terraform-provider-github: Repository environment creation error

Terraform Version

Terraform v1.0.7

Affected Resource(s)

github_repository_environment

Terraform Configuration Files

resource "github_repository_environment" "my_repo_environments" {
  for_each = toset([
    "production",
    "staging",
  ])

  repository       = github_repository.my_repo.name
  environment      = each.key

}

Debug Output

Expected Behavior

Create an environment

Actual Behavior

Got this errore (both staging and production)

╷
│ Error: PUT https://api.github.com/repos/my-org/my-repo/environments/production: 422 Fail to create protected rule, please ensure billing plan include protected branch gate. []
│

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

Work arround

If I set the “Deployment branches” in the GUI (protected branches), import the resource and add the following config terraform terminates well.

  deployment_branch_policy {
    protected_branches = true
    custom_branch_policies = false
  }

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 11
Comments: 19 (8 by maintainers)

Most upvoted comments

Relevant Terraform provider Go file: https://github.com/integrations/terraform-provider-github/blame/main/vendor/github.com/google/go-github/v47/github/repos_environments.go Line 147-172

// MarshalJSON implements the json.Marshaler interface.
// As the only way to clear a WaitTimer is to set it to 0, a missing WaitTimer object should default to 0, not null.
func (c *CreateUpdateEnvironment) MarshalJSON() ([]byte, error) {
	type Alias CreateUpdateEnvironment
	if c.WaitTimer == nil {
		c.WaitTimer = Int(0)
	}
	return json.Marshal(&struct {
		*Alias
	}{
		Alias: (*Alias)(c),
	})
}

// CreateUpdateEnvironment represents the fields required for the create/update operation
// following the Create/Update release example.
// See https://github.com/google/go-github/issues/992 for more information.
// Removed omitempty here as the API expects null values for reviewers and deployment_branch_policy to clear them.
type CreateUpdateEnvironment struct {
	WaitTimer              *int            `json:"wait_timer"`
	Reviewers              []*EnvReviewers `json:"reviewers"`
	DeploymentBranchPolicy *BranchPolicy   `json:"deployment_branch_policy"`
}

Seems due to this being a new feature for GitHub Teams when the relevant Terraform provider code was written they didn’t count for a use case where a user would want to create environments but have no access to the branch protection rule feature.

AnitaErnszt on Sep 12, 2022

@kfcampbell got a PR out in go-github to fix the issue. Once it’s merged we just have to upgrade the package here and it should work 🙂

AnitaErnszt on Jan 4, 2023

For what it’s worth. We are also facing this issue in our company.

I used the http-full provider to try to have this as automated as possible (terraform’s http provider does not support put)

data "http" "github_repository_environment_environment" {
  count       = var.github_repository != "" ? 1 : 0
  provider    = http-full
  url    = "https://api.github.com/repos/${var.github_owner}/${var.github_repository}/environments/${var.environment}"
  method = "PUT"
  request_headers = {
    Accept = "application/vnd.github+json"
    Authorization= "Bearer ${var.github_token}"
  }
  request_body = <<EOF
{"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}}'
EOF
}

Then, in my secrets I have

depends_on  = [data.http.github_repository_environment_environment]

Its not ideal, but it helps

Konubinix on Nov 18, 2022

We’re also struggling with this. The environments do get created, but tf errors out with a 422 each time, so state is not updated.

richchurcher on Sep 18, 2022