From 626205b352774cf0a810919dc6deee34eae6056d Mon Sep 17 00:00:00 2001 From: nicktrn <55853254+nicktrn@users.noreply.github.com> Date: Thu, 14 May 2026 22:28:05 +0100 Subject: [PATCH] fix(github_repository): wire code_security in security_and_analysis #2935 added the code_security schema block but did not extend calculateSecurityAndAnalysis (write) or flattenSecurityAndAnalysis (read) to handle it. Effect: code_security declarations are silently dropped on apply, and the field is never populated in state on refresh, producing a permanent `+ code_security` diff on every plan. Mirrors the existing advanced_security handling. secret_scanning_ai_detection and secret_scanning_non_provider_patterns are also affected by #2935 but require go-github type additions, so they are out of scope here. --- github/resource_github_repository.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go index fa68ac1ecc..a9c1eed589 100644 --- a/github/resource_github_repository.go +++ b/github/resource_github_repository.go @@ -570,6 +570,11 @@ func calculateSecurityAndAnalysis(d *schema.ResourceData) *github.SecurityAndAna Status: new(status), } } + if ok, status := tryGetSecurityAndAnalysisSettingStatus(lookup, "code_security"); ok { + securityAndAnalysis.CodeSecurity = &github.CodeSecurity{ + Status: new(status), + } + } if ok, status := tryGetSecurityAndAnalysisSettingStatus(lookup, "secret_scanning"); ok { securityAndAnalysis.SecretScanning = &github.SecretScanning{ Status: new(status), @@ -1201,6 +1206,13 @@ func flattenSecurityAndAnalysis(securityAndAnalysis *github.SecurityAndAnalysis) }} } + codeSecurity := securityAndAnalysis.GetCodeSecurity() + if codeSecurity != nil { + securityAndAnalysisMap["code_security"] = []any{map[string]any{ + "status": codeSecurity.GetStatus(), + }} + } + securityAndAnalysisMap["secret_scanning"] = []any{map[string]any{ "status": securityAndAnalysis.GetSecretScanning().GetStatus(), }}