add null checks for update workflow

action_secrets.tf

@@ -1,15 +1,15 @@
 resource "github_actions_secret" "secret" {
-  for_each        = tomap({ for secret in var.secrets : secret.name => secret.value })
+  for_each        = var.create_repo || length(data.github_repository.existing) > 0 ? tomap({ for secret in var.secrets : secret.name => secret.value }) : {}
   repository      = var.create_repo ? github_repository.repo[0].name : data.github_repository.existing[0].name
   secret_name     = each.key
   plaintext_value = each.value
-  depends_on      = [github_repository.repo, data.github_repository.existing]
+  depends_on      = var.create_repo ? [github_repository.repo] : [data.github_repository.existing]
 }
 
 resource "github_actions_variable" "variable" {
-  for_each      = tomap({ for _var in var.vars : _var.name => _var.value })
+  for_each      = var.create_repo || length(data.github_repository.existing) > 0 ? tomap({ for _var in var.vars : _var.name => _var.value }) : {}
   repository    = var.create_repo ? github_repository.repo[0].name : data.github_repository.existing[0].name
   variable_name = each.key
   value         = each.value
-  depends_on    = [github_repository.repo, data.github_repository.existing]
+  depends_on    = var.create_repo ? [github_repository.repo] : [data.github_repository.existing]
 }

branch_protection.tf

@@ -21,9 +21,9 @@ locals {
 
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection
 resource "github_branch_protection" "protection" {
-  for_each = {
+  for_each = (var.create_repo || length(data.github_repository.existing) > 0) ? {
     for k, v in local.branch_protection_rules : k => v if var.enforce_prs && (! var.github_is_private || var.github_pro_enabled)
-  }
+  } : {}
 
   repository_id = var.create_repo ? github_repository.repo[0].node_id : data.github_repository.existing[0].node_id
   pattern       = each.key
@@ -49,12 +49,12 @@ resource "github_branch_protection" "protection" {
     }
   }
 
-  depends_on = [
-    github_repository.repo,
-    github_branch.branch,
-    github_branch_default.default_main_branch,
-    github_repository_file.extra_files,
-    github_repository_file.codeowners,
-    github_repository_file.managed_extra_files
-  ]
+  depends_on = concat(
+    var.create_repo ? [github_repository.repo] : [],
+    length(github_branch.branch) > 0 ? [github_branch.branch[0]] : [],
+    length(github_branch_default.default_main_branch) > 0 ? [github_branch_default.default_main_branch[0]] : [],
+    length(github_repository_file.extra_files) > 0 ? [for f in github_repository_file.extra_files : f] : [],
+    length(github_repository_file.codeowners) > 0 ? [github_repository_file.codeowners[0]] : [],
+    length(github_repository_file.managed_extra_files) > 0 ? [for f in github_repository_file.managed_extra_files : f] : []
+  )
 }

collaborators.tf

@@ -16,7 +16,7 @@ data "github_user" "collaborators" {
 
 # Add a collaborator to a repository
 resource "github_repository_collaborator" "collaborators" {
-  for_each   = tomap(var.collaborators)
+  for_each   = var.create_repo || length(data.github_repository.existing) > 0 ? tomap(var.collaborators) : {}
   repository = var.create_repo ? github_repository.repo[0].name : data.github_repository.existing[0].name
   username   = each.key
   permission = local.permission_map[each.value]

github_branch.tf

@@ -5,17 +5,17 @@
 
 # Create non-main default branch if specified
 resource "github_branch" "branch" {
-  count      = var.github_default_branch != "main" ? 1 : 0
+  count      = var.github_default_branch != "main" && local.github_repo != null ? 1 : 0
   repository = local.github_repo.name
   branch     = var.github_default_branch
-  depends_on = [
+  depends_on = var.create_repo ? [
     github_repository.repo
-  ]
+  ] : []
 }
 
 # Set the default branch
 resource "github_branch_default" "default_main_branch" {
-  count      = var.github_default_branch != "main" ? 1 : 0
+  count      = var.github_default_branch != "main" && local.github_repo != null ? 1 : 0
   repository = local.github_repo.name
   branch     = var.github_default_branch
   depends_on = [

github_deploy_keys.tf

@@ -11,17 +11,18 @@ resource "tls_private_key" "deploy_key" {
 
 // Create GitHub deploy keys for all entries
 resource "github_repository_deploy_key" "deploy_key" {
-  for_each = {
+  for_each = local.github_repo != null ? {
     for k, v in var.deploy_keys : k => v
-  }
+  } : {}
 
   title      = each.value.title
   repository = local.github_repo.name
   key        = each.value.create ? tls_private_key.deploy_key[each.key].public_key_openssh : each.value.key
   read_only  = each.value.read_only
 
-  depends_on = [
-    github_repository.repo,
+  depends_on = var.create_repo ? [
+    github_repository.repo
+  ] : [
     data.github_repository.existing
   ]
 }

github_files.tf

@@ -10,7 +10,7 @@ locals {
 
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file
 resource "github_repository_file" "codeowners" {
-  count = var.create_codeowners && local.should_manage_files ? 1 : 0
+  count = var.create_codeowners && local.should_manage_files && local.github_repo != null ? 1 : 0
 
   repository          = local.github_repo.name
   branch              = var.github_default_branch
@@ -20,9 +20,9 @@ resource "github_repository_file" "codeowners" {
   commit_author       = data.github_user.current.name
   commit_email        = data.github_user.current.email
   overwrite_on_create = true
-  depends_on = [
+  depends_on = var.create_repo ? [
     github_repository.repo
-  ]
+  ] : []
   lifecycle {
     ignore_changes = [
       content,
@@ -57,11 +57,11 @@ locals {
       }
     ] : []
   )
-  repository_name = var.create_repo ? local.github_repo.name : var.name
+  repository_name = local.github_repo != null ? local.github_repo.name : var.name
 }
 
 resource "github_repository_file" "extra_files" {
-  for_each = local.should_manage_files ? tomap({ for file in local.extra_files : file.path => file }) : {}
+  for_each = local.should_manage_files && local.github_repo != null ? tomap({ for file in local.extra_files : file.path => file }) : {}
 
   repository          = local.github_repo.name
   branch              = var.files_branch == null ? var.github_default_branch : var.files_branch
@@ -71,9 +71,9 @@ resource "github_repository_file" "extra_files" {
   commit_author       = data.github_user.current.name
   commit_email        = data.github_user.current.email
   overwrite_on_create = true
-  depends_on = [
+  depends_on = var.create_repo ? [
     github_repository.repo
-  ]
+  ] : []
   lifecycle {
     ignore_changes = [
       content,
@@ -83,7 +83,7 @@ resource "github_repository_file" "extra_files" {
 }
 
 resource "github_repository_file" "managed_extra_files" {
-  for_each = local.should_manage_files ? tomap({ for file in var.managed_extra_files : file.path => file }) : {}
+  for_each = local.should_manage_files && local.github_repo != null ? tomap({ for file in var.managed_extra_files : file.path => file }) : {}
 
   repository          = local.github_repo.name
   branch              = var.files_branch == null ? var.github_default_branch : var.files_branch
@@ -93,9 +93,9 @@ resource "github_repository_file" "managed_extra_files" {
   commit_author       = data.github_user.current.name
   commit_email        = data.github_user.current.email
   overwrite_on_create = true
-  depends_on = [
+  depends_on = var.create_repo ? [
     github_repository.repo
-  ]
+  ] : []
   lifecycle {
     ignore_changes = [
       branch

github_team_access.tf

@@ -22,7 +22,7 @@ locals {
 }
 
 resource "github_team_repository" "admin" {
-  for_each   = { for team in var.admin_teams : team => data.github_team.admin_teams[team].id }
+  for_each   = var.create_repo || length(data.github_repository.existing) > 0 ? { for team in var.admin_teams : team => data.github_team.admin_teams[team].id } : {}
   team_id    = each.value
   repository = var.create_repo ? github_repository.repo[0].name : data.github_repository.existing[0].name
   permission = "admin"