feat: Expose secret_scanning_push_protection_custom_link on github_organization_settings

docs/data-sources/organization.md

@@ -56,3 +56,5 @@ data "github_organization" "example" {
 - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories.
 - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories.
 - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories.
+- `secret_scanning_push_protection_custom_link_enabled` - Whether a custom link is shown to contributors blocked by secret scanning push protection.
+- `secret_scanning_push_protection_custom_link` - URL displayed to contributors blocked by secret scanning push protection.

docs/resources/organization_settings.md

@@ -38,6 +38,8 @@ resource "github_organization_settings" "test" {
   dependency_graph_enabled_for_new_repositories                = false
   secret_scanning_enabled_for_new_repositories                 = false
   secret_scanning_push_protection_enabled_for_new_repositories = false
+  secret_scanning_push_protection_custom_link_enabled          = true
+  secret_scanning_push_protection_custom_link                  = "https://example.com/secret-scanning-help"
 }
 ```
 
@@ -71,6 +73,8 @@ The following arguments are supported:
 - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`.
 - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`.
 - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`.
+- `secret_scanning_push_protection_custom_link_enabled` - (Optional) Whether a custom link is shown to contributors blocked by secret scanning push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization.
+- `secret_scanning_push_protection_custom_link` - (Optional) URL displayed to contributors blocked by secret scanning push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`.
 
 ## Attributes Reference
 

examples/resources/organization_settings/example_1.tf

@@ -25,4 +25,6 @@ resource "github_organization_settings" "test" {
   dependency_graph_enabled_for_new_repositories                = false
   secret_scanning_enabled_for_new_repositories                 = false
   secret_scanning_push_protection_enabled_for_new_repositories = false
+  secret_scanning_push_protection_custom_link_enabled          = true
+  secret_scanning_push_protection_custom_link                  = "https://example.com/secret-scanning-help"
 }

github/data_source_github_organization.go

@@ -141,6 +141,14 @@ func dataSourceGithubOrganization() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"secret_scanning_push_protection_custom_link_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"secret_scanning_push_protection_custom_link": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"summary_only": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -265,6 +273,8 @@ func dataSourceGithubOrganizationRead(ctx context.Context, d *schema.ResourceDat
 		_ = d.Set("dependency_graph_enabled_for_new_repositories", organization.GetDependencyGraphEnabledForNewRepos())
 		_ = d.Set("secret_scanning_enabled_for_new_repositories", organization.GetSecretScanningEnabledForNewRepos())
 		_ = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", organization.GetSecretScanningPushProtectionEnabledForNewRepos())
+		_ = d.Set("secret_scanning_push_protection_custom_link_enabled", organization.GetSecretScanningPushProtectionCustomLinkEnabled())
+		_ = d.Set("secret_scanning_push_protection_custom_link", organization.GetSecretScanningPushProtectionCustomLink())
 	}
 
 	d.SetId(strconv.FormatInt(organization.GetID(), 10))

github/data_source_github_organization_test.go

@@ -41,6 +41,7 @@ func TestAccGithubOrganizationDataSource(t *testing.T) {
 			resource.TestCheckResourceAttrSet("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"),
 			resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"),
 			resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"),
+			resource.TestCheckResourceAttrSet("data.github_organization.test", "secret_scanning_push_protection_custom_link_enabled"),
 		)
 
 		resource.Test(t, resource.TestCase{
@@ -139,6 +140,8 @@ func TestAccGithubOrganizationDataSource(t *testing.T) {
 			resource.TestCheckNoResourceAttr("data.github_organization.test", "dependency_graph_enabled_for_new_repositories"),
 			resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_enabled_for_new_repositories"),
 			resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_enabled_for_new_repositories"),
+			resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_custom_link_enabled"),
+			resource.TestCheckNoResourceAttr("data.github_organization.test", "secret_scanning_push_protection_custom_link"),
 		)
 
 		resource.Test(t, resource.TestCase{

github/resource_github_organization_settings.go

@@ -169,6 +169,18 @@ func resourceGithubOrganizationSettings() *schema.Resource {
 				Default:     false,
 				Description: "Whether or not secret scanning push protection is enabled for new repositories.",
 			},
+			"secret_scanning_push_protection_custom_link_enabled": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Computed:    true,
+				Description: "Whether a custom link is shown to contributors who are blocked from pushing a secret by push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization.",
+			},
+			"secret_scanning_push_protection_custom_link": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "URL displayed to contributors who are blocked from pushing a secret by push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`.",
+			},
 		},
 	}
 }
@@ -290,6 +302,14 @@ func buildOrganizationSettings(d *schema.ResourceData, isEnterprise bool) *githu
 	if shouldInclude("secret_scanning_push_protection_enabled_for_new_repositories") {
 		settings.SecretScanningPushProtectionEnabledForNewRepos = new(d.Get("secret_scanning_push_protection_enabled_for_new_repositories").(bool))
 	}
+	if shouldInclude("secret_scanning_push_protection_custom_link_enabled") {
+		settings.SecretScanningPushProtectionCustomLinkEnabled = new(d.Get("secret_scanning_push_protection_custom_link_enabled").(bool))
+	}
+	if shouldInclude("secret_scanning_push_protection_custom_link") {
+		if v, ok := d.GetOk("secret_scanning_push_protection_custom_link"); ok {
+			settings.SecretScanningPushProtectionCustomLink = new(v.(string))
+		}
+	}
 
 	// Enterprise-specific field
 	if isEnterprise {
@@ -399,6 +419,12 @@ func resourceGithubOrganizationSettingsCreateOrUpdate(d *schema.ResourceData, me
 	if settings.SecretScanningPushProtectionEnabledForNewRepos != nil {
 		log.Printf("[DEBUG]   SecretScanningPushProtectionEnabledForNewRepos: %v", *settings.SecretScanningPushProtectionEnabledForNewRepos)
 	}
+	if settings.SecretScanningPushProtectionCustomLinkEnabled != nil {
+		log.Printf("[DEBUG]   SecretScanningPushProtectionCustomLinkEnabled: %v", *settings.SecretScanningPushProtectionCustomLinkEnabled)
+	}
+	if settings.SecretScanningPushProtectionCustomLink != nil {
+		log.Printf("[DEBUG]   SecretScanningPushProtectionCustomLink: %s", *settings.SecretScanningPushProtectionCustomLink)
+	}
 
 	orgSettings, _, err := client.Organizations.Edit(ctx, org, settings)
 	if err != nil {
@@ -513,6 +539,12 @@ func resourceGithubOrganizationSettingsRead(d *schema.ResourceData, meta any) er
 	if err = d.Set("secret_scanning_push_protection_enabled_for_new_repositories", orgSettings.GetSecretScanningPushProtectionEnabledForNewRepos()); err != nil {
 		return err
 	}
+	if err = d.Set("secret_scanning_push_protection_custom_link_enabled", orgSettings.GetSecretScanningPushProtectionCustomLinkEnabled()); err != nil {
+		return err
+	}
+	if err = d.Set("secret_scanning_push_protection_custom_link", orgSettings.GetSecretScanningPushProtectionCustomLink()); err != nil {
+		return err
+	}
 	return nil
 }
 

github/resource_github_organization_settings_test.go

@@ -39,6 +39,8 @@ func TestAccGithubOrganizationSettings(t *testing.T) {
 			dependency_graph_enabled_for_new_repositories = false
 			secret_scanning_enabled_for_new_repositories = false
 			secret_scanning_push_protection_enabled_for_new_repositories = false
+			secret_scanning_push_protection_custom_link_enabled = true
+			secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help"
 		  }`
 
 		check := resource.ComposeTestCheckFunc(
@@ -159,6 +161,7 @@ func TestAccGithubOrganizationSettings(t *testing.T) {
 			dependency_graph_enabled_for_new_repositories = false
 			secret_scanning_enabled_for_new_repositories = false
 			secret_scanning_push_protection_enabled_for_new_repositories = false
+			secret_scanning_push_protection_custom_link_enabled = false
 		}`
 
 		check := resource.ComposeTestCheckFunc(
@@ -206,6 +209,10 @@ func TestAccGithubOrganizationSettings(t *testing.T) {
 				"github_organization_settings.test",
 				"secret_scanning_push_protection_enabled_for_new_repositories", "false",
 			),
+			resource.TestCheckResourceAttr(
+				"github_organization_settings.test",
+				"secret_scanning_push_protection_custom_link_enabled", "false",
+			),
 		)
 
 		resource.Test(t, resource.TestCase{
@@ -234,6 +241,8 @@ func TestAccGithubOrganizationSettings(t *testing.T) {
 			dependency_graph_enabled_for_new_repositories = true
 			secret_scanning_enabled_for_new_repositories = false
 			secret_scanning_push_protection_enabled_for_new_repositories = true
+			secret_scanning_push_protection_custom_link_enabled = true
+			secret_scanning_push_protection_custom_link = "https://example.com/secret-scanning-help"
 		}`
 
 		check := resource.ComposeTestCheckFunc(
@@ -281,6 +290,14 @@ func TestAccGithubOrganizationSettings(t *testing.T) {
 				"github_organization_settings.test",
 				"secret_scanning_push_protection_enabled_for_new_repositories", "true",
 			),
+			resource.TestCheckResourceAttr(
+				"github_organization_settings.test",
+				"secret_scanning_push_protection_custom_link_enabled", "true",
+			),
+			resource.TestCheckResourceAttr(
+				"github_organization_settings.test",
+				"secret_scanning_push_protection_custom_link", "https://example.com/secret-scanning-help",
+			),
 		)
 
 		resource.Test(t, resource.TestCase{

templates/data-sources/organization.md.tmpl

@@ -52,3 +52,5 @@ Use this data source to retrieve basic information about a GitHub Organization.
 - `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories.
 - `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories.
 - `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories.
+- `secret_scanning_push_protection_custom_link_enabled` - Whether a custom link is shown to contributors blocked by secret scanning push protection.
+- `secret_scanning_push_protection_custom_link` - URL displayed to contributors blocked by secret scanning push protection.

templates/resources/organization_settings.md.tmpl

@@ -42,6 +42,8 @@ The following arguments are supported:
 - `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`.
 - `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`.
 - `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`.
+- `secret_scanning_push_protection_custom_link_enabled` - (Optional) Whether a custom link is shown to contributors blocked by secret scanning push protection. Setting this to `true` requires `secret_scanning_push_protection_custom_link` to be a non-empty URL. If managed at the enterprise level via `github_enterprise_security_analysis_settings`, this resource overrides that value for this organization.
+- `secret_scanning_push_protection_custom_link` - (Optional) URL displayed to contributors blocked by secret scanning push protection. Requires `secret_scanning_push_protection_custom_link_enabled` to be `true`.
 
 ## Attributes Reference