Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# github_branch_protection.pro will be updated in-place
~ resource "github_branch_protection" "protection" {
id = "BPR_efgh5678abcd1234"
# (10 unchanged attributes hidden)
~ required_pull_request_reviews {
~ pull_request_bypassers = [
+ "A_abcd1234efgh5678",
]
# (5 unchanged attributes hidden)
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Expected Behavior
GitHub App that has already been approved as bypasser should not trigger required change
Actual Behavior
Change to BPR is required every time terraform plan/apply runs even if no other changes.
Steps to Reproduce
Apply and then apply again.
terraform apply
terraform apply
Quick investigation
I looked around the source code and found a likely missing piece of logic in ./github/util_v4_branch_protection.go function setBypassPullRequestActorIDs, as well as a missing field in struct BypassPullRequestActorTypes.
I then followed the contribution guide which have a good explanation for how to use dev_overrides in terraform (first time trying this feature), made a change, built locally, and it fixed the problem for me.
I did not test any other behaviour or look around if this change had any consequences elsewhere.
Before
type BypassPullRequestActorTypes struct {
Actor struct {
Team Actor `graphql:"... on Team"`
User ActorUser `graphql:"... on User"`
}
}
if (a.Actor.Team.ID != nil && a.Actor.Team.ID.(string) == v) || (a.Actor.User.ID != nil && a.Actor.User.ID.(string) == v) {
}
After
type BypassPullRequestActorTypes struct {
Actor struct {
App Actor `graphql:"... on App"`
Team Actor `graphql:"... on Team"`
User ActorUser `graphql:"... on User"`
}
}
if (a.Actor.Team.ID != nil && a.Actor.Team.ID.(string) == v) || (a.Actor.User.ID != nil && a.Actor.User.ID.(string) == v) || (a.Actor.App.ID != nil && a.Actor.App.ID.(string) == v) {
}
Terraform Version
v1.3.1
Provider Version
v5.8.0
Affected Resource(s)
github_branch_protection
Terraform Configuration Files
Debug Output
Expected Behavior
GitHub App that has already been approved as bypasser should not trigger required change
Actual Behavior
Change to BPR is required every time terraform plan/apply runs even if no other changes.
Steps to Reproduce
Apply and then apply again.
terraform apply
terraform apply
Quick investigation
I looked around the source code and found a likely missing piece of logic in
./github/util_v4_branch_protection.go
functionsetBypassPullRequestActorIDs
, as well as a missing field in structBypassPullRequestActorTypes
.I then followed the contribution guide which have a good explanation for how to use dev_overrides in terraform (first time trying this feature), made a change, built locally, and it fixed the problem for me.
I did not test any other behaviour or look around if this change had any consequences elsewhere.
Before
After