Skip to content

[FEAT] Add new resource for repository vulnerability alerts#3166

Open
deiga wants to merge 15 commits intointegrations:mainfrom
F-Secure-web:add-github_repository_vulnerability_alerts
Open

[FEAT] Add new resource for repository vulnerability alerts#3166
deiga wants to merge 15 commits intointegrations:mainfrom
F-Secure-web:add-github_repository_vulnerability_alerts

Conversation

@deiga
Copy link
Collaborator

@deiga deiga commented Feb 8, 2026

Resolves #3038

Before the change?

  • Vulnerability alerts for a repository were handled inside the github_repository resource.

After the change?

  • Vulnerability alerts for a repository can now be managed in a separate resource
  • vulnerability_alerts in the github_repository resource are marked as deprecated

Pull request checklist

  • Schema migrations have been created if needed (example)
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

@deiga deiga requested a review from stevehipwell February 8, 2026 11:38
@github-actions
Copy link

github-actions bot commented Feb 8, 2026

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@deiga deiga force-pushed the add-github_repository_vulnerability_alerts branch 2 times, most recently from fb54b9b to 5b5d40c Compare February 13, 2026 22:57
stevehipwell
stevehipwell requested changes Feb 16, 2026
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good.

@deiga deiga force-pushed the add-github_repository_vulnerability_alerts branch from 5b5d40c to 8ba3a26 Compare February 16, 2026 21:13
@deiga deiga requested a review from stevehipwell February 16, 2026 21:13
stevehipwell
stevehipwell requested changes Feb 17, 2026
View reviewed changes
@deiga deiga force-pushed the add-github_repository_vulnerability_alerts branch from 8ba3a26 to 7ea9d1a Compare February 17, 2026 20:34
@deiga deiga requested a review from stevehipwell February 17, 2026 20:34
@stevehipwell
Copy link
Collaborator

stevehipwell commented Feb 20, 2026

@deiga could you please rebase?

stevehipwell
stevehipwell requested changes Feb 20, 2026
View reviewed changes
@deiga deiga force-pushed the add-github_repository_vulnerability_alerts branch from 7ea9d1a to 9791700 Compare February 21, 2026 14:10
@deiga deiga requested a review from stevehipwell February 21, 2026 14:10
stevehipwell
stevehipwell requested changes Feb 23, 2026
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, just two minor nits which I think are worth fixing for readability and because I think this resource will be one we can use as an example for people contributing.

deiga added 12 commits February 23, 2026 20:49
@deiga
Add resource for repository vulnerability alerts
0e5b4c3 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Mark vulnerability_alerts in github_repository as deprecated
25f08a0 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Update formatting
19d51d2 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Update import after rebase
804a963 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Correct file names
0019c57 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Address review comments
5351829 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Simplify SetId
cf518f4 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Comment out owner until we can support it better
0ca677e 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor to use ConfigStateChecks
dfe9732 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Update import ID to only repository name
a0da2e7 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Improves tests
f0e94ed 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Updates docs
569224b 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
deiga added 2 commits February 23, 2026 20:50
@deiga
Add clearer error for user when trying to add to an archived repository
447bb03 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Re-order SetId
4f3c392 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga deiga force-pushed the add-github_repository_vulnerability_alerts branch from 9791700 to 4f3c392 Compare February 23, 2026 18:51
@deiga deiga requested a review from stevehipwell February 23, 2026 18:51
stevehipwell
stevehipwell requested changes Feb 24, 2026
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR looks great, I just have a concern about string matching on an error message (we know errors aren't consistent across GHAS), especially one that isn't explicit about the cause. If we think it's valuable to provide a custom error message, which I'm personally not sure about, then we ought to use the API to get a definitive answer.

@deiga
Simplify archived repo handling
c41ad75 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga deiga requested a review from stevehipwell February 24, 2026 19:19
stevehipwell
stevehipwell approved these changes Mar 2, 2026
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevehipwell stevehipwell added this to the v6.12.0 Release milestone Mar 2, 2026
robert-crandall
robert-crandall reviewed Mar 13, 2026
View reviewed changes
github/resource_github_repository_vulnerability_alerts.go
Comment on lines +96 to +98
if err != nil {
return diag.Errorf("error reading repository vulnerability alerts: %s", err.Error())
}
Copy link

@robert-crandall robert-crandall Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the repository is deleted outside Terraform, GetVulnerabilityAlerts will return a 404. The Read function does not check for this and will return an error instead of calling d.SetId("") to remove the resource from state. This breaks terraform plan and terraform apply when the backing repository no longer exists.

Suggested change
if err != nil {
return diag.Errorf("error reading repository vulnerability alerts: %s", err.Error())
}
if err != nil {
if resp != nil && resp.StatusCode == http.StatusNotFound {
tflog.Warn(ctx, "Repository not found, removing from state", map[string]any{"repository": repoName})
d.SetId("")
return nil
}
return diag.Errorf("error reading repository vulnerability alerts: %s", err.Error())
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robert-crandall robert-crandall robert-crandall left review comments

@stevehipwell stevehipwell stevehipwell approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Deprecation New resource r/repository

Projects

None yet

Milestone

v6.12.0 Release

Development

Successfully merging this pull request may close these issues.

[MAINT]: Add a new resource for github_repository_vulnerability_alerts

3 participants

@deiga @stevehipwell @robert-crandall