From 47c3d36950c8fa683de9b36fc35a815ea96dccf8 Mon Sep 17 00:00:00 2001
From: Wessel Blokzijl <wesselb94@gmail.com>
Date: Fri, 19 Jan 2024 19:33:33 +0100
Subject: [PATCH 1/2] Make resource repository_deploy_key read_only a bool, and
 expand the example (#2044)

* Make resource repository_deploy_key read_only a bool, and expand the example

* Clarify used provider

---------

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
---
 website/docs/r/repository_deploy_key.html.markdown | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/website/docs/r/repository_deploy_key.html.markdown b/website/docs/r/repository_deploy_key.html.markdown
index 189ab99be4..60a57c45ab 100644
--- a/website/docs/r/repository_deploy_key.html.markdown
+++ b/website/docs/r/repository_deploy_key.html.markdown
@@ -21,12 +21,17 @@ Further documentation on GitHub repository deploy keys:
 ## Example Usage
 
 ```hcl
-# Add a deploy key
+# Generate an ssh key using provider "hashicorp/tls"
+resource "tls_private_key" "example_repository_deploy_key" {
+  algorithm = "ED25519"
+}
+
+# Add the ssh key as a deploy key
 resource "github_repository_deploy_key" "example_repository_deploy_key" {
   title      = "Repository test key"
   repository = "test-repo"
-  key        = "ssh-rsa AAA..."
-  read_only  = "false"
+  key        = tls_private_key.example_repository_deploy_key.public_key_openssh
+  read_only  = true
 }
 ```
 

From dbda37865e6547e709dc772df8edba35f92b8edf Mon Sep 17 00:00:00 2001
From: Nikolai Mishin <sanduku.default@gmail.com>
Date: Fri, 19 Jan 2024 20:06:16 +0100
Subject: [PATCH 2/2] Add prevent_self_review parameter to the
 github_repository_environment resource (#2000)

Co-authored-by: Keegan Campbell <me@kfcampbell.com>
---
 github/resource_github_repository_environment.go    | 10 ++++++++++
 .../resource_github_repository_environment_test.go  |  2 ++
 website/docs/r/repository_environment.html.markdown | 13 ++++++++-----
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/github/resource_github_repository_environment.go b/github/resource_github_repository_environment.go
index 171af8a74f..4d93a14924 100644
--- a/github/resource_github_repository_environment.go
+++ b/github/resource_github_repository_environment.go
@@ -39,6 +39,12 @@ func resourceGithubRepositoryEnvironment() *schema.Resource {
 				Default:     true,
 				Description: "Can Admins bypass deployment protections",
 			},
+			"prevent_self_review": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Prevent users from approving workflows runs that they triggered.",
+			},
 			"wait_timer": {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -170,6 +176,8 @@ func resourceGithubRepositoryEnvironmentRead(d *schema.ResourceData, meta interf
 					"users": users,
 				},
 			})
+
+			d.Set("prevent_self_review", pr.PreventSelfReview)
 		}
 	}
 
@@ -233,6 +241,8 @@ func createUpdateEnvironmentData(d *schema.ResourceData, meta interface{}) githu
 
 	data.CanAdminsBypass = github.Bool(d.Get("can_admins_bypass").(bool))
 
+	data.PreventSelfReview = github.Bool(d.Get("prevent_self_review").(bool))
+
 	if v, ok := d.GetOk("reviewers"); ok {
 		envReviewers := make([]*github.EnvReviewers, 0)
 
diff --git a/github/resource_github_repository_environment_test.go b/github/resource_github_repository_environment_test.go
index 2b0ed07db9..afa83b8936 100644
--- a/github/resource_github_repository_environment_test.go
+++ b/github/resource_github_repository_environment_test.go
@@ -30,6 +30,7 @@ func TestAccGithubRepositoryEnvironment(t *testing.T) {
 				environment	= "environment / test"
 				can_admins_bypass = false
 				wait_timer = 10000
+                                prevent_self_review = true
 				reviewers {
 					users = [data.github_user.current.id]
 				}
@@ -44,6 +45,7 @@ func TestAccGithubRepositoryEnvironment(t *testing.T) {
 		check := resource.ComposeAggregateTestCheckFunc(
 			resource.TestCheckResourceAttr("github_repository_environment.test", "environment", "environment / test"),
 			resource.TestCheckResourceAttr("github_repository_environment.test", "can_admins_bypass", "false"),
+			resource.TestCheckResourceAttr("github_repository_environment.test", "prevent_self_review", "true"),
 			resource.TestCheckResourceAttr("github_repository_environment.test", "wait_timer", "10000"),
 		)
 
diff --git a/website/docs/r/repository_environment.html.markdown b/website/docs/r/repository_environment.html.markdown
index fc9da4fd5c..69b3cd2474 100644
--- a/website/docs/r/repository_environment.html.markdown
+++ b/website/docs/r/repository_environment.html.markdown
@@ -17,18 +17,19 @@ data "github_user" "current" {
 }
 
 resource "github_repository" "example" {
-  name         = "A Repository Project"
-  description  = "My awesome codebase"
+  name        = "A Repository Project"
+  description = "My awesome codebase"
 }
 
 resource "github_repository_environment" "example" {
-  environment  = "example"
-  repository   = github_repository.example.name
+  environment         = "example"
+  repository          = github_repository.example.name
+  prevent_self_review = true
   reviewers {
     users = [data.github_user.current.id]
   }
   deployment_branch_policy {
-    protected_branches 		 = true
+    protected_branches     = true
     custom_branch_policies = false
   }
 }
@@ -46,6 +47,8 @@ The following arguments are supported:
 
 * `can_admins_bypass` - (Optional) Can repository admins bypass the environment protections.  Defaults to `true`.
 
+* `prevent_self_review` - (Optional) Whether or not a user who created the job is prevented from approving their own job. Defaults to `false`.
+
 ### Reviewers
 
 The `reviewers` block supports the following: