我正在使用 Terraform 创建千篇一律的 GitHub 存储库:
# Create the GitHub repository, itself
resource "github_repository" "this" {
# The default configuration of the repository
name = var.name
description = var.description
topics = var.topics
visibility = var.visibility
has_issues = false
has_discussions = false
has_projects = false
has_wiki = false
auto_init = true
# Setup the merge settings for the repository
allow_merge_commit = true
allow_squash_merge = true
allow_rebase_merge = true
allow_auto_merge = false
delete_branch_on_merge = true
# Turn on vulnerability alerts for the repository
web_commit_signoff_required = true
vulnerability_alerts = true
}
# Declare the variables that should be associated with this repository
resource "github_actions_variable" "this" {
for_each = var.variables
repository = github_repository.this.name
variable_name = each.key
value = each.value
}
# Declare the action permissions for this repository
resource "github_actions_repository_permissions" "this" {
repository = github_repository.this.name
enabled = true
allowed_actions = "all"
}
# Create a GitHub branch called main
resource "github_branch" "main" {
repository = github_repository.this.name
branch = "main"
}
# Set the main branch to this repository's default branch
resource "github_branch_default" "default" {
repository = github_repository.this.name
branch = github_branch.main.branch
}
# Setup a branch protection rule on the repo to ensure that the main branch is protected
resource "github_branch_protection" "main" {
repository_id = github_repository.this.node_id
# Setup the base requirements for the branch protection rule
pattern = "main"
enforce_admins = false
require_signed_commits = true
required_linear_history = false
allows_deletions = false
allows_force_pushes = false
require_conversation_resolution = true
# Ensure that status checks are required
required_status_checks {
strict = true
}
# Ensure that pull request reviews are required, but that admins can still bypass
required_pull_request_reviews {
restrict_dismissals = true
require_code_owner_reviews = true
require_last_push_approval = true
required_approving_review_count = 2
pull_request_bypassers = [local.admins_team]
}
# Ensure that pushes are restricted to admins
restrict_pushes {
blocks_creations = true
push_allowances = [local.admins_team]
}
# Ensure that force-pushes are restricted to admins
force_push_bypassers = [local.admins_team]
}
计划成功,但应用失败,并出现以下错误:
错误:PATCH https://api.github.com/repos/{my-org}/{repo-name}:422 提交签核由组织强制执行,无法禁用 []
我理解此错误的含义,因为我确实已在组织级别将此设置设置为 true。然而,当查看计划时,我可以看到
web_commit_signoff_requiredintegrations/terraform-provider-githubterraform-provider-github用修补
resource_github_repository.go#resourceGithubRepositoryUpdate()
// There's a bug in the GitHub 2022-11-28 version, that throws a 422 error // whenever the `web_commit_signoff_required` is set to true, even when it // is already true. if !d.HasChange("web_commit_signoff_required") && d.Get("web_commit_signoff_required").(bool) { // remove the field from the request repoReq.WebCommitSignoffRequired = nil }
StatusUnprocessableEntitygoogle/go-githubStatusUnprocessableEntityWebCommitSignoffRequiredweb_commit_signoff_requiredWebCommitSignoffRequiredgo-github v47.1.0中通过commit 642c343 引入的。