Push restrictions aren't applied properly on branches

integrations / terraform-provider-github

Terraform GitHub provider

https://www.terraform.io/docs/providers/github/

MIT License

912 stars 755 forks source link

Push restrictions aren't applied properly on branches #670

Open GergelyKalmar opened 3 years ago

GergelyKalmar commented 3 years ago

Terraform Version

Terraform v0.14.5
+ provider registry.terraform.io/integrations/github v4.3.1

Affected Resource(s)

github_branch_protection

Terraform Configuration Files

resource "github_branch_protection" "main" {
  repository_id = github_repository.repo.name
  pattern = "main"
  push_restrictions = []
}

Expected Behavior

The "Restrict who can push to matching branches" option should be turned on for the given branch (with no team or user added).

Actual Behavior

The option is unchanged.

Steps to Reproduce

terraform plan
terraform apply

jcudit commented 3 years ago

Thanks for reporting this. Not a fix, but curious if the github_branch_protection_v3 resource works for your use case? Will track this otherwise for our next batch of github_branch_protection fixes.

suever commented 3 years ago

Thanks for reporting this. Not a fix, but curious if the github_branch_protection_v3 resource works for your use case? Will track this otherwise for our next batch of github_branch_protection fixes.

Not the OP, but setting restrictions to be empty in the github_branch_protection_v3 resource has the expected behavior

resource "github_branch_protection_v3" "main" {
  repository   = github_repository.repo.name
  branch       = "main"
  restrictions = {}
}

GergelyKalmar commented 3 years ago

Indeed, it seems to be working as expected with v3. That should do as a workaround for now, thanks for the tip!

james-callahan commented 2 years ago

The workaround isn't available when you're using a pattern rather than explicitly a branch.

spangaer commented 2 years ago

@james-callahan

Create a dummy empty secret team and use it's node ID in the list, that seems to have the wanted effect

Update 1: Though it does seem to want to re-apply the assignment all the time that way. 😞

Update 2: If you add the team to the repo with write permissions it works without constant updates.

github-actions[bot] commented 1 year ago

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

GergelyKalmar commented 1 year ago

I think the issue still persists, I'd rather have it remain active. Having multiple versions of github_branch_protection is not particularly elegant.

marcaurele commented 1 year ago

The issue still persists, we are affected by this and have to use a workaround by duplicating the accesses of the default users/teams.

rosen-dimitrov commented 1 year ago

Still there, very frustrating that noone cares about this.

kfcampbell commented 1 year ago

Agreed that having multiple branch protection resources is not an elegant solution. PRs are appreciated if folks have the time and inclination to fix this behavior.