App Auth can't create 'Internal' repos

[russtaylor]

'internal' repository creation fails when using App-based authentication.

Terraform Version

Terraform v1.0.1

Terraform Configuration Files

resource "github_repository" "test_repo" {
  name        = "test-repo"
  description = "Test Repo"

  visibility = "internal"

  has_issues             = true
  allow_merge_commit     = false
  delete_branch_on_merge = true
}

Debug Output

 Error: PATCH https://api.github.com/repos/<org>/<repo_name>: 422 Visibility can't be changed by this user. []

   with module.internal_repos.github_repository.test_repo,
   on internal-repos/test-repo.tf line 1, in resource "github_repository" "test_repo":
    1: resource "github_repository" "test_repo" {

Expected Behavior

The repo should have been successfully created as 'private' and then changed to 'internal'.

Actual Behavior

The repo was created as 'private', but then Terraform failed when attempting to change its visibility to 'internal'.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Setup GitHub App authentication as specified in the docs
2. Specify the setup of any 'internal' repository
3. terraform apply

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• Feature Request > GitHub App authentication support #514
• Adds support for GitHub App authentication #753

[ingledl]

Does your org block the ability to change visibility of a repository?
This the setting:

[russtaylor]

Yeah, we restrict that. We don't want to risk having users with 'admin' access to a repository inadvertently making it public.

We were hoping that the app key would still be able to do this with sufficient permissions.

[ingledl]

It looks like this PR is addressing the issue:
#794

Based on this issue:
#788

[russtaylor]

Good find! Thanks, I think you're right - that should address this issue.

I'll close this out & reopen it if it turns out that doesn't address it.

[imre-turi-cko]

Can we reopen this?

This is broken.

I authenticate with a GH App.

1. Trying without a template:

resource "github_repository" "poc_repo" {
  name        = local.repo_name
  description = "My awesome codebase"

  visibility = "internal"
}

ERROR: 422 Visibility can't be changed by this user. and Visibility is already internal. [] Which is funny, the repo was created with the right visibility but the apply still fails.

Terraform version: 1.3.5
Github provider version: 5.8.0 (because higher versions break visibility handling even more)

[kfcampbell]

@imre-turi-cko would you mind creating a new issue that details your concerns?

[ZarakiKenpachi7]

@imre-turi-cko - Did you open a new issue? I am facing the same problem.

[pixo-wnobrien]

@imre-turi-cko I am getting the same error, except my repo is private instead of internal

I am authenticating with a GH app, and I'm also seeing the repo get created properly after the initial fail. When rerunning the workspace I get the same error

Terraform Version: 1.3.3
GH provider version: 4.22.0