From 7e088f3a8fa263219513e507aba75bb0942765b6 Mon Sep 17 00:00:00 2001
From: David Arnold <david.j.arnold.jr@census.gov>
Date: Tue, 7 Apr 2026 13:41:32 -0400
Subject: [PATCH] fix: default vulnerability_alerts to null to skip GHE 3.x
 unsupported endpoint

GHE 3.13 does not support the vulnerability-alerts API endpoint -
both PUT and DELETE return 404. When the variable defaults to false,
the GitHub provider calls DELETE which raises a 404 error on apply.

Changing the default to null (with nullable=true) causes the provider
to leave the attribute unmanaged, skipping the API call entirely.
The lifecycle ignore_changes entry (from prior commit) also prevents
drift from causing issues on re-apply.
---
 variables.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/variables.tf b/variables.tf
index d563ca9..e915fbf 100644
--- a/variables.tf
+++ b/variables.tf
@@ -257,9 +257,10 @@ variable "archive_on_destroy" {
 }
 
 variable "vulnerability_alerts" {
-  description = "Enable Dependabot alerts"
+  description = "Enable Dependabot alerts. Defaults to null (unmanaged) to avoid calling the\nvulnerability-alerts API endpoint, which returns 404 on GitHub Enterprise Server 3.x."
   type        = bool
-  default     = false
+  nullable    = true
+  default     = null
 }
 
 variable "gitignore_template" {