diff --git a/docs/data-sources/organization.md b/docs/data-sources/organization.md index def786ba5d..3447b74928 100644 --- a/docs/data-sources/organization.md +++ b/docs/data-sources/organization.md @@ -56,3 +56,5 @@ data "github_organization" "example" { - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. +- `secret_scanning_validity_checks_enabled` - Whether secret scanning automatic validity checks on supported partner tokens are enabled for the organization. +- `default_repository_branch` - The default branch name applied to new repositories created in the organization. diff --git a/docs/resources/organization_settings.md b/docs/resources/organization_settings.md index 6275f737c9..ad85db0269 100644 --- a/docs/resources/organization_settings.md +++ b/docs/resources/organization_settings.md @@ -38,6 +38,8 @@ resource "github_organization_settings" "test" { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_validity_checks_enabled = false + default_repository_branch = "main" } ``` @@ -71,6 +73,8 @@ The following arguments are supported: - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +- `secret_scanning_validity_checks_enabled` - (Optional) Whether or not secret scanning automatic validity checks on supported partner tokens are enabled for the organization. The current value is read from the API when not set. +- `default_repository_branch` - (Optional) The default branch name applied to new repositories created in the organization (for example, `main`). The current value is read from the API when not set. ## Attributes Reference diff --git a/examples/resources/organization_settings/example_1.tf b/examples/resources/organization_settings/example_1.tf index 1dab26f0ab..c8d1caf218 100644 --- a/examples/resources/organization_settings/example_1.tf +++ b/examples/resources/organization_settings/example_1.tf @@ -25,4 +25,6 @@ resource "github_organization_settings" "test" { dependency_graph_enabled_for_new_repositories = false secret_scanning_enabled_for_new_repositories = false secret_scanning_push_protection_enabled_for_new_repositories = false + secret_scanning_validity_checks_enabled = false + default_repository_branch = "main" } diff --git a/github/data_source_github_organization.go b/github/data_source_github_organization.go index b5222b0868..e64611618b 100644 --- a/github/data_source_github_organization.go +++ b/github/data_source_github_organization.go @@ -141,6 +141,14 @@ func dataSourceGithubOrganization() *schema.Resource { Type: schema.TypeBool, Computed: true, }, + "secret_scanning_validity_checks_enabled": { + Type: schema.TypeBool, + Computed: true, + }, + "default_repository_branch": { + Type: schema.TypeString, + Computed: true, + }, "summary_only": { Type: schema.TypeBool, Optional: true, @@ -265,6 +273,8 @@ func dataSourceGithubOrganizationRead(ctx context.Context, d *schema.ResourceDat _ = d.Set("dependency_graph_enabled_for_new_repositories", organization.GetDependencyGraphEnabledForNewRepos()) _ = d.Set("secret_scanning_enabled_for_new_repositories", organization.GetSecretScanningEnabledForNewRepos()) _ = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", organization.GetSecretScanningPushProtectionEnabledForNewRepos()) + _ = d.Set("secret_scanning_validity_checks_enabled", organization.GetSecretScanningValidityChecksEnabled()) + _ = d.Set("default_repository_branch", organization.GetDefaultRepositoryBranch()) } d.SetId(strconv.FormatInt(organization.GetID(), 10)) diff --git a/github/data_source_github_organization_test.go b/github/data_source_github_organization_test.go index 5d8da74a42..e23d63b2d1 100644 --- a/github/data_source_github_organization_test.go +++ b/github/data_source_github_organization_test.go @@ -41,6 +41,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckResourceAttrSet("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_validity_checks_enabled"), + resource.TestCheckResourceAttrSet("data.github_organization.test", "default_repository_branch"), ) resource.Test(t, resource.TestCase{ @@ -139,6 +141,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) { resource.TestCheckNoResourceAttr("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"), resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_validity_checks_enabled"), + resource.TestCheckNoResourceAttr("data.github_organization.test", "default_repository_branch"), ) resource.Test(t, resource.TestCase{ diff --git a/github/resource_github_organization_settings.go b/github/resource_github_organization_settings.go index ac2a832de4..3abea9b34b 100644 --- a/github/resource_github_organization_settings.go +++ b/github/resource_github_organization_settings.go @@ -169,6 +169,18 @@ func resourceGithubOrganizationSettings() *schema.Resource { Default: false, Description: "Whether or not secret scanning push protection is enabled for new repositories.", }, + "secret_scanning_validity_checks_enabled": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Whether or not secret scanning automatic validity checks on supported partner tokens are enabled for the organization.", + }, + "default_repository_branch": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The default branch name applied to new repositories created in the organization (for example, 'main').", + }, }, } } @@ -290,6 +302,14 @@ func buildOrganizationSettings(d *schema.ResourceData, isEnterprise bool) *githu if shouldInclude("secret_scanning_push_protection_enabled_for_new_repositories") { settings.SecretScanningPushProtectionEnabledForNewRepos = new(d.Get("secret_scanning_push_protection_enabled_for_new_repositories").(bool)) } + if shouldInclude("secret_scanning_validity_checks_enabled") { + settings.SecretScanningValidityChecksEnabled = new(d.Get("secret_scanning_validity_checks_enabled").(bool)) + } + if shouldInclude("default_repository_branch") { + if v, ok := d.GetOk("default_repository_branch"); ok { + settings.DefaultRepositoryBranch = new(v.(string)) + } + } // Enterprise-specific field if isEnterprise { @@ -399,6 +419,12 @@ func resourceGithubOrganizationSettingsCreateOrUpdate(d *schema.ResourceData, me if settings.SecretScanningPushProtectionEnabledForNewRepos != nil { log.Printf("[DEBUG] SecretScanningPushProtectionEnabledForNewRepos: %v", *settings.SecretScanningPushProtectionEnabledForNewRepos) } + if settings.SecretScanningValidityChecksEnabled != nil { + log.Printf("[DEBUG] SecretScanningValidityChecksEnabled: %v", *settings.SecretScanningValidityChecksEnabled) + } + if settings.DefaultRepositoryBranch != nil { + log.Printf("[DEBUG] DefaultRepositoryBranch: %s", *settings.DefaultRepositoryBranch) + } orgSettings, _, err := client.Organizations.Edit(ctx, org, settings) if err != nil { @@ -513,6 +539,12 @@ func resourceGithubOrganizationSettingsRead(d *schema.ResourceData, meta any) er if err = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", orgSettings.GetSecretScanningPushProtectionEnabledForNewRepos()); err != nil { return err } + if err = d.Set("secret_scanning_validity_checks_enabled", orgSettings.GetSecretScanningValidityChecksEnabled()); err != nil { + return err + } + if err = d.Set("default_repository_branch", orgSettings.GetDefaultRepositoryBranch()); err != nil { + return err + } return nil } diff --git a/github/resource_github_organization_settings_test.go b/github/resource_github_organization_settings_test.go index 742f779b3e..532390c26b 100644 --- a/github/resource_github_organization_settings_test.go +++ b/github/resource_github_organization_settings_test.go @@ -586,6 +586,32 @@ func TestAccGithubOrganizationSettings(t *testing.T) { }) }) + t.Run("test default_repository_branch and secret_scanning_validity_checks_enabled", func(t *testing.T) { + config := ` + resource "github_organization_settings" "test" { + billing_email = "test@example.com" + default_repository_branch = "main" + secret_scanning_validity_checks_enabled = false + }` + + check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("github_organization_settings.test", "billing_email", "test@example.com"), + resource.TestCheckResourceAttr("github_organization_settings.test", "default_repository_branch", "main"), + resource.TestCheckResourceAttr("github_organization_settings.test", "secret_scanning_validity_checks_enabled", "false"), + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessHasOrgs(t) }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: config, + Check: check, + }, + }, + }) + }) + t.Run("test enum field variations", func(t *testing.T) { config := ` resource "github_organization_settings" "test" { diff --git a/templates/data-sources/organization.md.tmpl b/templates/data-sources/organization.md.tmpl index bc36284217..9d5a7744d9 100644 --- a/templates/data-sources/organization.md.tmpl +++ b/templates/data-sources/organization.md.tmpl @@ -52,3 +52,5 @@ Use this data source to retrieve basic information about a GitHub Organization. - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. +- `secret_scanning_validity_checks_enabled` - Whether secret scanning automatic validity checks on supported partner tokens are enabled for the organization. +- `default_repository_branch` - The default branch name applied to new repositories created in the organization. diff --git a/templates/resources/organization_settings.md.tmpl b/templates/resources/organization_settings.md.tmpl index bdd5318c1a..0c10c7f7e2 100644 --- a/templates/resources/organization_settings.md.tmpl +++ b/templates/resources/organization_settings.md.tmpl @@ -42,6 +42,8 @@ The following arguments are supported: - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. +- `secret_scanning_validity_checks_enabled` - (Optional) Whether or not secret scanning automatic validity checks on supported partner tokens are enabled for the organization. The current value is read from the API when not set. +- `default_repository_branch` - (Optional) The default branch name applied to new repositories created in the organization (for example, `main`). The current value is read from the API when not set. ## Attributes Reference