[BUG]: unable to add github apps to bypassers

[jamesgeddes]

Expected Behavior

should be able to add a github app (bot) to PR bypassers, as indicated by the docs;

pull_request_bypassers: (Optional) The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.

Can add a GitHub app using the GUI, but not in Terraform. When a GitHub app is manually added to the PR bypassers in the GUI, it shows up in terraform as [org name]/[app username].

NB This was tested within a GitHub org using a github app that had been granted all permissions.

Actual Behavior

terraform apply returned the following error.

github_branch_protection.trunk_protection["test-trunk-protection"]: Modifying... [id=***]
github_branch_protection.trunk_protection["test-trunk-protection"]: Still modifying... [id=***, 10s elapsed]
github_branch_protection.trunk_protection["test-trunk-protection2"]: Still modifying... [id=***, 10s elapsed]

Error: Could not resolve to a node with the global id of ''

  with github_branch_protection.trunk_protection["test-trunk-protection2"],
  on github.tf line 38, in resource "github_branch_protection" "trunk_protection":
  38: resource "github_branch_protection" "trunk_protection" {

Error: Could not resolve to a node with the global id of ''

  with github_branch_protection.trunk_protection["test-trunk-protection"],
  on github.tf line 38, in resource "github_branch_protection" "trunk_protection":
  38: resource "github_branch_protection" "trunk_protection" {

fails when specifying github app as,

• [org name]/[app login] (the format returned by a terraform plan!)
• /[org name]/[app login]
• [app user id]
• /[app user login]
• /[app user login][bot]
• [app installation id]

Terraform Version

Terraform v1.8.0 GitHub provider v6.2.1

Affected Resource(s)

github_branch_protection

Terraform Configuration Files

resource "github_branch_protection" "trunk_protection" {
  pattern                         = "main"
  repository_id                   = "test-trunk-protection"
...
  required_pull_request_reviews {
    pull_request_bypassers = compact(concat(
      ["/jamesgeddes"],         # This human user works as expected.
    ))
  }
}

resource "github_branch_protection" "trunk_protection2" {
  pattern                         = "main"
  repository_id                   = "test-trunk-protection2"
...
  required_pull_request_reviews {
    pull_request_bypassers = compact(concat(
      ["/jamesgeddes"],         # This human user works as expected.
      ["geddesfamily/gedbot"],  # As soon as this GitHub app is added, Terraform returns the aforementioned error.
    ))
  }
}

Steps to Reproduce

1. run terraform plan and terraform apply with no pull_request_bypassers
2. manually add github app to github branch protection gui
3. terraform plan shows [org name]/[app username] to remove
4. add [org name]/[app username] to terraform pull_request_bypassers
5. run terraform plan - note github app is accepted
6. runterraform apply - note Error: Could not resolve to a node with the global id of '' error

Debug Output

No response

Panic Output

No response

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[carl-knutson]

fails when specifying github app as,

Also attempted the following with same results:

• /[node-id]
• [node-id]

[ivanmartos]

Still valid with provider version 6.2.2

[msharbaji]

Is there a plan to fix this issue?

[tobias-farrenkopf]

As a workaround you can provide the node-id which you can get from the rest api: https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28

[rtkwlf-hzzz]

As a workaround you can provide the node-id which you can get from the rest api: https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28

hi @tobias-farrenkopf , we also encountered this issue recently, would you mind providing some details about how to use this workaround ....

we try

 pull_request_bypassers = ["A_ID"]

but it doesn't work. appreciat it in advance 🙏🙏