Using github_actions_organization_secret_repositories causes to be updated on each apply even with no changes. #974
Description
Hi there,
Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.
Terraform Version
Terraform v0.15.0
Affected Resource(s)
Please list the resources as a list, for example:
- github_actions_organization_secret
- github_actions_organization_secret_repositories
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 4.0"
}
}
}
# Configure the GitHub Provider
provider "github" {}
data "github_repository" "repo" {
full_name = "ORGNAME/REPONAME" # Change accordingly
}
resource "github_actions_organization_secret" "example_secret" {
secret_name = "example_secret_name"
visibility = "selected"
plaintext_value = "my-secret-text"
# selected_repository_ids = [data.github_repository.repo.repo_id]
}
resource "github_actions_organization_secret_repositories" "org_secret_repos" {
secret_name = "example_secret_name"
selected_repository_ids = [data.github_repository.repo.repo_id]
}Debug Output
Please provide a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
Panic Output
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.
Expected Behavior
Using the above code with no changes should not keep updating the secret on apply.
Actual Behavior
The first apply works as expected and then each subsequent apply indicates an update and applies an update even though no code was changed.
If instead of using the separate github_actions_organization_secret_repositories resource and instead embed the respositories as part of the github_actions_organization_secret resource, this does not happen.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply- see the resource was created as expected in github.
- Wait a minute and refresh the github page so you can see the secret was created a minute ago.
terraform apply- See that terraform is showing an update even though nothing has changed.
- Accept the update
- Confirm that github shows the same secret was just updated.
terraform destroy- Change the code to comment out the secret_repositories resource and uncomment the embedded repositories property int he secret resource.
terraform apply- See the secret was created as expected
terrarorm apply- See that it does not try to update the unchanged resource as expected.
Important Factoids
Is there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: