terraform-provider-github: unable to update branch_protections for github repos

Hi there,

We were trying to enable enforce_admins = true and we see a TF plan like the following but when we apply we get an error. As you can see below there are no changes to required_status_checks but we are not able to apply it.

  # module.repositories.github_branch_protection_v3.managed["REPO_NAME:BRANCH_NAME"] will be updated in-place
  ~ resource "github_branch_protection_v3" "managed" {
      ~ enforce_admins                  = false -> true
        id                              = "REPO_NAME:BRANCH_NAME"
        # (5 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }

Terraform Version

  • 1.0.9
  • terraform-provider-github: v4.24.1

Affected Resource(s)

Please list the resources as a list, for example:

  • github_branch_protection_v3

If this issue appears to affect multiple resources, it may be an issue with Terraform’s core, so please mention this.

Terraform Configuration Files

resource "github_branch_protection_v3" "example" {
  repository     = github_repository.example.name
  branch         = "main"
  enforce_admins = true

  required_status_checks {
    strict   = true
    contexts = []
  }

}

Debug Output

unfortunately I’m not allowed to share full debug output due to company policy, here’s some relevant debug logs:

2022-05-12T09:24:17.198-0700 [DEBUG] provider.terraform-provider-github_v4.24.1: {
2022-05-12T09:24:17.198-0700 [DEBUG] provider.terraform-provider-github_v4.24.1:  "message": "Invalid request.\n\nNo subschema in \"anyOf\" matched.\nNo subschema in \"oneOf\" matched.\nNot all subschemas of \"allOf\" matched.\nFor 'anyOf/1', {\"strict\"=>true} is not a null.",
2022-05-12T09:24:17.198-0700 [DEBUG] provider.terraform-provider-github_v4.24.1:  "documentation_url": "https://docs.github.com/rest/reference/repos#update-branch-protection"
2022-05-12T09:24:17.198-0700 [DEBUG] provider.terraform-provider-github_v4.24.1: }

│ Error: PUT https://api.github.com/repos/ORG_NAME/REPO_NAME/branches/BRANCH_NAME/protection: 422 Invalid request.
│
│ No subschema in "anyOf" matched.
│ No subschema in "oneOf" matched.
│ Not all subschemas of "allOf" matched.
│ For 'anyOf/1', {"strict"=>true} is not a null. []
│
│   with module.repositories.github_branch_protection_v3.managed["REPO_NAME:BRANCH_NAME"],
│   on ../../../modules/repositories/repository-branch-protection.tf line 1, in resource "github_branch_protection_v3" "managed":
│    1: resource "github_branch_protection_v3" "managed" {
│
╵

Expected Behavior

  • able to update branch protection

Actual Behavior

  • seeing above errors

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

  • we use atlantis but the same error happens locally as well

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 19
  • Comments: 21 (4 by maintainers)

Commits related to this issue

Most upvoted comments

This is not fixed. Passing null for contexts still throws the same error as passing an empty list. This was working in~> 5.0 previously but broke again in v5.7.0.

EDIT: when passing [] as the value for contexts, the following error is returned by the API:

<REDACTED URL>/branches/master/protection: 422 Invalid request.

No subschema in "anyOf" matched.
For 'properties/checks', nil is not an array.
Not all subschemas of "allOf" matched.
For 'anyOf/1', {"strict"=>true, "checks"=>nil} is not a null. []

Seems like the provider is perhaps converting the empty list to nil? I tried as well by explicitly setting contexts = null and the same error is returned.:

No subschema in "anyOf" matched.
For 'properties/checks', nil is not an array.
Not all subschemas of "allOf" matched.
For 'anyOf/1', {"strict"=>true, "checks"=>nil} is not a null. []

This is on v5.7.0 of the provider using the "github_branch_protection_v3" resource.

+10
c0mput3rj0n3s on Nov 4, 2022

We downgraded the provider to 4.22.0 and it appears to have resolved the issue for us. Hopefully that helps you git bisect it. 😃

+7
highb on Jun 17, 2022

Can confirm, we’re using 4.22.0 and the branch protection error doesn’t appear.

+4
grrywlsn on Oct 4, 2022

I think 4.22.0 should work.

+4
luisdavim on Oct 3, 2022

I’m also seeing this issue. My data point that I can contribute is that updated my pinned version for the provider from version ~> 4.19.2 to ~> 4.26.1. I’m not sure if that is directly related or a red herring.

+3
highb on Jun 15, 2022

This seems to be a dupe of #1307, which a fix is in-progress for. I’m going to close this out and we should continue further discourse there.

+1
kfcampbell on Jan 5, 2023

We have resolved this issue on a few dozen repositories by switching from github_branch_protection_v3 to github_branch_protection (v4) in https://github.com/mineiros-io/terraform-github-repository. No changes except renaming branch to pattern were necessary to get all our branch protections working again via Terraform.

+1
hollow on Nov 14, 2022

Downgrading to a lower version doesn’t seem like a good long term solution. Are there any plans to fix this in later versions?

+1
cfisher281 on Oct 20, 2022

This seems to be a problem with github.com/google/go-github/v47

+1
luisdavim on Sep 17, 2022

I’m also experiencing this issue at my organisation, out of no-where much like @iniinikoski.

Has anyone had much success at a workaround or fix?

Unsure if this is related, but in the GitHub API docs under the “Body Parameters” section, it states that the contexts property is both REQUIRED and DEPRECATED (which seems contradictory) and has been replaced by checks. Is this a recent change?

+1
TheJackson on May 25, 2022
Read more comments on GitHub
← terraform-provider-github: Unable to set branch names/patterns when `custom_branch_policies` is `true`.
ipex-llm: RuntimeError: PyTorch is not linked with support for xpu devices →