search

integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
863 stars 708 forks source link

[BUG]: Unexpected recreation of a resource in every new plan #2275

Open sandro-a-gamarra-db opened 1 month ago

sandro-a-gamarra-db commented 1 month ago

Expected Behavior

No Changes should have been shown in the plan

Actual Behavior

There is always a resource update: Plan: 0 to add, 1 to change, 0 to destroy.

Terraform Version

Terraform v1.7.2 on linux_amd64 + provider registry.terraform.io/integrations/github v6.2.1 (and v5.45.0)

Affected Resource(s)

Terraform Configuration Files

### This excerpt of code comes from the github.tf file

resource "github_branch_protection" "AAAAAA" {
  repository_id = github_repository.module_repo.name

  for_each       = toset(["main", "release"])
  pattern        = each.value
  enforce_admins = false

  required_status_checks {
    strict = true
    contexts = ["Prepare", "Test"]
  }

  required_pull_request_reviews {
    dismiss_stale_reviews           = true
    dismissal_restrictions          = [data.github_team.ops_team.node_id]
    required_approving_review_count = 2
    require_code_owner_reviews      = true
  }
}

Steps to Reproduce

$ terraform init $ terraform plan

Debug Output

No response

Panic Output

No response

Code of Conduct

sandro-a-gamarra-db commented 1 month ago

More context:

With required_pull_request_reviews set, every new plan is updating always 3/4 resources related to github branch protection. In particular, the node_id in required_pull_request_reviews.dismissal_restrictions

(Excerpt from our state)

"required_pull_request_reviews": [ { "dismiss_stale_reviews": true, "dismissal_restrictions": [ "XXXXXXXXXXXxxxxxxx" ←This one ], } ]

Hashicorp support tested this out with versions 6.2.1 and 5.45.0 of the github provider, but they showed the same behaviour.

I hope it helps to better understand this issue.