From 62d0e5e734e89f88e3dd35a5287a4d45ba1e73ad Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Mon, 14 Jul 2025 15:13:56 +0200 Subject: [PATCH 01/10] feat: add data source for GitHub Actions organization remove token --- ...ithub_actions_organization_remove_token.go | 49 +++++++++++++++++++ ..._actions_organization_remove_token_test.go | 49 +++++++++++++++++++ github/provider.go | 1 + 3 files changed, 99 insertions(+) create mode 100644 github/data_source_github_actions_organization_remove_token.go create mode 100644 github/data_source_github_actions_organization_remove_token_test.go diff --git a/github/data_source_github_actions_organization_remove_token.go b/github/data_source_github_actions_organization_remove_token.go new file mode 100644 index 0000000000..926993ed7a --- /dev/null +++ b/github/data_source_github_actions_organization_remove_token.go @@ -0,0 +1,49 @@ +package github + +import ( + "context" + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubActionsOrganizationRemoveToken() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGithubActionsOrganizationRemoveTokenRead, + + Schema: map[string]*schema.Schema{ + "token": { + Type: schema.TypeString, + Computed: true, + }, + "expires_at": { + Type: schema.TypeInt, + Computed: true, + }, + }, + } +} + +func dataSourceGithubActionsOrganizationRemoveTokenRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + owner := meta.(*Owner).name + + log.Printf("[DEBUG] Creating a GitHub Actions organization remove token for %s", owner) + token, _, err := client.Actions.CreateOrganizationRemoveToken(context.TODO(), owner) + if err != nil { + return fmt.Errorf("error creating a GitHub Actions organization remove token for %s: %s", owner, err) + } + + d.SetId(owner) + err = d.Set("token", token.Token) + if err != nil { + return err + } + err = d.Set("expires_at", token.ExpiresAt.Unix()) + if err != nil { + return err + } + + return nil +} diff --git a/github/data_source_github_actions_organization_remove_token_test.go b/github/data_source_github_actions_organization_remove_token_test.go new file mode 100644 index 0000000000..71babfdfca --- /dev/null +++ b/github/data_source_github_actions_organization_remove_token_test.go @@ -0,0 +1,49 @@ +package github + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubActionsOrganizationRemoveTokenDataSource(t *testing.T) { + + t.Run("get an organization remove token without error", func(t *testing.T) { + + config := ` + data "github_actions_organization_remove_token" "test" { + } + ` + + check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_actions_organization_remove_token.test", "token"), + resource.TestCheckResourceAttrSet("data.github_actions_organization_remove_token.test", "expires_at"), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: check, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} diff --git a/github/provider.go b/github/provider.go index 8f44c95098..a6c6c807ca 100644 --- a/github/provider.go +++ b/github/provider.go @@ -203,6 +203,7 @@ func Provider() *schema.Provider { "github_actions_organization_oidc_subject_claim_customization_template": dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate(), "github_actions_organization_public_key": dataSourceGithubActionsOrganizationPublicKey(), "github_actions_organization_registration_token": dataSourceGithubActionsOrganizationRegistrationToken(), + "github_actions_organization_registration_tokens": dataSourceGithubActionsOrganizationRemoveToken(), "github_actions_organization_secrets": dataSourceGithubActionsOrganizationSecrets(), "github_actions_organization_variables": dataSourceGithubActionsOrganizationVariables(), "github_actions_public_key": dataSourceGithubActionsPublicKey(), From 97f18035c63c4c30134e43318b388c11e0b0e223 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Mon, 14 Jul 2025 22:28:10 +0200 Subject: [PATCH 02/10] fix(provider): correct data source name for github_actions_organization_remove_token --- github/provider.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/provider.go b/github/provider.go index a6c6c807ca..508b278c59 100644 --- a/github/provider.go +++ b/github/provider.go @@ -203,7 +203,7 @@ func Provider() *schema.Provider { "github_actions_organization_oidc_subject_claim_customization_template": dataSourceGithubActionsOrganizationOIDCSubjectClaimCustomizationTemplate(), "github_actions_organization_public_key": dataSourceGithubActionsOrganizationPublicKey(), "github_actions_organization_registration_token": dataSourceGithubActionsOrganizationRegistrationToken(), - "github_actions_organization_registration_tokens": dataSourceGithubActionsOrganizationRemoveToken(), + "github_actions_organization_remove_token": dataSourceGithubActionsOrganizationRemoveToken(), "github_actions_organization_secrets": dataSourceGithubActionsOrganizationSecrets(), "github_actions_organization_variables": dataSourceGithubActionsOrganizationVariables(), "github_actions_public_key": dataSourceGithubActionsPublicKey(), From 956235ed117610c99104ed213a0ddd8bc104a62a Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Tue, 15 Jul 2025 21:24:33 +0200 Subject: [PATCH 03/10] feat(actions): add data source for GitHub Actions remove token Add github_actions_remove_token data source to retrieve remove tokens for GitHub Actions runners. The data source provides token and expiration time fields for managing runner removal operations. --- ...data_source_github_actions_remove_token.go | 49 +++++++++++++++++++ ...source_github_actions_remove_token_test.go | 49 +++++++++++++++++++ github/provider.go | 1 + 3 files changed, 99 insertions(+) create mode 100644 github/data_source_github_actions_remove_token.go create mode 100644 github/data_source_github_actions_remove_token_test.go diff --git a/github/data_source_github_actions_remove_token.go b/github/data_source_github_actions_remove_token.go new file mode 100644 index 0000000000..29baab13cd --- /dev/null +++ b/github/data_source_github_actions_remove_token.go @@ -0,0 +1,49 @@ +package github + +import ( + "context" + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceGithubActionsRemoveToken() *schema.Resource { + return &schema.Resource{ + Read: dataSourceGithubActionsRemoveTokenRead, + + Schema: map[string]*schema.Schema{ + "token": { + Type: schema.TypeString, + Computed: true, + }, + "expires_at": { + Type: schema.TypeInt, + Computed: true, + }, + }, + } +} + +func dataSourceGithubActionsRemoveTokenRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*Owner).v3client + owner := meta.(*Owner).name + + log.Printf("[DEBUG] Creating a GitHub Actions organization remove token for %s", owner) + token, _, err := client.Actions.CreateOrganizationRemoveToken(context.TODO(), owner) + if err != nil { + return fmt.Errorf("error creating a GitHub Actions organization remove token for %s: %s", owner, err) + } + + d.SetId(owner) + err = d.Set("token", token.Token) + if err != nil { + return err + } + err = d.Set("expires_at", token.ExpiresAt.Unix()) + if err != nil { + return err + } + + return nil +} diff --git a/github/data_source_github_actions_remove_token_test.go b/github/data_source_github_actions_remove_token_test.go new file mode 100644 index 0000000000..8c8edeba85 --- /dev/null +++ b/github/data_source_github_actions_remove_token_test.go @@ -0,0 +1,49 @@ +package github + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccGithubActionsRemoveTokenDataSource(t *testing.T) { + + t.Run("get an organization remove token without error", func(t *testing.T) { + + config := ` + data "github_actions_remove_token" "test" { + } + ` + + check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.github_actions_remove_token.test", "token"), + resource.TestCheckResourceAttrSet("data.github_actions_remove_token.test", "expires_at"), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: check, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} diff --git a/github/provider.go b/github/provider.go index 508b278c59..9daf5ee15f 100644 --- a/github/provider.go +++ b/github/provider.go @@ -208,6 +208,7 @@ func Provider() *schema.Provider { "github_actions_organization_variables": dataSourceGithubActionsOrganizationVariables(), "github_actions_public_key": dataSourceGithubActionsPublicKey(), "github_actions_registration_token": dataSourceGithubActionsRegistrationToken(), + "github_actions_remove_token": dataSourceGithubActionsRemoveToken(), "github_actions_repository_oidc_subject_claim_customization_template": dataSourceGithubActionsRepositoryOIDCSubjectClaimCustomizationTemplate(), "github_actions_secrets": dataSourceGithubActionsSecrets(), "github_actions_variables": dataSourceGithubActionsVariables(), From 7b8504763596c20d3cd69b432e3824f1e8923adb Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Tue, 15 Jul 2025 22:14:39 +0200 Subject: [PATCH 04/10] feat(actions): add repository support for GitHub Actions remove token data source --- ...data_source_github_actions_remove_token.go | 17 +++++++++--- ...source_github_actions_remove_token_test.go | 17 +++++++++--- ...ns_organization_remove_token.html.markdown | 24 +++++++++++++++++ .../docs/d/actions_remove_token.html.markdown | 27 +++++++++++++++++++ 4 files changed, 78 insertions(+), 7 deletions(-) create mode 100644 website/docs/d/actions_organization_remove_token.html.markdown create mode 100644 website/docs/d/actions_remove_token.html.markdown diff --git a/github/data_source_github_actions_remove_token.go b/github/data_source_github_actions_remove_token.go index 29baab13cd..ba5f5cf54b 100644 --- a/github/data_source_github_actions_remove_token.go +++ b/github/data_source_github_actions_remove_token.go @@ -13,6 +13,11 @@ func dataSourceGithubActionsRemoveToken() *schema.Resource { Read: dataSourceGithubActionsRemoveTokenRead, Schema: map[string]*schema.Schema{ + "repository": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, "token": { Type: schema.TypeString, Computed: true, @@ -28,14 +33,15 @@ func dataSourceGithubActionsRemoveToken() *schema.Resource { func dataSourceGithubActionsRemoveTokenRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*Owner).v3client owner := meta.(*Owner).name + repoName := d.Get("repository").(string) - log.Printf("[DEBUG] Creating a GitHub Actions organization remove token for %s", owner) - token, _, err := client.Actions.CreateOrganizationRemoveToken(context.TODO(), owner) + log.Printf("[DEBUG] Creating a GitHub Actions repository registration token for %s/%s", owner, repoName) + token, _, err := client.Actions.CreateRegistrationToken(context.TODO(), owner, repoName) if err != nil { - return fmt.Errorf("error creating a GitHub Actions organization remove token for %s: %s", owner, err) + return fmt.Errorf("error creating a GitHub Actions repository registration token for %s/%s: %s", owner, repoName, err) } - d.SetId(owner) + d.SetId(fmt.Sprintf("%s/%s", owner, repoName)) err = d.Set("token", token.Token) if err != nil { return err @@ -44,6 +50,9 @@ func dataSourceGithubActionsRemoveTokenRead(d *schema.ResourceData, meta interfa if err != nil { return err } + if token.Token != nil { + log.Printf("tokenoutput: %s", *token.Token) + } return nil } diff --git a/github/data_source_github_actions_remove_token_test.go b/github/data_source_github_actions_remove_token_test.go index 8c8edeba85..d6b6da9a48 100644 --- a/github/data_source_github_actions_remove_token_test.go +++ b/github/data_source_github_actions_remove_token_test.go @@ -1,21 +1,32 @@ package github import ( + "fmt" "testing" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) func TestAccGithubActionsRemoveTokenDataSource(t *testing.T) { - t.Run("get an organization remove token without error", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("get a repository remove token without error", func(t *testing.T) { + + config := fmt.Sprintf(` + resource "github_repository" "test" { + name = "tf-acc-test-%[1]s" + auto_init = true + } - config := ` data "github_actions_remove_token" "test" { + repository = github_repository.test.id } - ` + `, randomID) check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.github_actions_remove_token.test", "repository", fmt.Sprintf("tf-acc-test-%s", randomID)), resource.TestCheckResourceAttrSet("data.github_actions_remove_token.test", "token"), resource.TestCheckResourceAttrSet("data.github_actions_remove_token.test", "expires_at"), ) diff --git a/website/docs/d/actions_organization_remove_token.html.markdown b/website/docs/d/actions_organization_remove_token.html.markdown new file mode 100644 index 0000000000..4f2dd287f5 --- /dev/null +++ b/website/docs/d/actions_organization_remove_token.html.markdown @@ -0,0 +1,24 @@ +--- +layout: "github" +page_title: "GitHub: actions_organization_remove_token" +description: |- + Get a GitHub Actions organization remove token. +--- + +# actions_regmove_token + +Use this data source to retrieve a GitHub Actions organization remove token. This token can then be used to register a self-hosted runner. + +## Example Usage + +```hcl +data "github_actions_organization_remove_token" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + + * `token` - The token that has been retrieved. + * `expires_at` - The token expiration date. \ No newline at end of file diff --git a/website/docs/d/actions_remove_token.html.markdown b/website/docs/d/actions_remove_token.html.markdown new file mode 100644 index 0000000000..410a5cc783 --- /dev/null +++ b/website/docs/d/actions_remove_token.html.markdown @@ -0,0 +1,27 @@ +--- +layout: "github" +page_title: "GitHub: actions_remove_token" +description: |- + Get a GitHub Actions repository registration token. +--- + +# actions_remove_token + +Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to register a self-hosted runner. + +## Example Usage + +```hcl +data "github_actions_remove_token" "example" { + repository = "example_repo" +} +``` + +## Argument Reference + + * `repository` - (Required) Name of the repository to get a GitHub Actions registration token for. + +## Attributes Reference + + * `token` - The token that has been retrieved. + * `expires_at` - The token expiration date. From 38eedafa46983d9764cc9f2e098b704b50e3a544 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Tue, 15 Jul 2025 23:10:48 +0200 Subject: [PATCH 05/10] fix(actions): set correct function for remove token --- github/data_source_github_actions_remove_token.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/github/data_source_github_actions_remove_token.go b/github/data_source_github_actions_remove_token.go index ba5f5cf54b..535f918fe5 100644 --- a/github/data_source_github_actions_remove_token.go +++ b/github/data_source_github_actions_remove_token.go @@ -35,10 +35,10 @@ func dataSourceGithubActionsRemoveTokenRead(d *schema.ResourceData, meta interfa owner := meta.(*Owner).name repoName := d.Get("repository").(string) - log.Printf("[DEBUG] Creating a GitHub Actions repository registration token for %s/%s", owner, repoName) - token, _, err := client.Actions.CreateRegistrationToken(context.TODO(), owner, repoName) + log.Printf("[DEBUG] Creating a GitHub Actions repository remove token for %s/%s", owner, repoName) + token, _, err := client.Actions.CreateRemoveToken(context.TODO(), owner, repoName) if err != nil { - return fmt.Errorf("error creating a GitHub Actions repository registration token for %s/%s: %s", owner, repoName, err) + return fmt.Errorf("error creating a GitHub Actions repository remove token for %s/%s: %s", owner, repoName, err) } d.SetId(fmt.Sprintf("%s/%s", owner, repoName)) @@ -50,9 +50,6 @@ func dataSourceGithubActionsRemoveTokenRead(d *schema.ResourceData, meta interfa if err != nil { return err } - if token.Token != nil { - log.Printf("tokenoutput: %s", *token.Token) - } return nil } From e6469ea70e9c3126459a3179ed72d3522fb293cc Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Wed, 16 Jul 2025 01:58:39 +0200 Subject: [PATCH 06/10] test(actions): enable vulnerability alerts in GitHub Actions token test repositories to avoid drift, as vuln alerts are automatically activated for newly created repositories --- github/data_source_github_actions_registration_token_test.go | 1 + github/data_source_github_actions_remove_token_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/github/data_source_github_actions_registration_token_test.go b/github/data_source_github_actions_registration_token_test.go index ca96873df9..6fdb944b05 100644 --- a/github/data_source_github_actions_registration_token_test.go +++ b/github/data_source_github_actions_registration_token_test.go @@ -18,6 +18,7 @@ func TestAccGithubActionsRegistrationTokenDataSource(t *testing.T) { resource "github_repository" "test" { name = "tf-acc-test-%[1]s" auto_init = true + vulnerability_alerts = true } data "github_actions_registration_token" "test" { diff --git a/github/data_source_github_actions_remove_token_test.go b/github/data_source_github_actions_remove_token_test.go index d6b6da9a48..dd850cae03 100644 --- a/github/data_source_github_actions_remove_token_test.go +++ b/github/data_source_github_actions_remove_token_test.go @@ -18,6 +18,7 @@ func TestAccGithubActionsRemoveTokenDataSource(t *testing.T) { resource "github_repository" "test" { name = "tf-acc-test-%[1]s" auto_init = true + vulnerability_alerts = true } data "github_actions_remove_token" "test" { From 3934f50cfac0efc003e928537bd33bd46ae75539 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Wed, 16 Jul 2025 10:58:49 +0200 Subject: [PATCH 07/10] fix docs wording for org level runner --- .../docs/d/actions_organization_remove_token.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/d/actions_organization_remove_token.html.markdown b/website/docs/d/actions_organization_remove_token.html.markdown index 4f2dd287f5..77e55630b4 100644 --- a/website/docs/d/actions_organization_remove_token.html.markdown +++ b/website/docs/d/actions_organization_remove_token.html.markdown @@ -7,7 +7,7 @@ description: |- # actions_regmove_token -Use this data source to retrieve a GitHub Actions organization remove token. This token can then be used to register a self-hosted runner. +Use this data source to retrieve a GitHub Actions organization remove token. This token can then be used to remove a self-hosted runner. ## Example Usage @@ -21,4 +21,4 @@ data "github_actions_organization_remove_token" "example" { ## Attributes Reference * `token` - The token that has been retrieved. - * `expires_at` - The token expiration date. \ No newline at end of file + * `expires_at` - The token expiration date. From 61a853f8fa1915d4c27a699b313b3ae57bf17973 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Wed, 16 Jul 2025 10:59:33 +0200 Subject: [PATCH 08/10] fix typo --- website/docs/d/actions_organization_remove_token.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/actions_organization_remove_token.html.markdown b/website/docs/d/actions_organization_remove_token.html.markdown index 77e55630b4..ee33a9b0d2 100644 --- a/website/docs/d/actions_organization_remove_token.html.markdown +++ b/website/docs/d/actions_organization_remove_token.html.markdown @@ -5,7 +5,7 @@ description: |- Get a GitHub Actions organization remove token. --- -# actions_regmove_token +# actions_remove_token Use this data source to retrieve a GitHub Actions organization remove token. This token can then be used to remove a self-hosted runner. From 907c114761e1346b39995e1376e28a3d895c6730 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Wed, 16 Jul 2025 11:00:55 +0200 Subject: [PATCH 09/10] fix docs for repo level token --- website/docs/d/actions_remove_token.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/actions_remove_token.html.markdown b/website/docs/d/actions_remove_token.html.markdown index 410a5cc783..6bfc68f2f2 100644 --- a/website/docs/d/actions_remove_token.html.markdown +++ b/website/docs/d/actions_remove_token.html.markdown @@ -7,7 +7,7 @@ description: |- # actions_remove_token -Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to register a self-hosted runner. +Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to remove a self-hosted runner. ## Example Usage From 1f5bbf19acb7caa5cf06470388066aa937200ca7 Mon Sep 17 00:00:00 2001 From: dankress <113473726+dankress@users.noreply.github.com> Date: Wed, 16 Jul 2025 11:07:24 +0200 Subject: [PATCH 10/10] change left over wording in docs --- website/docs/d/actions_remove_token.html.markdown | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/d/actions_remove_token.html.markdown b/website/docs/d/actions_remove_token.html.markdown index 6bfc68f2f2..842ce93ca8 100644 --- a/website/docs/d/actions_remove_token.html.markdown +++ b/website/docs/d/actions_remove_token.html.markdown @@ -2,12 +2,12 @@ layout: "github" page_title: "GitHub: actions_remove_token" description: |- - Get a GitHub Actions repository registration token. + Get a GitHub Actions repository remove token. --- # actions_remove_token -Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to remove a self-hosted runner. +Use this data source to retrieve a GitHub Actions repository remove token. This token can then be used to remove a self-hosted runner. ## Example Usage @@ -19,7 +19,7 @@ data "github_actions_remove_token" "example" { ## Argument Reference - * `repository` - (Required) Name of the repository to get a GitHub Actions registration token for. + * `repository` - (Required) Name of the repository to get a GitHub Actions remove token for. ## Attributes Reference