Merge tag 'refs/tags/v5.45.0-fl.1' into update-6.2.1

# Conflicts:
#	.github/workflows/add_to_octokit_project.yml

.github/workflows/add_to_octokit_project.yml

@@ -1,20 +0,0 @@
-name: Add PRs and issues to Octokit org project
-
-on:
-  issues:
-    types: [reopened, opened]
-  pull_request_target:
-    types: [reopened, opened]
-
-jobs:
-  add-to-project:
-    name: Add issue to project
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    steps:
-      - uses: actions/[email protected]
-        with:
-          project-url: https://github.com/orgs/octokit/projects/10
-          github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN }}
-          labeled: "Status: Stale"
-          label-operator: NOT

.github/workflows/backups.yml

@@ -0,0 +1,17 @@
+---
+name: Backup Repository
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  backup:
+    uses: Flaconi/github-reusable-workflow/.github/workflows/backups.yml@v1
+    with:
+      enabled: True
+      region: eu-central-1
+    secrets:
+      iam_role_arn: ${{ secrets.BACKUP_REPO_IAM_ROLE }}
+      bucket_name: ${{ secrets.BACKUP_REPO_BUCKET }}

FLACONI.md

@@ -0,0 +1,84 @@
+# Flaconi
+
+This document describes the specifics required for maintaining our own GitHub provider until
+this PR has been merged: https://github.com/integrations/terraform-provider-github/pull/802
+(by https://github.com/n0rad/terraform-provider-github)
+
+
+## Keep branches up-to-date
+```bash
+
+# Update our own code
+git checkout main
+git pull origin main
+git checkout -b updates
+
+# Update integrations/terraform-provider-github
+git remote add integrations https://github.com/integrations/terraform-provider-github
+git merge -S integrations/main
+
+# Update PR 802
+git remote add n0rad https://github.com/n0rad/terraform-provider-github
+git merge -S n0rad/master
+
+```
+
+## Build release artifacts
+
+When creating a new GitHub release, use the same release name (and git tag) as
+integrations/terraform-provider-github is using for its latest. We're simply enhancing it
+with n0rad's addition and want to follow their version scheme.
+
+1. Delete latest tag from `integrations/terraform-provider-github` (we're overwriting it)
+   ```bash
+   git tag -d v4.19.0
+   git push --delete origin  v4.19.0
+   ```
+2. Create git tag with `v[0-9]\.[0-9]\.[0-9]` (e.g.: `v4.19.0`)
+3. Create a GitHub Release with name: `v[0-9]\.[0-9]\.[0-9]` (e.g.: `v4.19.0`)
+4. Create `release/` directory
+   ```bash
+   mkdir release
+   ```
+5. Build Linux artifacts:
+   ```bash
+   mkdir .cache
+   docker run -it --rm --user $(id -u):$(id -g) -v $(pwd)/.cache:/.cache -v $(pwd):/data -v $(pwd)/release:/go/bin -w /data golang make fmt
+   docker run -it --rm --user $(id -u):$(id -g) -v $(pwd)/.cache:/.cache -v $(pwd):/data -v $(pwd)/release:/go/bin -w /data golang make build
+   mv release/terraform-provider-github release/terraform-provider-github_4.19.0_linux_amd64
+   ```
+6. Build MacOS artifacts (requires to be on a Mac):
+   ```bash
+   make fmt
+   make build
+   cp /go/bin/terraform-provider-github release/terraform-provider-github_4.19.0_darwin_amd64
+   ```
+7. Pack artifacts for release page
+   ```bash
+   # Enter release/ directory
+   cd release
+
+   # Make executable
+   chmod +x *
+
+   # Zip files
+   zip terraform-provider-github_4.19.0_linux_amd64.zip terraform-provider-github_4.19.0_linux_amd64
+   zip terraform-provider-github_4.19.0_darwin_amd64.zip terraform-provider-github_4.19.0_darwin_amd64
+
+   # Create SHA256SUMS file
+   shasum -a 256 terraform-provider-github_4.19.0_linux_amd64.zip > terraform-provider-github_4.19.0_SHA256SUMS
+   shasum -a 256 terraform-provider-github_4.19.0_darwin_amd64.zip >> terraform-provider-github_4.19.0_SHA256SUMS
+
+   # Create binary signature of SHA256SUMS file
+   # Use the same gpg identity as uploaded in Terraform Registry account (`EB10297E7BD3F3AD`)
+   gpg \
+     --local-user EB10297E7BD3F3AD \
+     --output terraform-provider-github_4.19.0_SHA256SUMS.sig \
+     --detach-sign terraform-provider-github_4.19.0_SHA256SUMS
+   ```
+8. Upload the following files into the GitHub release:
+    - terraform-provider-github_4.19.0_linux_amd64.zip
+    - terraform-provider-github_4.19.0_darwin_amd64.zip
+    - terraform-provider-github_4.19.0_SHA256SUMS
+    - terraform-provider-github_4.19.0_SHA256SUMS.sig
+9. Update provider at registry: https://registry.terraform.io/publish/provider/github/Flaconi/terraform-provider-github

README.md

@@ -7,6 +7,11 @@ Terraform Provider GitHub
 
 This project is used to manipulate GitHub resources (repositories, teams, files, etc.) using Terraform. Its Terraform Registry page can be found [here](https://registry.terraform.io/providers/integrations/github/).
 
+## Important
+
+This is a flaconi flavoured provider based on [integrations/github](https://github.com/integrations/terraform-provider-github). See our documentation here **[FLACONI.md](FLACONI.md)**
+
+
 ## Requirements
 
 -	[Terraform](https://www.terraform.io/downloads.html) 0.10.x

github/resource_github_team.go

@@ -5,13 +5,25 @@ import (
 	"log"
 	"net/http"
 	"strconv"
+	"time"
 
 	"github.com/google/go-github/v57/github"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/shurcooL/githubv4"
 )
 
+/*
+These constants are used to retry API on various operations.
+This is required because Terraform apply/destroy runs in parallel and when
+looping through a module or resource a team name could have been changed by another thread,
+a parent team could have been removed or various other parallel issues.
+To mitigate this, we're simply retrying the API to double check its actual state.
+See their corresponding for loops for further description.
+*/
+const github_team_api_retry = 30
+const github_team_api_wait = 5
+
 func resourceGithubTeam() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceGithubTeamCreate,
@@ -125,8 +137,26 @@ func resourceGithubTeamCreate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	if parentTeamID, ok := d.GetOk("parent_team_id"); ok {
+		/*
+			When creating nested teams via Terraform by looping through a module or resource
+			the parent team might not have been created yet (in "terraform apply" parallel runs),
+			so we are giving it some time to create the parent team and will repeatedly check
+			if the parent exists (has been created by another parallel run).
+		*/
 		teamId, err := getTeamID(parentTeamID.(string), meta)
+		for i := 0; i < github_team_api_retry; i++ {
+			// Try again on error
+			if err != nil {
+				log.Printf("[WARN] Fetching parent team: Retry (%d/%d)", i, github_team_api_retry)
+				time.Sleep(github_team_api_wait * time.Second)
+				teamId, err = getTeamID(parentTeamID.(string), meta)
+				continue
+			}
+			// Exit loop on success
+			break
+		}
 		if err != nil {
+			log.Printf("[ERROR] Unable to find parent team")
 			return err
 		}
 		newTeam.ParentTeamID = &teamId
@@ -194,7 +224,45 @@ func resourceGithubTeamRead(d *schema.ResourceData, meta interface{}) error {
 		ctx = context.WithValue(ctx, ctxEtag, d.Get("etag").(string))
 	}
 
+	/*
+		Slug-name specific (as opposed to using team ID):
+		When using slug-name to read GitHub teams it could be that another parallel thread of TF
+		(when looping through a module or resource) still needs to apply changes (rename the team name)
+		and thus it could be that we don't find it right away.
+		In order to mitigate this, we will loop this call and give the API a sane waiting time, hoping
+		the other thread has finished renaming the team in the mean time.
+	*/
+	log.Printf("[DEBUG] Reading team: %s", d.Id())
 	team, resp, err := client.Teams.GetTeamByID(ctx, orgId, id)
+	for i := 0; i < github_team_api_retry; i++ {
+		if err != nil {
+			if ghErr, ok := err.(*github.ErrorResponse); ok {
+				if ghErr.Response.StatusCode == http.StatusNotModified {
+					return nil
+				}
+				// HTTP 422 (GH Response Validation Failed)
+				// This is a valid error and we should break the loop here
+				if ghErr.Response.StatusCode == http.StatusUnprocessableEntity {
+					return err
+				}
+				// When using slug-name instead of ID, the new team name might not have been changed
+				// so we need to include this in the loop.
+				if ghErr.Response.StatusCode == http.StatusNotFound {
+					log.Printf("[WARN] Looking up team: Retry on 404 (%d/%d)", i, github_team_api_retry)
+					time.Sleep(github_team_api_wait * time.Second)
+					team, resp, err = client.Teams.GetTeamByID(ctx, orgId, id)
+					continue
+				}
+				log.Printf("[WARN] Looking up team: Retry on error (%d/%d)", i, github_team_api_retry)
+				time.Sleep(github_team_api_wait * time.Second)
+				team, resp, err = client.Teams.GetTeamByID(ctx, orgId, id)
+				continue
+			}
+			return err
+		}
+		// Exit loop on success
+		break
+	}
 	if err != nil {
 		if ghErr, ok := err.(*github.ErrorResponse); ok {
 			if ghErr.Response.StatusCode == http.StatusNotModified {
@@ -275,8 +343,28 @@ func resourceGithubTeamUpdate(d *schema.ResourceData, meta interface{}) error {
 		Privacy:     github.String(d.Get("privacy").(string)),
 	}
 	if parentTeamID, ok := d.GetOk("parent_team_id"); ok {
+		/*
+			Slug-name specific (as opposed to using team ID):
+			When updating nested teams via Terraform by looping through a module or resource
+			the parent team might not have been updated by a new slug-name yet
+			(in "terraform apply" parallel runs), so we are giving it some time to create the parent
+			team and will repeatedly check if the parent exists
+			(has been created by another parallel run).
+		*/
 		teamId, err := getTeamID(parentTeamID.(string), meta)
+		for i := 0; i < github_team_api_retry; i++ {
+			// Try again on error
+			if err != nil {
+				log.Printf("[WARN] Fetching parent team: Retry (%d/%d)", i, github_team_api_retry)
+				time.Sleep(github_team_api_wait * time.Second)
+				teamId, err = getTeamID(parentTeamID.(string), meta)
+				continue
+			}
+			// Exit loop on success
+			break
+		}
 		if err != nil {
+			log.Printf("[ERROR] Unable to find parent team")
 			return err
 		}
 		editedTeam.ParentTeamID = &teamId