Skip to content
This repository was archived by the owner on May 16, 2026. It is now read-only.

Revert branch protection#279

Merged
akuzminsky merged 1 commit into
mainfrom
revert-protection
May 15, 2026
Merged

Revert branch protection#279
akuzminsky merged 1 commit into
mainfrom
revert-protection

Conversation

@akuzminsky
Copy link
Copy Markdown
Collaborator

@akuzminsky akuzminsky commented May 15, 2026

No description provided.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026

State s3://infrahouse-github-control-state/terraform.tfstate

Affected resources counts

Success 🟢 Add 🟡 Change Destroy
2 2 0

Affected resources by action

Action Resources
🟢 module.repos["github-control"].github_repository_file.renovate_json
🟢 module.repos["github-control"].github_repository_file.vuln_scanner_workflow
🟡 module.repos["github-control"].github_branch_protection.main[0]
🟡 module.repos["github-control"].github_repository_ruleset.main[0]
STDOUT 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # module.repos["github-control"].github_branch_protection.main[0] will be updated in-place
  ~ resource "github_branch_protection" "main" {
      ~ allows_force_pushes             = true -> false
        id                              = "BPR_kwDOSetbjM4El38b"
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.repos["github-control"].github_repository_file.renovate_json will be created
  + resource "github_repository_file" "renovate_json" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = (known after apply)
      + commit_message               = "Configure renovate"
      + commit_sha                   = (known after apply)
      + content                      = jsonencode(
            {
              + "$schema"                   = "https://docs.renovatebot.com/renovate-schema.json"
              + dependencyDashboardApproval = true
              + extends                     = [
                  + "config:recommended",
                ]
              + packageRules                = [
                  + {
                      + enabled        = false
                      + matchFileNames = [
                          + ".github/workflows/checkov.yml",
                          + ".github/workflows/terraform-CI.yml",
                          + ".github/workflows/terraform-CD.yml",
                          + ".github/workflows/vuln-scanner-pr-public.yml",
                          + ".github/workflows/vuln-scanner-pr-private.yml",
                          + ".github/workflows/vuln-scanner-pr.yml",
                          + ".github/workflows/terraform-review.yml",
                          + ".github/workflows/docs.yml",
                          + ".github/workflows/release.yml",
                          + ".github/workflows/notify-on-failure.yml",
                        ]
                      + matchManagers  = [
                          + "github-actions",
                        ]
                    },
                ]
              + prConcurrentLimit           = 1
              + rebaseWhen                  = "conflicted"
            }
        )
      + file                         = "renovate.json"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "github-control"
      + repository_id                = (known after apply)
      + sha                          = (known after apply)
    }

  # module.repos["github-control"].github_repository_file.vuln_scanner_workflow will be created
  + resource "github_repository_file" "vuln_scanner_workflow" {
      + autocreate_branch_source_sha = (known after apply)
      + branch                       = (known after apply)
      + commit_message               = "Update vuln-scanner-pr.yml workflow"
      + commit_sha                   = (known after apply)
      + content                      = <<-EOT
            # This file is managed by Terraform in github-control repository
            # Do not edit this file, all changes will be overwritten
            # If you need to change this file, create a pull request in
            # https://github.com/infrahouse8/github-control
            ---
            name: OSV-Scanner PR Scan
            
            on:  # yamllint disable-line rule:truthy
              pull_request:
                branches: [main]
            
            permissions:
              # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
              actions: read
              # Require writing security events to upload SARIF file to security tab
              security-events: write
              # Only need to read contents
              contents: read
            
            jobs:
              vulnerability-check:
                uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.0"
                with:
                  scan-args: --config osv-scanner.toml
                  upload-sarif: false
        EOT
      + file                         = "./.github/workflows/vuln-scanner-pr.yml"
      + id                           = (known after apply)
      + overwrite_on_create          = true
      + ref                          = (known after apply)
      + repository                   = "github-control"
      + repository_id                = (known after apply)
      + sha                          = (known after apply)
    }

  # module.repos["github-control"].github_repository_ruleset.main[0] will be updated in-place
  ~ resource "github_repository_ruleset" "main" {
      ~ enforcement = "disabled" -> "active"
        id          = "16465373"
        name        = "Main Branch Protection"
        # (5 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

Plan: 2 to add, 2 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.ih_8_repos.github_repository.repo,
  on modules/local-repo/repos.tf line 4, in resource "github_repository" "repo":
   4:   has_downloads        = false

This attribute is no longer in use, but it hasn't been removed yet. It will
be removed in a future version. See
https://github.com/orgs/community/discussions/102145#discussioncomment-8351756

(and 7 more similar warnings elsewhere)

Warning: Deprecated attribute

  on .terraform/modules/actions-runner-pem-493370826424-uw1/data_sources.tf line 11, in data "external" "secret_value":
  11:     "python", "${path.module}/assets/get_secret.py", data.aws_region.current.name, aws_secretsmanager_secret.secret.id, data.aws_iam_role.caller_role.arn

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and 5 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tf.plan

To perform exactly these actions, run the following command to apply:
    terraform apply "tf.plan"
Releasing state lock. This may take a few moments...
metadata 
eyJzMzovL2luZnJhaG91c2UtZ2l0aHViLWNvbnRyb2wtc3RhdGUvdGVycmFmb3JtLnRmc3RhdGUiOiB7InN1Y2Nlc3MiOiB0cnVlLCAiYWRkIjogMiwgImNoYW5nZSI6IDIsICJkZXN0cm95IjogMH19

@akuzminsky akuzminsky merged commit aab356d into main May 15, 2026
1 check passed
@akuzminsky akuzminsky deployed to production May 15, 2026 21:36 — with GitHub Actions Active
@akuzminsky akuzminsky deleted the revert-protection branch May 15, 2026 21:36
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akuzminsky