search

integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
905 stars 746 forks source link

[BUG]: Unable to generate template repository after upgrade #2021

Closed muawiakh closed 11 months ago

muawiakh commented 11 months ago

Expected Behavior

We are generating some repositories from our internal template(s) and this worked fine until we upgraded terraform-provider-github i.e.

version = ">= 4.17.0" -> version = ">= 5.40"

For authentication we were using a Github App and generating a token using the following workflow:

      - name: "Generate App Authentication Token for Github"
        uses: actions/create-github-app-token@v1
        id: github-app-token
        with:
          app_id: ${{ secrets.OUR_APP_ID }}
          private_key: ${{ secrets.OUR_PRIVATE_KEY }}
          owner: "orgname"

Actual Behavior

After the upgrade, we are receiving a 404 from the Github API:

Error: POST https://api.github.com/repos/myorg/template-repo/generate: 404 Not Found []

In the Github API documentation , it is missing the Works with GitHub Apps sign as well and also needs a UAT based on the latest documentation: https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28

Based on the release notes, we are unable pinpoint, when the provider started failing using the App Token. We would like to stay up-to-date with the provider version and figure out if this is an issue or if we should use a user-to-server token for template repository creations.

Terraform Version

terraform_version: 1.6.3

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_version = "~> 1.6.0"
  required_providers {
    github = {
      source  = "integrations/github"
      version = ">= 5.40"
    }
  }
}

resource "github_repository" "this" {
  name        = var.name
  description = var.description
  visibility  = var.visibility

  topics = var.topics

  has_issues    = var.has_issues
  has_projects  = var.has_projects
  has_wiki      = var.has_wiki
  has_downloads = var.has_downloads

  is_template = var.is_a_template

  dynamic "template" {
    for_each = var.template != null ? [var.template] : []

    content {
      owner      = template.value.owner
      repository = template.value.repository
    }
  }

  allow_auto_merge   = var.allow_auto_merge
  allow_merge_commit = var.allow_merge_commit
  allow_rebase_merge = var.allow_rebase_merge
  allow_squash_merge = var.allow_squash_merge

  delete_branch_on_merge = true

  auto_init           = true
  allow_update_branch = var.allow_update_branch
}

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Code of Conduct

github-actions[bot] commented 11 months ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

muawiakh commented 11 months ago

Update:

The issue wasn't related to the upgrade, the issue turned out to be internal i.e. in the caller module we were using the following configuration:

provider "github" {
  owner = "orgname"
  token = var.github_app_token
}

But in the callee module we recently introduced a change i.e. adding provider.tf with contents:

provider "github" {
  owner = "orgname"
}

and apparently the callee was picking up the GITHUB_TOKEN from the Github Actions CI(which is available) and that token obviously doesn't have the permissions to create repositories. Fixed it by removing the provider auth from the callee.