chore(deps): update terraform github to v6.11.1

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
github (source)	required_provider	minor	6.3.0 → 6.11.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

integrations/terraform-provider-github (github)

v6.11.1

Compare Source

What's Changed

🐛 Bugfixes

• fix: Only send allow_forking on change by @​stevehipwell in #​3174
• fix: Type mismatch in team_id of emu_group_mapping by @​deiga in #​3163

Maintenance

• [MAINT] Fixup github_repository_file by @​deiga in #​3175

Full Changelog: integrations/terraform-provider-github@v6.11.0...v6.11.1

v6.11.0

Compare Source

What's Changed

🚀 New Features

• feat: allow users to set GitHub app in their repositories by @​M0NsTeRRR in #​2469
• feat: add github_release_asset data source by @​mdb in #​2514
• feat(actions_permissions): sha_pinning_required by @​sheeeng in #​2870
• feat: Consistent secret and variable selected repos by @​stevehipwell in #​3155
• feat: Add ruleset rule for pull request required reviewers by @​deiga in #​3073
• feat: support internal visibility for repositories created by a template by @​puneet-arora15 in #​3123

🐛 Bugfixes

• fix: Correct forking and vulnerability alert logic by @​stevehipwell in #​3127
• fix: Correct ruleset pr allowed merge method logic by @​stevehipwell in #​3128
• fix: Relax id parsing strictness for existing ids by @​stevehipwell in #​3129
• fix(environments): swallow 404 not found errors by @​acouvreur in #​3132
• fix: Correct repo vulnerability alert logic by @​stevehipwell in #​3144
• fix: Correct secret drift implementation by @​stevehipwell in #​3069
• fix: Ensure github_emu_group_mapping behaves correctly if mapping changes upstream by @​deiga in #​3118

🛠️ Maintenance

• [MAINT] Fix ruleset tests after rebase by @​deiga in #​3153
• [MAINT] enable nilnesserr linter by @​deiga in #​3113
• [MAINT] Remove unnecessary separate API call for repo topics in github_repository by @​deiga in #​3086
• [MAINT] refactor github_repository_file to use Context-aware provider functions by @​deiga in #​3107
• [MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target by @​deiga in #​2958
• chore(actions): Add doc how to verify GitHub Attestations with GitHub cli and verify release artifacts with Cosign by @​ViacheslavKudinov in #​2846
• chore: Refactor test provider by @​stevehipwell in #​3146
• chore: Update go-github to v82 by @​stevehipwell in #​3139
• chore: Simplify codeql workflow by @​stevehipwell in #​3138
• build(deps): bump the github-actions group across 1 directory with 5 updates by @​dependabot[bot] in #​3141
• build(deps): bump the gomod group across 1 directory with 2 updates by @​dependabot[bot] in #​3091

New Contributors

• @​puneet-arora15 made their first contribution in #​3123
• @​sheeeng made their first contribution in #​2870

Full Changelog: integrations/terraform-provider-github@v6.10.2...v6.11.0

v6.10.2

Compare Source

What's Changed

🐛 Bugfixes

• fix: Revert provider input constraints by @​stevehipwell in #​3099
• chore: Fix repo allow forking by @​stevehipwell in #​3094

📝 Documentation

• docs(custom_property): fix typo and import example by @​scarlson in #​2605

New Contributors

• @​scarlson made their first contribution in #​2605

Full Changelog: integrations/terraform-provider-github@v6.10.1...v6.10.2

v6.10.1

Compare Source

⚠️ This release is deprecated, please use v6.10.2 instead

NOTE: This reverts a breaking change.

What's Changed

🐛 Bugfixes

• [BUG] Change allowed_merge_methods to Optional by @​deiga in #​3083

Full Changelog: integrations/terraform-provider-github@v6.10.0...v6.10.1

v6.10.0

Compare Source

⚠️ This release is deprecated, please use v6.10.1 instead

What's Changed

🚀 New Features

• feat: Update go-github to v81 by @​stevehipwell in #​3050
• feat: Add support for repo private forking by @​stevehipwell in #​3056
• feat: Add team notification settings by @​stevehipwell in #​3059
• feat: Add Organization workflow permission resource by @​deiga in #​3015
• feat: Add support for Copilot code review in repository and organization rulesets by @​JiayangZhou in #​2965

🐛 Bugfixes

• fix: Correct private forking implementation by @​stevehipwell in #​3067
• fix: ensure failed membership invite can be deleted by @​deiga in #​3058
• fix: Revert anon auth complication by @​deiga in #​3071
• fix: Prevent enterprise org taint on SAML enforcement error by @​ericpardee in #​3026
• fix: Escape environment name for id by @​stevehipwell in #​3079
• fix: Enable importing github_emu_group_mapping for Group with multiple teams by @​deiga in #​3054
• fix: Fix Org Ruleset tests && enable allowed_merge_methods by @​deiga in #​2976

🪦 Deprecations

• [MAINT] Deprecate has_downloads field of github_repository by @​deiga in #​3063

🛠️ Maintenance

• maint: Refactor integration tests by @​stevehipwell in #​2986
• maint: Ensure all acc tests have testacc prefix by @​deiga in #​3064
• maint: Add regression test for #​2614 by @​deiga in #​3062
• maint: Improve provider tests by @​deiga in #​3061
• maint: Link directly to an example file to keep the link current when changes happen by @​deiga in #​3019
• maint: Properly enable test sweeper by @​deiga in #​3055
• maint: Update GNUmakefile to enhance test command functionality by @​deiga in #​3051
• maint: Convert legacy Schema Migrations to use StateUpgraders by @​deiga in #​3065
• maint: migrate releases resource and data source to context-aware fun… by @​tempora-mutantur in #​3036
• build(deps): bump anchore/sbom-action from 0.21.0 to 0.21.1 in the github-actions group by @​dependabot[bot] in #​3075
• build(deps): bump the gomod group across 1 directory with 2 updates by @​dependabot[bot] in #​3057
• build(deps): bump the github-actions group across 1 directory with 5 updates by @​dependabot[bot] in #​3013

New Contributors

• @​JiayangZhou made their first contribution in #​2965
• @​ericpardee made their first contribution in #​3026
• @​tempora-mutantur made their first contribution in #​3036

Full Changelog: integrations/terraform-provider-github@v6.9.1...v6.10.0

v6.9.1

Compare Source

What's Changed

🐛 Bugfixes

• fix: Fixes boolean conversions in rulesets from causing Panics by @​deiga in #​2977
• fix: Fix base url regression to ensure trailing / by @​stevehipwell in #​2990
• fix: Fix errors as nil bomb by @​stevehipwell in #​2992
• fix: Fix organization_custom_properties create by @​stevehipwell in #​2995
• fix: Fix repository environment deployment by @​stevehipwell in #​2993
• fix: Correct github_organization_role_teams & github_organization_role_users by @​stevehipwell in #​2994
• fix: github_organization_role Ensure role_id is set after Create by @​deiga in #​3011
• fix(RateLimitRoundtripper): Fix mutex leak and not respecting context cancellation by @​pete-woods in #​2298
• fix: Ensure repository creation works if vulnerability-alerts isn't modifiable on repo level by @​deiga in #​3024

📝 Documentation

Docs

• docs: Fix documented block name for ignored collaborator teams by @​tabacco in #​2551
• docs: correct grammar errors in data.github_release docs by @​mdb in #​2515
• docs: Add missing link to schema for merge_queue repository rule by @​usmonster in #​2581

Maintenance

• chore: update readme to reference min go version compatible with go.mod by @​anGie44 in #​3014

New Contributors

• @​pete-woods made their first contribution in #​2298
• @​tabacco made their first contribution in #​2551

Full Changelog: integrations/terraform-provider-github@v6.9.0...v6.9.1

v6.9.0

Compare Source

What's Changed

🚀 New Features

• feat: Adds enterprise settings resources to the provider by @​nickfloyd in #​2852
• feat: Add values_editable_by support to github_organization_custom_properties by @​markszabo in #​2931
• feat: Add functionality to update github_branch_default instead of forcing replacement by @​thisispr in #​2911
• feat: Align environment branch policy support by @​stevehipwell in #​2932
• feat: Add github_actions_hosted_runner resource by @​austenstone in #​2893
• feat: Refactor workflows by @​stevehipwell in #​2946

🐛 Bugfixes

• fix HTTP 422 error in github_organization_settings resource by @​netflash in #​2807
• fix(github_repository_file): delete error handling and codesigning by @​ivanmartos in #​2736
• fix required_code_scanning missing from terraform state by @​stricklerxc in #​2701
• fix: do not update/create rulesets on archived repository by @​scadu in #​2460
• fix: change fork to TypeString and add conditional ForceNew by @​diofeher in #​2959
• fix: missing error returns by @​nickfloyd in #​2962
• fix: Fix org roles implementation by @​stevehipwell in #​2968

🪦 Deprecations

• fix: make repository argument required by @​mikutas in #​2603
• fix(organization_ruleset): handle other error responses by @​skeggse in #​2705

🛠️ Maintenance

• chore(actions): Add release stack and extra validation test on Release (tag event) by @​ViacheslavKudinov in #​2904
• chore: Integrate v6.8.3 into main by @​nickfloyd in #​2902
• chore: Deprecate duplicate org team role resources by @​stevehipwell in #​2933
• chore: Update security and analysis by @​Brink2Three in #​2935
• chore: Update golangci-lint to v2 by @​stevehipwell in #​2864
• chore: Refactor base url logic by @​stevehipwell in #​2951
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in #​2923
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @​dependabot[bot] in #​2927
• build(deps): bump actions/checkout from 5.0.1 to 6.0.0 by @​dependabot[bot] in #​2939
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 in the github-actions group by @​dependabot[bot] in #​2938
• build(deps): bump the gomod group across 1 directory with 4 updates by @​dependabot[bot] in #​2942
• build(deps): bump github/codeql-action from 4.31.4 to 4.31.5 in the github-actions group by @​dependabot[bot] in #​2956

New Contributors

• @​Brink2Three made their first contribution in #​2935
• @​markszabo made their first contribution in #​2931
• @​thisispr made their first contribution in #​2911
• @​austenstone made their first contribution in #​2893
• @​netflash made their first contribution in #​2807
• @​ivanmartos made their first contribution in #​2736
• @​stricklerxc made their first contribution in #​2701
• @​skeggse made their first contribution in #​2705
• @​scadu made their first contribution in #​2460
• @​diofeher made their first contribution in #​2959

Full Changelog: integrations/terraform-provider-github@v6.8.0...v6.9.0

v6.8.3

Compare Source

Updates how we handle secrets to address provider config and initialization issues (ref: #​2903)

Full Changelog: integrations/terraform-provider-github@v6.8.2...v6.8.3

v6.8.2

Compare Source

⚠️ This release is deprecated, please use v6.8.3 instead

This merge brings the following enhancements from v6.7.5:

• Added destroy_on_drift field to both github_actions_secret and github_actions_organization_secret
• Improved drift detection logic with configurable behavior
• Added schema migrations for backward compatibility
• Enhanced test coverage for drift detection scenarios
• Fixed ForceNew field configurations

Full Changelog: integrations/terraform-provider-github@v6.8.1...v6.8.2

v6.8.1

Compare Source

⚠️ This release is deprecated, please use v6.8.2 instead

fix: max_file_size was declared as an int but being cast as a float
fix: restricted_file_extensions was panicing due to a Set type mismatch

Full Changelog: integrations/terraform-provider-github@v6.8.0...v6.8.1

v6.8.0

Compare Source

What's Changed

🚀 New Features

• fix/feature: Adds support for max_file_size, max_file_path_length, file_extension_restriction, and unknown rulesets for repos and orgs by @​nickfloyd in #​2821
• feat: Handle error management on resources when dealing with archived repos. by @​nickfloyd in #​2837
• feat: Update removal operations for related resources to now gracefully handle deleting archived repositories by @​nickfloyd in #​2844
• feat: support workflow permissions in repository by @​M0NsTeRRR in #​2309
• feat: implement missing data source github_actions_environment_public_key by @​nobbs in #​2500
• feat: Adds migration for destory-on-drift for actions organization secret to prevent state from getting out of sync with the schema by @​nickfloyd in #​2820
• feat: Adds DiffSuppressFunc and DiffSuppressOnRefresh to resources that have etag properties to suppress etag-related diffs by @​nickfloyd in #​2840
• feat: Max per page by @​dee-kryvenko in #​2703
• feat(core): add fork functionality by @​hminaee-tc in #​2678

🐛 Bugfixes

• fix: Add destroy-on-drift property to the GitHub Action Secret resource schema by @​nickfloyd in #​2832
• fix: error when updating ruleset without bypass actors by @​dblinkhorn in #​2824
• fix(resource/github_organization_custom_properties): allow for import by @​pippitt in #​2834
• fix: Support for Github Environment Secrets' Lifecycle Ignore Changes by @​bshore-bf in #​2651
• fix: update of github release by @​findmyname666 in #​2350
• fix: commit signoff is enforced by the organization by @​steveteuber in #​2763
• fix: Repository Custom Properties Refresh by @​SharpEdgeMarshall in #​2691
• fix: Check current default branch before modifying by @​stevehipwell in #​2863
• fix: import command syntax for GitHub custom property documentation by @​deiga in #​2871
• fix(issue-2873): send empty slice for bypass_actors to avoid 422 on null by @​VyacheslavPerfilyev in #​2875
• fix(transport): change rate limit log messages from DEBUG to WARN level by @​tdabasinskas in #​2687

🛠️ Maintenance

• maint: gofmt clean up by @​nickfloyd in #​2888
• maint: Update to go-github v67 by @​nickfloyd in #​2810
• build(deps): bump github/codeql-action from 3.28.0 to 4.31.0 by @​dependabot[bot] in #​2811
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​2812
• build(deps): bump actions/stale from 9.0.0 to 10.1.0 by @​dependabot[bot] in #​2813
• build(deps): bump actions/setup-go from 5.2.0 to 6.0.0 by @​dependabot[bot] in #​2814
• build(deps): bump peter-evans/create-or-update-comment from 4 to 5 by @​dependabot[bot] in #​2815
• build(deps): update several GitHub Actions to the next major versions by @​ViacheslavKudinov in #​2816
• build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 in the github-actions group by @​dependabot[bot] in #​2860
• chore(Actions): Skip to run "Add issue to project" workflow on the forks by @​ViacheslavKudinov in #​2833
• chore: Tune Goreleaser config and workflow to address warnings by @​ViacheslavKudinov in #​2835
• chore(actions): Add scan of Actions workflows by CodeQL by @​ViacheslavKudinov in #​2859
• chore(actions): Add workflow that runs Terraform configuration validation by @​ViacheslavKudinov in #​2887
• chore(actions): Adds labeler Action to automatically add labels on PR:s by @​ViacheslavKudinov in #​2853
• chore(actions): Disable to run "Issue/PR response" workflow on forks by @​ViacheslavKudinov in #​2854
• chore(Actions): disable label synchronization in pull request labeler by @​ViacheslavKudinov in #​2879
• chore: Update pull request template checklist by @​nickfloyd in #​2827

📝 Documentation

• docs: Add destroy_on_drift docs to organization secret by @​nickfloyd in #​2825
• docs(github_repository_tag_protection): Remove documentation for the resource no longer supported by provider since v6.4.0 by @​ViacheslavKudinov in #​2826
• docs(github_organization_custom_role): Fix typo organization(_)repository by @​kohbis in #​2831
• docs: Adds do_not_enforce_on_create option for github_repository_ruleset docs by @​nenosrep in #​2667
• docs: Fix doc to revert wrong file deletion by @​ViacheslavKudinov in #​2847

New Contributors

• @​nenosrep made their first contribution in #​2667
• @​kohbis made their first contribution in #​2831
• @​deiga made their first contribution in #​2871
• @​VyacheslavPerfilyev made their first contribution in #​2875
• @​M0NsTeRRR made their first contribution in #​2309
• @​bshore-bf made their first contribution in #​2651
• @​nobbs made their first contribution in #​2500
• @​findmyname666 made their first contribution in #​2350
• @​steveteuber made their first contribution in #​2763
• @​tdabasinskas made their first contribution in #​2687
• @​hminaee-tc made their first contribution in #​2678

Full Changelog: integrations/terraform-provider-github@v6.7.0...v6.8.0

v6.7.5

Compare Source

[fix]: v6.7.4 causes Internal validation error during TF Init #​2855

Full Changelog: integrations/terraform-provider-github@v6.7.4...v6.7.5

v6.7.4

Compare Source

v6.7.4

⚠️ This release is deprecated, please use v6.7.5 instead

This patch appropriately handles the cases when a Terraform resource has an Update function defined (which was recently added), the Terraform SDK requires that any field that can change must either have ForceNew: true (meaning changes require resource recreation) or for that field to be a computed-only field.

The destroy_on_drift field is a provider config setting that controls how drift detection works - it's not a field that maps to the GitHub API. When implementations try to change this field Terraform will execute the plan properly but fail on the apply because the Update function didn't know how to handle the destroy_on_drift change.

Lastly reads now handle setting encrypted_value and plaintext_value to nil to trigger an update when the "stored" update dates do not match.

Full Changelog: integrations/terraform-provider-github@v6.7.3...v6.7.4

v6.7.3

Compare Source

v6.7.3

⚠️ This release is deprecated, please use v6.7.5 instead

This patch addresses the issue where the Update function was missed during the cherry pick for github_actions_secret resource.
Tests were also added to avoid regressions in the future.

Full Changelog: integrations/terraform-provider-github@v6.7.2...v6.7.3

v6.7.2

Compare Source

v6.7.2

⚠️ This release is deprecated, please use v6.7.5 instead

Note: This patch contains the addition of the destroy_on_drift property to github_actions_secret resource because the exact same issue was present there as well.

Bug Fixes

Fixed drift detection bug that caused "Provider produced inconsistent result" errors in github_actions_organization_secret and github_actions_secret resources. The bug occurred when secrets were modified externally - the timestamp wasn't being updated after drift detection, causing infinite loops of false positive drift detection. | #​2832

Features

Added destroy_on_drift property to github_actions_secret resource (repository-level secrets), and matches the functionality already available in github_actions_organization_secret. Also includes proper schema migration from v0 to v1 and ensures the property defaults to true for backward compatibility. | #​2832

Full Changelog: integrations/terraform-provider-github@v6.7.1...v6.7.2

v6.7.1

Compare Source

v6.7.1

⚠️ This release is deprecated, please use v6.7.5 instead

Bug Fixes

• github_actions_organization_secret: Add state migration for destroy_on_drift field to fix regression from v6.7.0 (#​2820)

This patch release fixes a regression introduced in v6.7.0 where existing github_actions_organization_secret resources would show invalid state for the new destroy_on_drift field.

The fix adds a schema migration that automatically sets destroy_on_drift=true for existing resources that don't have this field, preventing the need for manual state fixes.

Fixes: #​2804

Full Changelog: integrations/terraform-provider-github@v6.7.0...v6.7.1

v6.7.0

Compare Source

What's Changed

🚀 New Features

• feat: Added organization role support by @​stevehipwell in #​2487
• feat: Add file path protection to rulesets by @​grahamhar in #​2415
• feat: Support team organization role assignment by @​felixlut in #​2322
• feat: Add support for 'exempt' github_repository_ruleset bypass_mode by @​joshhunt in #​2764
• feat: Add github_actions_organization_secret_repository resource by @​ylascombe in #​2760
• feat: 🏳️ Custom properties resource & data by @​alileza in #​2107
• feat: Add support for DeployKey actor type in repository and organization rulesets by @​tiulpin in #​2748

🐛 Bugfixes

• fix: Allow parallel_requests to be set on github.com by @​SamuZad in #​2715
• fix: Fixed issue labels adoption by @​stevehipwell in #​2430
• fix: Importing rulesets by @​ihor-hrytskiv in #​2488
• fix: Add missed parameter to the github_organization_ruleset by @​yurii-kysil in #​2545
• fix: Bypass actors not being deleted from repository rulesets by @​dblinkhorn in #​2780
• fix(resource/github_actions_environment_variable): handle existing va… by @​nebrass in #​2758
• fix: Allow missing types of rule bypasses by @​languitar in #​2726
• fix: Fixed nil deref bug for ruleset response by @​eldad in #​2762
• fix: Destroy the resource on drift by @​yordis in #​1351
• fix: Fixed repository resource churn by @​stevehipwell in #​2501
• fix: Fixed branch protection v3 status checks churn by @​stevehipwell in #​2502
• fix: Fixed team data source detailed repos by @​stevehipwell in #​2509
• fix: Fixed org teams data lookup parent id by @​stevehipwell in #​2507

🛠️ Maintenance

• deps: Ensures that all dependencies are up to date based on go.mod by @​nickfloyd in #​2788
• build(deps): bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in #​2783
• build(deps): bump github.com/ulikunitz/xz from 0.5.8 to 0.5.14 by @​dependabot[bot] in #​2791
• build(deps): bump github.com/hashicorp/go-getter from 1.5.3 to 1.7.9 by @​dependabot[bot] in #​2790
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0 to 2.4.0 by @​dependabot[bot] in #​2789
• build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 by @​dependabot[bot] in #​2793
• maint: Updates makefile to handle missing the LC_UUID command and dydl errors when running make by @​nickfloyd in #​2774
• maint: Adds tests for PR-2502 by @​nickfloyd in #​2799
• maint: Adds coverage for bypass_modes in rulesets by @​oikarinen in #​2802
• maint: Change support message now that we don't do the Monday/Friday thing by @​kfcampbell in #​2615
• maint: Note that GitHub Support doesn't provide support for this integration by @​davidstaheli in #​2665
• maint: Deprecated classic project resources by @​stevehipwell in #​2506

📝 Documentation

• docs: Add documentation for github_organization_custom_properties by @​nickfloyd in #​2785
• docs: Add missing navigation for github_organization_role_team_assignment by @​nickfloyd in #​2787
• docs: Updates docs for PR #​2488 by @​nickfloyd in #​2797
• docs: Clarify repository description in webhook schema by @​AlexaDeWit in #​2765
• docs: Fix anchor links of github_repository_ruleset documentation by @​fatbasstard in #​2798

New Contributors

• @​davidstaheli made their first contribution in [#​2665](https://redire

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

PR #256 レビュー - GitHub Terraform Provider 依存関係更新

概要

このPRはGitHub Terraform Providerを v6.3.0 から v6.9.1 にアップデートするRenovateによる自動更新です。

---

✅ コード品質とベストプラクティス

良好な点:

• .terraform.lock.hcl ファイルの更新が適切に行われています
• 両方の影響を受けるディレクトリ（github/ および sakuracloud/）で一貫して更新されています
• バージョン制約 ~> 6.0 は維持されており、メジャーバージョンの破壊的変更を避ける戦略が継続されています

---

🔍 潜在的な問題とバグ

重要な注意点:

1. 複数のバグ修正が含まれています - v6.3.0からv6.9.1の間に多数のバグ修正が行われています:

   • Ruleset関連のBoolean変換によるPanicの修正
   • Organization custom properties、repository environment deployment、organization roleの修正
   • Rate limit roundtripperのmutexリーク修正
   • Repository作成時のvulnerability alerts処理の改善

2. 非推奨バージョンの迂回 - v6.7.2〜v6.7.4、v6.8.1〜v6.8.2は非推奨とマークされており、v6.9.1への直接アップデートは正しい選択です

3. 新機能の追加 - 新しいリソースや機能が追加されていますが、既存のコードには影響しません:

   • Enterprise settings resources
   • Actions hosted runner resource
   • Repository workflow permissions

---

🔒 セキュリティの懸念事項

セキュリティ改善:

• レート制限処理の修正により、コンテキストキャンセルが適切に処理されるようになりました（v6.9.1）
• 依存関係の更新には golang.org/x/crypto のアップデートも含まれています

推奨事項:

• セキュリティ関連の修正が含まれているため、このアップデートは推奨されます

---

🎯 パフォーマンスの考慮事項

• Rate limit処理の改善により、API呼び出しの効率が向上する可能性があります
• Mutex leak修正により、長時間実行時のメモリ使用量が改善されます

---

🧪 テストカバレッジ

推奨アクション:
このアップデート後、以下のテストを実施することを推奨します:

1. Terraform Plan の実行

   cd github && terraform init -upgrade && terraform plan
   cd ../sakuracloud && terraform init -upgrade && terraform plan

2. 主要な機能のテスト:

   • GitHubリポジトリ管理
   • チーム管理
   • Ruleset設定（特に複数のバグ修正が行われているため）

---

📝 推奨事項

1. ✅ このPRは承認を推奨します - 重要なバグ修正とセキュリティ改善が含まれています

2. ⚠️ マージ前に実施すべきこと:

   • terraform plan を実行して意図しない変更がないことを確認
   • 特にruleset、organization custom properties、repository environmentを使用している場合は注意深く確認

3. 📋 マージ後の監視:

   • Terraform適用時のエラーや警告に注意
   • GitHub API rate limitの動作を監視

---

まとめ

このアップデートは安全で、多くのバグ修正とセキュリティ改善が含まれています。破壊的変更は報告されていないため、リスクは低いと判断されます。terraform plan で確認後、マージすることを推奨します。

---

このレビューは Claude Code により生成されました

[claude]

PR #256 レビュー結果

このPRは、GitHub Terraformプロバイダーを v6.3.0 から v6.10.0 にアップグレードする依存関係更新です。

✅ 良い点

1. 適切な依存関係管理: Renovate Botによる自動的な依存関係更新で、セキュリティパッチやバグ修正を取り込めます
2. ロックファイルの更新: .terraform.lock.hcl ファイルが2つのディレクトリ（github/ と sakuracloud/）で適切に更新されています
3. 段階的なアップグレード: マイナーバージョンアップ（6.3.0 → 6.10.0）で、破壊的変更のリスクが低い

🔍 確認が必要な項目

1. 破壊的変更と非推奨機能

プロバイダーのリリースノートによると、以下の非推奨化があります:

• has_downloads フィールド (v6.10.0): github_repository リソースで非推奨化
• 既存のコードベースでこのフィールドを使用している場合は、将来的な削除に備えて対応が必要です

2. 新機能の影響確認

v6.8.0-v6.10.0で追加された主な機能:

• プライベートフォーク機能のサポート
• Organization workflow権限リソース
• Copilot code reviewのルールセット対応
• アーカイブされたリポジトリのエラーハンドリング改善

これらの新機能は既存のコードに影響を与えませんが、今後活用できる可能性があります。

3. 重要なバグ修正

以下のバグ修正が含まれています:

• ルールセットのbypass_actors更新時のエラー修正 (v6.8.0, v6.10.0)
• environment名のエスケープ処理修正 (v6.10.0)
• SAMLエンフォースメントエラー時のenterpriseリソースのtaint防止 (v6.10.0)

🧪 テスト推奨事項

マージ前に以下のテストを推奨します:

# 1. Terraform初期化
cd github/
terraform init -upgrade

cd ../sakuracloud/
terraform init -upgrade

# 2. プラン実行（差分確認）
cd ../github/
terraform plan

cd ../sakuracloud/
terraform plan

# 3. バリデーション
terraform validate

⚠️ 注意事項

1. has_downloads の使用確認:

   grep -r "has_downloads" github/ sakuracloud/

   このフィールドを使用している場合は、将来の削除に備えて計画を立てる必要があります。

2. ステート互換性: マイナーバージョンアップですが、念のため本番環境への適用前にステージング環境でテストすることを推奨します。

3. CI/CDパイプライン: 既存のCI/CDパイプラインが正常に動作することを確認してください。

📊 セキュリティ考慮事項

• このアップグレードには複数のバグ修正とセキュリティ改善が含まれています
• 特にrate limit処理の改善 (v6.8.0) やmutexリーク修正 (v6.9.1) が含まれており、プロダクション環境での安定性向上が期待できます

🎯 推奨アクション

✅ マージ推奨: 以下の条件を満たしていれば、このPRはマージして問題ありません:

1. terraform plan で予期しない差分が発生しない
2. has_downloads フィールドを使用していない、または移行計画がある
3. CI/CDパイプラインのテストが全てパスしている

---

レビュー実施: Claude Code による自動レビュー

[claude]

プルリクエストレビュー - PR #256

📋 概要

このPRは、Renovate BotによるGitHub Terraform Providerのバージョン更新です。バージョン6.3.0から6.10.1へのマイナーバージョンアップデートとなります。

✅ 変更内容

以下の2つの.terraform.lock.hclファイルが更新されています:

• github/.terraform.lock.hcl
• sakuracloud/.terraform.lock.hcl

バージョン制約~> 6.0は維持されており、この更新は制約の範囲内です。

---

🔍 コード品質とベストプラクティス

✅ 良い点

1. 適切なバージョン制約: ~> 6.0という制約により、マイナーバージョンの更新が自動的に適用されます
2. 一貫性のある更新: 複数のディレクトリで同じバージョンに更新されており、一貫性が保たれています
3. 自動化: Renovate Botによる自動更新により、依存関係の最新化が継続的に行われています

---

🐛 潜在的な問題とリスク

⚠️ 注意が必要な点

1. 破壊的変更の可能性

   • v6.3.0からv6.10.1の間に複数のマイナーリリースがあり、以下の変更が含まれています:
     • v6.8.0でhas_downloadsフィールドが非推奨化
     • v6.10.0でallowed_merge_methodsの動作変更(v6.10.1で修正済み)
   • 使用中のリソースがこれらの非推奨フィールドを使っていないか確認が必要です

2. 新機能の追加

   • Organization workflow permissions
   • Team notification settings
   • Private forking support
   • Copilot code review in rulesets
   • これらの新機能により、既存のリソース定義が影響を受ける可能性があります

3. バグフィックスの確認

   • 複数のバグ修正が含まれており、現在の環境で問題が発生していた場合は改善される可能性があります
   • 特にruleset、organization settings、repository環境周りのバグ修正が多数含まれています

---

🔒 セキュリティ上の懸念

✅ セキュリティ改善

• このPRには既知のセキュリティ脆弱性の修正は含まれていませんが、プロバイダーの最新化によりセキュリティパッチが適用される可能性があります
• 依存関係を最新に保つことは、セキュリティベストプラクティスの観点から推奨されます

---

⚡ パフォーマンスの考慮事項

• v6.9.0でrate limit処理の改善が含まれています
• パフォーマンスへの直接的な影響は小さいと予想されます

---

🧪 テストカバレッジ

⚠️ テスト実施の推奨

このPRをマージする前に、以下のテストを実施することを強く推奨します:

1. terraform plan の実行

   cd github && terraform plan
   cd ../sakuracloud && terraform plan

   • 意図しない変更が検出されないか確認

2. 主要リソースの動作確認

   • 特にrepository、organization settings、rulesetsなどのリソースを使用している場合

3. 非推奨警告の確認

   • has_downloadsフィールドを使用している場合は警告が出る可能性があります

---

📝 推奨事項

1. マージ前の確認

   • 両環境でterraform planを実行し、差分がないことを確認
   • CIパイプラインが正常に完了することを確認

2. 段階的なデプロイ

   • 可能であれば、開発環境で先にテストしてから本番環境に適用

3. ロールバック計画

   • 問題が発生した場合のロールバック手順を準備

4. ドキュメントの確認

   • リリースノートを確認し、使用中の機能に影響がないか検証

---

🎯 総合評価

評価: ✅ 承認推奨(条件付き)

このPRは、依存関係を最新に保つための標準的な更新です。コード品質に問題はありませんが、以下の条件を満たすことを推奨します:

• ✅ terraform planで意図しない差分が発生しないことを確認
• ✅ CIテストが全て成功していることを確認
• ⚠️ 非推奨フィールド(has_downloads)を使用していないことを確認

---

📚 参考リンク

• GitHub Provider v6.10.1 リリースノート
• GitHub Provider v6.10.0 リリースノート
• 変更履歴の完全版

---

レビュー作成者: Claude Code
レビュー日時: 2026-01-16