Add Dependabot secrets support (Fixes #1006) (#1036)

* Add dependabot secrets support

* Forgot to tie the new resources into the provider

* Fix error in tests for secrets with encrypted_value that isnt base64

* Make unit tests actually use new resources

* Remove vestiges of google/go-github v42

Co-authored-by: Keegan Campbell <[email protected]>

Author: liath

github/data_source_github_dependabot_public_key.go

@@ -0,0 +1,49 @@
+package github
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubDependabotPublicKey() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubDependabotPublicKeyRead,
+
+		Schema: map[string]*schema.Schema{
+			"repository": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"key_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"key": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceGithubDependabotPublicKeyRead(d *schema.ResourceData, meta interface{}) error {
+	repository := d.Get("repository").(string)
+	owner := meta.(*Owner).name
+	log.Printf("[INFO] Refreshing GitHub Dependabot Public Key from: %s/%s", owner, repository)
+
+	client := meta.(*Owner).v3client
+	ctx := context.Background()
+
+	publicKey, _, err := client.Dependabot.GetRepoPublicKey(ctx, owner, repository)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(publicKey.GetKeyID())
+	d.Set("key_id", publicKey.GetKeyID())
+	d.Set("key", publicKey.GetKey())
+
+	return nil
+}

github/data_source_github_dependabot_public_key_test.go

@@ -0,0 +1,60 @@
+package github
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubDependabotPublicKeyDataSource(t *testing.T) {
+
+	randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+
+	t.Run("queries a repository public key without error", func(t *testing.T) {
+
+		config := fmt.Sprintf(`
+			resource "github_repository" "test" {
+			  name = "tf-acc-test-%[1]s"
+				auto_init = true
+			}
+
+			data "github_actions_public_key" "test" {
+				repository = github_repository.test.id
+			}
+		`, randomID)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttrSet(
+				"data.github_actions_public_key.test", "key",
+			),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			testCase(t, individual)
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+
+	})
+}

github/provider.go

@@ -89,50 +89,54 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
-			"github_actions_environment_secret":               resourceGithubActionsEnvironmentSecret(),
-			"github_actions_organization_secret":              resourceGithubActionsOrganizationSecret(),
-			"github_actions_organization_secret_repositories": resourceGithubActionsOrganizationSecretRepositories(),
-			"github_actions_organization_permissions":         resourceGithubActionsOrganizationPermissions(),
-			"github_actions_runner_group":                     resourceGithubActionsRunnerGroup(),
-			"github_actions_secret":                           resourceGithubActionsSecret(),
-			"github_app_installation_repository":              resourceGithubAppInstallationRepository(),
-			"github_branch":                                   resourceGithubBranch(),
-			"github_branch_protection":                        resourceGithubBranchProtection(),
-			"github_branch_protection_v3":                     resourceGithubBranchProtectionV3(),
-			"github_issue":                                    resourceGithubIssue(),
-			"github_issue_label":                              resourceGithubIssueLabel(),
-			"github_membership":                               resourceGithubMembership(),
-			"github_organization_block":                       resourceOrganizationBlock(),
-			"github_organization_project":                     resourceGithubOrganizationProject(),
-			"github_organization_webhook":                     resourceGithubOrganizationWebhook(),
-			"github_project_card":                             resourceGithubProjectCard(),
-			"github_project_column":                           resourceGithubProjectColumn(),
-			"github_repository_autolink_reference":            resourceGithubRepositoryAutolinkReference(),
-			"github_repository_collaborator":                  resourceGithubRepositoryCollaborator(),
-			"github_repository_deploy_key":                    resourceGithubRepositoryDeployKey(),
-			"github_repository_environment":                   resourceGithubRepositoryEnvironment(),
-			"github_repository_file":                          resourceGithubRepositoryFile(),
-			"github_repository_milestone":                     resourceGithubRepositoryMilestone(),
-			"github_repository_project":                       resourceGithubRepositoryProject(),
-			"github_repository_pull_request":                  resourceGithubRepositoryPullRequest(),
-			"github_repository_webhook":                       resourceGithubRepositoryWebhook(),
-			"github_repository":                               resourceGithubRepository(),
-			"github_team_membership":                          resourceGithubTeamMembership(),
-			"github_team_members":                             resourceGithubTeamMembers(),
-			"github_team_repository":                          resourceGithubTeamRepository(),
-			"github_team_sync_group_mapping":                  resourceGithubTeamSyncGroupMapping(),
-			"github_emu_group_mapping":                        resourceGithubEMUGroupMapping(),
-			"github_team":                                     resourceGithubTeam(),
-			"github_user_gpg_key":                             resourceGithubUserGpgKey(),
-			"github_user_invitation_accepter":                 resourceGithubUserInvitationAccepter(),
-			"github_user_ssh_key":                             resourceGithubUserSshKey(),
-			"github_branch_default":                           resourceGithubBranchDefault(),
+			"github_actions_environment_secret":                  resourceGithubActionsEnvironmentSecret(),
+			"github_actions_organization_permissions":            resourceGithubActionsOrganizationPermissions(),
+			"github_actions_organization_secret":                 resourceGithubActionsOrganizationSecret(),
+			"github_actions_organization_secret_repositories":    resourceGithubActionsOrganizationSecretRepositories(),
+			"github_actions_runner_group":                        resourceGithubActionsRunnerGroup(),
+			"github_actions_secret":                              resourceGithubActionsSecret(),
+			"github_app_installation_repository":                 resourceGithubAppInstallationRepository(),
+			"github_branch":                                      resourceGithubBranch(),
+			"github_branch_default":                              resourceGithubBranchDefault(),
+			"github_branch_protection":                           resourceGithubBranchProtection(),
+			"github_branch_protection_v3":                        resourceGithubBranchProtectionV3(),
+			"github_dependabot_organization_secret":              resourceGithubDependabotOrganizationSecret(),
+			"github_dependabot_organization_secret_repositories": resourceGithubDependabotOrganizationSecretRepositories(),
+			"github_dependabot_secret":                           resourceGithubDependabotSecret(),
+			"github_emu_group_mapping":                           resourceGithubEMUGroupMapping(),
+			"github_issue":                                       resourceGithubIssue(),
+			"github_issue_label":                                 resourceGithubIssueLabel(),
+			"github_membership":                                  resourceGithubMembership(),
+			"github_organization_block":                          resourceOrganizationBlock(),
+			"github_organization_project":                        resourceGithubOrganizationProject(),
+			"github_organization_webhook":                        resourceGithubOrganizationWebhook(),
+			"github_project_card":                                resourceGithubProjectCard(),
+			"github_project_column":                              resourceGithubProjectColumn(),
+			"github_repository":                                  resourceGithubRepository(),
+			"github_repository_autolink_reference":               resourceGithubRepositoryAutolinkReference(),
+			"github_repository_collaborator":                     resourceGithubRepositoryCollaborator(),
+			"github_repository_deploy_key":                       resourceGithubRepositoryDeployKey(),
+			"github_repository_environment":                      resourceGithubRepositoryEnvironment(),
+			"github_repository_file":                             resourceGithubRepositoryFile(),
+			"github_repository_milestone":                        resourceGithubRepositoryMilestone(),
+			"github_repository_project":                          resourceGithubRepositoryProject(),
+			"github_repository_pull_request":                     resourceGithubRepositoryPullRequest(),
+			"github_repository_webhook":                          resourceGithubRepositoryWebhook(),
+			"github_team":                                        resourceGithubTeam(),
+			"github_team_members":                                resourceGithubTeamMembers(),
+			"github_team_membership":                             resourceGithubTeamMembership(),
+			"github_team_repository":                             resourceGithubTeamRepository(),
+			"github_team_sync_group_mapping":                     resourceGithubTeamSyncGroupMapping(),
+			"github_user_gpg_key":                                resourceGithubUserGpgKey(),
+			"github_user_invitation_accepter":                    resourceGithubUserInvitationAccepter(),
+			"github_user_ssh_key":                                resourceGithubUserSshKey(),
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
 			"github_actions_public_key":            dataSourceGithubActionsPublicKey(),
 			"github_branch":                        dataSourceGithubBranch(),
 			"github_collaborators":                 dataSourceGithubCollaborators(),
+			"github_dependabot_public_key":         dataSourceGithubDependabotPublicKey(),
 			"github_ip_ranges":                     dataSourceGithubIpRanges(),
 			"github_membership":                    dataSourceGithubMembership(),
 			"github_organization":                  dataSourceGithubOrganization(),

github/resource_github_actions_environment_secret_test.go

@@ -1,6 +1,7 @@
 package github
 
 import (
+	"encoding/base64"
 	"fmt"
 	"strings"
 	"testing"
@@ -15,9 +16,8 @@ func TestAccGithubActionsEnvironmentSecret(t *testing.T) {
 	randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
 
 	t.Run("creates and updates secrets without error", func(t *testing.T) {
-
-		secretValue := "super_secret_value"
-		updatedSecretValue := "updated_super_secret_value"
+		secretValue := base64.StdEncoding.EncodeToString([]byte("super_secret_value"))
+		updatedSecretValue := base64.StdEncoding.EncodeToString([]byte("updated_super_secret_value"))
 
 		config := fmt.Sprintf(`
 			resource "github_repository" "test" {
@@ -113,8 +113,7 @@ func TestAccGithubActionsEnvironmentSecret(t *testing.T) {
 	})
 
 	t.Run("deletes secrets without error", func(t *testing.T) {
-
-		secretValue := "super_secret_value"
+		secretValue := base64.StdEncoding.EncodeToString([]byte("super_secret_value"))
 
 		config := fmt.Sprintf(`
 				resource "github_repository" "test" {

github/resource_github_actions_organization_secret_test.go

@@ -1,6 +1,7 @@
 package github
 
 import (
+	"encoding/base64"
 	"fmt"
 	"strings"
 	"testing"
@@ -10,8 +11,8 @@ import (
 
 func TestAccGithubActionsOrganizationSecret(t *testing.T) {
 	t.Run("creates and updates secrets without error", func(t *testing.T) {
-		secretValue := "super_secret_value"
-		updatedSecretValue := "updated_super_secret_value"
+		secretValue := base64.StdEncoding.EncodeToString([]byte("super_secret_value"))
+		updatedSecretValue := base64.StdEncoding.EncodeToString([]byte("updated_super_secret_value"))
 
 		config := fmt.Sprintf(`
 			resource "github_actions_organization_secret" "plaintext_secret" {

github/resource_github_actions_secret_test.go

@@ -1,6 +1,7 @@
 package github
 
 import (
+	"encoding/base64"
 	"fmt"
 	"strings"
 	"testing"
@@ -65,9 +66,8 @@ func TestAccGithubActionsSecret(t *testing.T) {
 	})
 
 	t.Run("creates and updates secrets without error", func(t *testing.T) {
-
-		secretValue := "super_secret_value"
-		updatedSecretValue := "updated_super_secret_value"
+		secretValue := base64.StdEncoding.EncodeToString([]byte("super_secret_value"))
+		updatedSecretValue := base64.StdEncoding.EncodeToString([]byte("updated_super_secret_value"))
 
 		config := fmt.Sprintf(`
 			resource "github_repository" "test" {