Skip to content

chore(provider): bump integrations/github 6.10.2 -> 6.12.1#63

Merged
NWarila merged 1 commit into
mainfrom
chore/bump-provider-github-6.12
May 26, 2026
Merged

chore(provider): bump integrations/github 6.10.2 -> 6.12.1#63
NWarila merged 1 commit into
mainfrom
chore/bump-provider-github-6.12

Conversation

@NWarila
Copy link
Copy Markdown
Contributor

@NWarila NWarila commented May 26, 2026

Summary

Bumps `integrations/github` from `6.10.2` to `6.12.1` (3 minor versions). Motivated by the `allow_forking` provider-default behavior: 6.10.2 treats Terraform `null` as the schema default `false`, which causes the provider to always include `allow_forks` in PATCH payloads. PATCH then 422s on personal-account private repositories.

6.12.x may include nullable handling for `allow_forking` (the next deploy will confirm). If the upgrade resolves the 422, no further code changes are needed and the ownership-aware default landed in #62 will behave as intended.

Changes

  • `terraform/versions.tf`: bump constraint `6.10.2` -> `6.12.1`.
  • `terraform/.terraform.lock.hcl`: remove the github provider entry so CI's `terraform init` regenerates it. AWS and time entries are unchanged.

Test plan

  • Framework CI green (`Validate & Test` exercises terraform init/validate/test).
  • After merge: bump pin in `NWarila/github-terraform-runner/.github/workflows/terraform-deploy.yaml` and re-run `Deploy GitHub Terraform`. Expect the 3 personal-account private repos (Resume, Personal, github-sandbox) to apply without 422.

Fallback

If 6.12.1 doesn't fix the 422, follow-up PR adds `managed: optional(bool, true)` to the YAML schema and filters at the locals layer.

@NWarila @claude
chore(provider): bump integrations/github 6.10.2 -> 6.12.1
08c149d 
The terraform-provider-github 6.12 line is several point releases
ahead of the 6.10.2 currently pinned. The bump is motivated by the
allow_forking provider-default issue: 6.10.2 treats Terraform `null`
as the schema default `false`, which causes the provider to always
include `allow_forks` in PATCH payloads. PATCH then 422s on personal-
account private repositories.

6.12.x's changelog may include nullable handling for allow_forking
(needs the next deploy to confirm). If the upgrade resolves the 422,
no further code changes are needed and the ownership-aware default
landed in #62 will behave as intended. If it doesn't resolve, a
follow-up PR adds an explicit `managed: optional(bool, true)` flag
to the YAML schema and filters runtime-managed repos accordingly.

versions.tf: bump constraint.
.terraform.lock.hcl: remove the github provider block so CI's
  `terraform init` regenerates it for 6.12.1. The aws and time
  provider blocks are unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026

Terraform Framework Test Results

Check Status
Format
Init
Validate
Test Suite

Runs: 54 total, 54 passed, 0 failed, 0 skipped

Full test output 
tests/normalization.tftest.hcl... in progress
  run "pattern_blocks_with_only_pattern_field_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-partial-patterns-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "merge_queue_with_partial_fields_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-partial-merge-queue-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "pull_request_with_only_merge_methods_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-partial-pull-request-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "pages_partial_fields_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-pages-partial-repo"],
  on 41-resources-github.tf line 28, in resource "github_repository" "repo":
  28: resource "github_repository" "repo" {

Use the github_repository_pages resource instead. This field will be removed
in a future version.

(and 2 more similar warnings elsewhere)

  run "repo_with_environments_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-env-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and 3 more similar warnings elsewhere)

  run "archived_repo_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-archived-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "empty_repo_set_plans_clean"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "org_mode_explicit_codeowners_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-org-codeowners-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "personal_mode_synthesizes_codeowners"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-personal-synthesized-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "push_ruleset_on_private_when_supported_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-push-ruleset-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "license_template_defaults_null_not_MIT"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "good_minimal_produces_expected_resource_counts"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "good_minimal_carries_expected_defaults"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "archived_repo_filters_out_downstream_locals"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-archived-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "empty_repo_set_exercises_every_filter_on_zero_input"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "good_minimal_produces_zero_environments_zero_codeowners"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "explicit_security_and_analysis_overrides_baseline"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-explicit-security-override-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "multi_branch_sources_all_from_default_not_serially"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-multi-branch-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "fork_repo_passes_through_source_fields"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-fork-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

tests/normalization.tftest.hcl... tearing down
tests/normalization.tftest.hcl... pass
tests/preconditions.tftest.hcl... in progress
  run "rejects_invalid_visibility_enum"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_public_repo_without_description"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_invalid_ruleset_enforcement"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-ruleset-enforcement-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_org_mode_codeowners_required_but_missing"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-codeowners-org-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_env_wait_timer_out_of_range"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-env-wait-timer-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_env_branch_policy_mutually_exclusive"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-env-branch-policy-both-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_actions_allowed_actions_enum"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-actions-enum-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_actions_selected_without_config"... pass

Warning: Argument is deprecated

  with github_repository.repo["bad-actions-selected-no-config-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

tests/preconditions.tftest.hcl... tearing down
tests/preconditions.tftest.hcl... pass
tests/security.tftest.hcl... in progress
  run "strict_mode_no_gap_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "compatibility_mode_no_gap_plans_clean_with_empty_preview"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "strict_mode_reports_gaps_across_multiple_visibilities"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "no_baseline_no_yaml_collapses_security_to_null"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "baseline_feature_enabled_when_capability_matches"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

tests/security.tftest.hcl... tearing down
tests/security.tftest.hcl... pass
tests/validation.tftest.hcl... in progress
  run "good_minimal_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "rejects_unknown_top_level_key"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_unknown_nested_key"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_duplicate_repo_keys"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_unsupported_push_ruleset"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_code_scanning_tool_typo"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_multiple_nested_typos_in_one_repo"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_secrets_written_as_map"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_token_mode_missing_token"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_app_mode_missing_app_auth"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_token_mode_with_app_auth_also_set"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_app_mode_with_token_also_set"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "valid_app_auth_plans_clean"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "strict_mode_fails_on_capability_gap"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "compatibility_mode_tolerates_capability_gap"... pass

Warning: Argument is deprecated

  with github_repository.repo["example-public-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "push_ruleset_public_supports_true_still_fails"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "push_ruleset_private_supports_false_fails"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "push_ruleset_internal_supports_true_passes"... pass

Warning: Argument is deprecated

  with github_repository.repo["good-internal-push-ruleset-repo"],
  on 41-resources-github.tf line 78, in resource "github_repository" "repo":
  78:   vulnerability_alerts = each.value.vulnerability_alerts

Use the github_repository_vulnerability_alerts resource instead. This field
will be removed in a future version.

(and one more similar warning elsewhere)

  run "push_ruleset_internal_supports_false_fails"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_invalid_github_owner_regex"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_invalid_auth_mode_enum"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

  run "rejects_invalid_baseline_mode_enum"... pass

Warning: Argument is deprecated

  with github_actions_environment_secret.env_secret,
  on 41-resources-github.tf line 528, in resource "github_actions_environment_secret" "env_secret":
 528:   plaintext_value = ""

Use value.

tests/validation.tftest.hcl... tearing down
tests/validation.tftest.hcl... pass

Success! 54 passed, 0 failed.

Commit: bf2efb3

@NWarila NWarila merged commit 7f2cf0b into main May 26, 2026
11 checks passed
@NWarila NWarila deleted the chore/bump-provider-github-6.12 branch May 26, 2026 14:01
@NWarila NWarila mentioned this pull request May 26, 2026
Merged
NWarila added a commit to NWarila/github-terraform-runner that referenced this pull request May 26, 2026
@NWarila @claude
ci: bump framework_ref to provider 6.12.1 test (#41)
8da00c8 
Tests whether terraform-provider-github 6.12.1 correctly omits
`allow_forks` from PATCH payloads when Terraform value is null. See
[nwarila-platform/github-terraform-framework#63](nwarila-platform/github-terraform-framework#63).

| | Before | After |
|---|---|---|
| uses: SHA | abda8e1f | 7f2cf0b6 |
| framework_ref | abda8e1f | 7f2cf0b6 |

If deploy succeeds for the 3 personal-account private repos after this
lands, F-A is resolved.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@NWarila NWarila mentioned this pull request May 26, 2026
Merged
1 task
NWarila added a commit that referenced this pull request May 26, 2026
@NWarila @claude
docs: record remediation-plan implementation status (2026-05-26) (#65)
af49741 
Adds a status preamble to REVIEW_REMEDIATION_PLAN.md recording
per-finding implementation state. 7 of 9 findings now marked Done
(Finding 4 closed by this session's PRs #62/#63); 1 REJECTED per
existing doc; 1 follow-up tracked (manage_codeowners_files opt-in flag).

## Test plan

- [ ] CI green (markdownlint)

Local: markdownlint-cli2 → 0 errors.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NWarila