integrations · kfcampbell · Jan 3, 2023 · Dec 21, 2022
diff --git a/github/provider.go b/github/provider.go
@@ -93,6 +93,7 @@ func Provider() terraform.ResourceProvider {
 			"github_actions_organization_permissions":            resourceGithubActionsOrganizationPermissions(),
 			"github_actions_organization_secret":                 resourceGithubActionsOrganizationSecret(),
 			"github_actions_organization_secret_repositories":    resourceGithubActionsOrganizationSecretRepositories(),
+			"github_actions_repository_access_level":             resourceGithubActionsRepositoryAccessLevel(),
 			"github_actions_repository_permissions":              resourceGithubActionsRepositoryPermissions(),
 			"github_actions_runner_group":                        resourceGithubActionsRunnerGroup(),
 			"github_actions_secret":                              resourceGithubActionsSecret(),

diff --git a/github/resource_github_actions_repository_access_level.go b/github/resource_github_actions_repository_access_level.go
@@ -0,0 +1,86 @@
+package github
+
+import (
+	"context"
+	"github.com/google/go-github/v48/github"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+)
+
+func resourceGithubActionsRepositoryAccessLevel() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGithubActionsRepositoryAccessLevelCreateOrUpdate,
+		Read:   resourceGithubActionsRepositoryAccessLevelRead,
+		Update: resourceGithubActionsRepositoryAccessLevelCreateOrUpdate,
+		Delete: resourceGithubActionsRepositoryAccessLevelDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"access_level": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"none", "user", "organization", "enterprise"}, false),
+			},
+			"repository": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringLenBetween(1, 100),
+			},
+		},
+	}
+}
+
+func resourceGithubActionsRepositoryAccessLevelCreateOrUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	repoName := d.Get("repository").(string)
+	ctx := context.Background()
+	if !d.IsNewResource() {
+		ctx = context.WithValue(ctx, ctxId, d.Id())
+	}
+
+	accessLevel := d.Get("access_level").(string)
+	actionAccessLevel := github.RepositoryActionsAccessLevel{
+		AccessLevel: github.String(accessLevel),
+	}
+
+	_, err := client.Repositories.EditActionsAccessLevel(ctx, owner, repoName, actionAccessLevel)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(repoName)
+	return resourceGithubActionsRepositoryAccessLevelRead(d, meta)
+}
+
+func resourceGithubActionsRepositoryAccessLevelRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	repoName := d.Id()
+	ctx := context.WithValue(context.Background(), ctxId, repoName)
+
+	actionAccessLevel, _, err := client.Repositories.GetActionsAccessLevel(ctx, owner, repoName)
+	if err != nil {
+		return err
+	}
+
+	_ = d.Set("access_level", actionAccessLevel.GetAccessLevel())
+
+	return nil
+}
+
+func resourceGithubActionsRepositoryAccessLevelDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	repoName := d.Id()
+	ctx := context.WithValue(context.Background(), ctxId, repoName)
+
+	actionAccessLevel := github.RepositoryActionsAccessLevel{
+		AccessLevel: github.String("none"),
+	}
+	_, err := client.Repositories.EditActionsAccessLevel(ctx, owner, repoName, actionAccessLevel)
+
+	return err
+}
diff --git a/github/resource_github_actions_repository_access_level_test.go b/github/resource_github_actions_repository_access_level_test.go
@@ -0,0 +1,108 @@
+package github
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"testing"
+)
+
+func TestAccGithubActionsRepositoryAccessLevel(t *testing.T) {
+	t.Run("test setting of user action access level", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		accessLevel := "user"
+		config := fmt.Sprintf(`
+			resource "github_repository" "test" {
+				name        = "tf-acc-test-topic-%[1]s"
+				description = "Terraform acceptance tests %[1]s"
+				topics		= ["terraform", "testing"]
+				visibility  = "private"
+			}
+
+			resource "github_actions_repository_access_level" "test" {
+				access_level = "%s"
+				repository   = github_repository.test.name
+			}
+		`, randomID, accessLevel)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_repository_access_level.test", "access_level", accessLevel,
+			),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			testCase(t, individual)
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			t.Skip("organization account not supported for this input")
+		})
+	})
+
+	t.Run("test setting of organization action access level", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		accessLevel := "organization"
+		config := fmt.Sprintf(`
+			resource "github_repository" "test" {
+				name        = "tf-acc-test-topic-%[1]s"
+				description = "Terraform acceptance tests %[1]s"
+				topics		= ["terraform", "testing"]
+				visibility  = "private"
+			}
+
+			resource "github_actions_repository_access_level" "test" {
+				access_level = "%s"
+				repository   = github_repository.test.name
+			}
+		`, randomID, accessLevel)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr(
+				"github_actions_repository_access_level.test", "access_level", accessLevel,
+			),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			t.Skip("individual account not supported for this input")
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}
diff --git a/website/docs/r/actions_repository_access_level.html.markdown b/website/docs/r/actions_repository_access_level.html.markdown
@@ -0,0 +1,40 @@
+---
+layout: "github"
+page_title: "GitHub: github_actions_repository_access_level"
+description: |-
+  Manages Actions and Reusable Workflow access for a GitHub repository
+---
+
+# github_actions_repository_access_level
+
+This resource allows you to set the access level of a non-public repositories actions and reusable workflows for use in other repositories.
+You must have admin access to a repository to use this resource.
+
+## Example Usage
+
+```hcl
+resource "github_repository" "example" {
+  name       = "my-repository"
+  visibility = "private"
+}
+
+resource "github_actions_repository_access_level" "test" {
+  access_level = "user"
+  repository   = github_repository.example.name
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `repository`   - (Required) The GitHub repository
+* `access_level` - (Required) Where the actions or reusable workflows of the repository may be used. Possible values are `none`, `user`, `organization`, or `enterprise`. 
+
+## Import
+
+This resource can be imported using the name of the GitHub repository:
+
+```
+$ terraform import github_actions_repository_access_level.test <github_repository_name>
+```
diff --git a/website/github.erb b/website/github.erb
@@ -124,6 +124,9 @@
             <li>
               <a href="/docs/providers/github/r/actions_organization_secret_repositories.html">github_actions_organization_secret_repositories</a>
             </li>
+            <li>
+              <a href="/docs/providers/github/r/actions_repository_access_level.html">github_actions_repository_permissions</a>
+            </li>
             <li>
               <a href="/docs/providers/github/r/actions_repository_permissions.html">github_actions_repository_permissions</a>
             </li>