[BUG]: `github_repository`'s `security_and_analysis` is Broken for Public Repositories

[afrazkhan]

Expected Behavior

Setting

      security_and_analysis {
          advanced_security {
              status = "enabled"
            }
          secret_scanning {
              status = "enabled"
            }
          secret_scanning_push_protection {
              status = "enabled"
            }
        }

on public repositories works.

Actual Behavior

Error message: Error: PATCH https://api.github.com/repos/guidion-digital/terraform-github-repositories: 422 Advanced security is always available for public repos

Terraform Version

1.6.1

Affected Resource(s)

• github_repository

Terraform Configuration Files

No response

Steps to Reproduce

No response

Debug Output

No response

Panic Output

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[bzarboni1]

Came across this issue today, and spent a little bit of time diagnosing it. I forked the provider and put a debugger on it in order to get a clearer picture. I'm not sure there's much that can be done in the provider, as this is the response from the GitHub API itself. It also appears to be the default behaviour for GitHub:

GitHub Advanced Security features are enabled for all public repositories on GitHub.com.

I'd much prefer that GitHub accept the setting, but they've decided to make it an error.

[afrazkhan]

Thanks @bzarboni1. Makes sense now that I've run into lots of more of these types of things with the Github provider. I can see that their API is just unwieldy when it's used for something like a Terraform provider. For example I've had to put a lot of logic in place like "if you're on paid plan X, but haven't supplied Y, and Z is true, then set option A".

Appreciate the effort.