Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Dependabot secrets support (Fixes #1006) #1036

Merged
merged 6 commits into from
May 27, 2022
Merged

Add Dependabot secrets support (Fixes #1006) #1036

merged 6 commits into from
May 27, 2022

Conversation

liath
Copy link
Contributor

@liath liath commented Jan 13, 2022
edited
Loading

This PR allows us to manage Dependabot's secrets. It depends on the go-github version bump here: #1035

I considered just adding a dependabot flag to the existing resources but a dev who worked on the underlying API warned that these methods could diverge from the normal Actions secrets API I felt it was prudent to keep them split. It made implementing very straightforward too, just copy and sed replaced some things.

Leaving as draft for now because I haven't tested it.

Fixes #1006

@liath
Copy link
Contributor Author

liath commented Jan 13, 2022

Link the discussion I was talking about in the middle there: google/go-github#2248 (comment)

@liath liath marked this pull request as ready for review January 14, 2022 01:38
@jcudit jcudit added this to the v4.20.0 milestone Jan 20, 2022
@liath
Copy link
Contributor Author

liath commented Jan 20, 2022

Forgot to rebase to pick up #1035, also there was some minor lint in github/data_source_github_organization_teams_test.go

@kfcampbell
Copy link
Member

I'm 👍 on the general changes. When I try to run the tests, I do so with the following:

export GITHUB_TOKEN={redacted}
export GITHUB_OWNER=kfcampbell-terraform-provider # my test org
export TF_LOG=debug
export TF_ACC=1
go test -v -timeout 300s -run TestAccGithubDependabot github.com/terraform-providers/terraform-provider-github/github

and I'm seeing the following test failures:

=== RUN   TestAccGithubDependabotSecret/deletes_secrets_without_error/with_an_organization_account
    provider_utils.go:62: GITHUB_TOKEN and GITHUB_ORGANIZATION environment variables should be set
    provider_utils.go:66: Skipping TestAccGithubDependabotSecret/deletes_secrets_without_error/with_an_organization_account which requires organization mode
--- FAIL: TestAccGithubDependabotSecret (18.13s)
    --- PASS: TestAccGithubDependabotSecret/reads_a_repository_public_key_without_error (7.69s)
        --- SKIP: TestAccGithubDependabotSecret/reads_a_repository_public_key_without_error/with_an_anonymous_account (0.00s)
        --- PASS: TestAccGithubDependabotSecret/reads_a_repository_public_key_without_error/with_an_individual_account (7.69s)
        --- SKIP: TestAccGithubDependabotSecret/reads_a_repository_public_key_without_error/with_an_organization_account (0.00s)
    --- FAIL: TestAccGithubDependabotSecret/creates_and_updates_secrets_without_error (9.93s)
        --- SKIP: TestAccGithubDependabotSecret/creates_and_updates_secrets_without_error/with_an_anonymous_account (0.00s)
        --- FAIL: TestAccGithubDependabotSecret/creates_and_updates_secrets_without_error/with_an_individual_account (9.93s)
        --- SKIP: TestAccGithubDependabotSecret/creates_and_updates_secrets_without_error/with_an_organization_account (0.00s)
    --- PASS: TestAccGithubDependabotSecret/deletes_secrets_without_error (0.51s)
        --- SKIP: TestAccGithubDependabotSecret/deletes_secrets_without_error/with_an_anonymous_account (0.00s)
        --- PASS: TestAccGithubDependabotSecret/deletes_secrets_without_error/with_an_individual_account (0.51s)
        --- SKIP: TestAccGithubDependabotSecret/deletes_secrets_without_error/with_an_organization_account (0.00s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-github/github	26.005s
FAIL

@liath Can you reproduce this? What happens when you do?

@liath
Copy link
Contributor Author

liath commented Feb 9, 2022

It seems Github's API has changed a little. It now does a regex on "encrpyted_value" to check if it looks reasonably like base64

@liath
Copy link
Contributor Author

liath commented Feb 9, 2022

The actions secrets also fail in the same way*

@liath
Copy link
Contributor Author

liath commented Mar 1, 2022

Well, I tried to clear that merge conflict. Idk why it's still complaining.

@kfcampbell kfcampbell modified the milestones: v4.20.0, v4.21.0, v4.22.0 Mar 3, 2022
@kfcampbell kfcampbell modified the milestones: v4.22.0, v4.23.0 Mar 18, 2022
@ilmax
Copy link
Contributor

ilmax commented Mar 19, 2022

Is there anything we (community) can do to either help with this PR? I'm really looking forward to have dependabot secret available

@liath
Copy link
Contributor Author

liath commented Mar 19, 2022

It seems like Hashicorp runs on upvotes lol, get your team to bomb the 👍 :)

@kfcampbell kfcampbell removed this from the v4.23.0 milestone Mar 25, 2022
@kfcampbell
Copy link
Member

@liath I agree that this is important work. Unfortunately this project is not supported officially by GitHub and I've been doing it in my spare time. I've been trying to change that (and in the meantime have been granted a few hours a week to work on it), so velocity on the project should pick up a little bit. I can't promise any specific dates, but after #1094 goes in, this and #987 are high on my radar.

@kfcampbell kfcampbell added this to the v4.24.0 milestone Mar 25, 2022
@liath
Copy link
Contributor Author

liath commented Mar 25, 2022

I assumed Hashicorp maintained it lol, no rush! I appreciate your effort :)

@kfcampbell kfcampbell modified the milestones: v4.24.0, v4.25.0 Apr 8, 2022
@kfcampbell kfcampbell mentioned this pull request Apr 28, 2022
Closed
@kfcampbell kfcampbell modified the milestones: v4.25.0, v4.26.0 Apr 28, 2022
@thor
Copy link

thor commented May 10, 2022

Noting that this fixes #1006; would you add that to the description? More importantly, do you want to pull from upstream and rebase on main, @liath, or is there anything I could help with to solve the merge conflicts? 🙇

@liath liath changed the title Add Dependabot secrets support Add Dependabot secrets support (Fixes #1006) May 17, 2022
@kfcampbell kfcampbell modified the milestones: v4.25.0, v4.26.0 May 19, 2022
@ohookins
Copy link

@kfcampbell any chance this will actually make the next release? I could really use this!

kfcampbell
kfcampbell approved these changes May 27, 2022
View reviewed changes
Copy link
Member

@kfcampbell kfcampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about the delay, folks. Thank you @liath for submitting this PR and the updates!

@kfcampbell kfcampbell merged commit 62c19f7 into integrations:main May 27, 2022
This was referenced May 27, 2022
Closed
Closed
gnarea added a commit to relaycorp/terraform-github-oss-project that referenced this pull request Jun 1, 2022
@gnarea
feat(android-app-ci): Integrate Dependabot secrets
e83a74f 
Using integrations/terraform-provider-github#1036
@gnarea gnarea mentioned this pull request Jun 1, 2022
Merged
kodiakhq bot pushed a commit to relaycorp/terraform-github-oss-project that referenced this pull request Jun 1, 2022
@gnarea
feat(android-app-ci): Integrate Dependabot secrets (#8)
2e452c9 
Using integrations/terraform-provider-github#1036
This was referenced Jun 1, 2022
Closed
Merged
kfcampbell added a commit to kfcampbell/terraform-provider-github that referenced this pull request Jul 26, 2022
@liath @kfcampbell
Add Dependabot secrets support (Fixes integrations#1006) (integration…
54bff8f 
…s#1036)

* Add dependabot secrets support

* Forgot to tie the new resources into the provider

* Fix error in tests for secrets with encrypted_value that isnt base64

* Make unit tests actually use new resources

* Remove vestiges of google/go-github v42

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
kfcampbell added a commit to kfcampbell/terraform-provider-github that referenced this pull request Jul 27, 2022
@liath @kfcampbell
Add Dependabot secrets support (Fixes integrations#1006) (integration…
bfe96d9 
…s#1036)

* Add dependabot secrets support

* Forgot to tie the new resources into the provider

* Fix error in tests for secrets with encrypted_value that isnt base64

* Make unit tests actually use new resources

* Remove vestiges of google/go-github v42

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
@liath liath deleted the dependabot-secrets branch October 24, 2022 17:28
kazaker pushed a commit to auto1-oss/terraform-provider-github that referenced this pull request Dec 28, 2022
@liath @kfcampbell @kazaker
Add Dependabot secrets support (Fixes integrations#1006) (integration…
aa780b2 
…s#1036)

* Add dependabot secrets support

* Forgot to tie the new resources into the provider

* Fix error in tests for secrets with encrypted_value that isnt base64

* Make unit tests actually use new resources

* Remove vestiges of google/go-github v42

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfcampbell kfcampbell kfcampbell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v4.26.0
Development

Successfully merging this pull request may close these issues.

Add support for Dependabot secrets
6 participants
@liath @kfcampbell @ilmax @thor @ohookins @jcudit