreciate your effort :) |
09534d1
to
2bbecec
Compare
@kfcampbell any chance this will actually make the next release? I could really use this! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about the delay, folks. Thank you @liath for submitting this PR and the updates!
…s#1036) * Add dependabot secrets support * Forgot to tie the new resources into the provider * Fix error in tests for secrets with encrypted_value that isnt base64 * Make unit tests actually use new resources * Remove vestiges of google/go-github v42 Co-authored-by: Keegan Campbell <me@kfcampbell.com>
…s#1036) * Add dependabot secrets support * Forgot to tie the new resources into the provider * Fix error in tests for secrets with encrypted_value that isnt base64 * Make unit tests actually use new resources * Remove vestiges of google/go-github v42 Co-authored-by: Keegan Campbell <me@kfcampbell.com>
…s#1036) * Add dependabot secrets support * Forgot to tie the new resources into the provider * Fix error in tests for secrets with encrypted_value that isnt base64 * Make unit tests actually use new resources * Remove vestiges of google/go-github v42 Co-authored-by: Keegan Campbell <me@kfcampbell.com>
This PR allows us to manage Dependabot's secrets. It depends on the go-github version bump here: #1035
I considered just adding a
dependabot
flag to the existing resources but a dev who worked on the underlying API warned that these methods could diverge from the normal Actions secrets API I felt it was prudent to keep them split. It made implementing very straightforward too, just copy and sed replaced some things.Leaving as draft for now because I haven't tested it.
Fixes #1006