From d7d39cb6e7f878ce05da0389d6ebc3976003f686 Mon Sep 17 00:00:00 2001
From: David Arnold <david.j.arnold.jr@census.gov>
Date: Tue, 7 Apr 2026 13:28:30 -0400
Subject: [PATCH] fix: ignore vulnerability_alerts on GHE 3.x (endpoint returns
 404)

---
 github_repo.tf | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/github_repo.tf b/github_repo.tf
index b654a04..303e0f2 100644
--- a/github_repo.tf
+++ b/github_repo.tf
@@ -3,7 +3,7 @@ locals {
 
   # Safe access to repo and existing resources
   github_repo = var.create_repo && length(github_repository.repo) > 0 ? github_repository.repo[0] : (
-    !var.create_repo ? data.github_repository.existing[0] : null
+    ! var.create_repo ? data.github_repository.existing[0] : null
   )
 
   validate_merge_options = (
@@ -90,7 +90,11 @@ resource "github_repository" "repo" {
   lifecycle {
     ignore_changes = [
       auto_init,
-      template
+      template,
+      # vulnerability_alerts endpoint returns 404 on GitHub Enterprise Server 3.x
+      # (the Dependabot alerts API is not supported on this GHE version).
+      # Ignoring prevents terraform apply from failing with 404 on every run.
+      vulnerability_alerts,
     ]
   }
 }