pulumi-github 6.11.0a1768966924__py3-none-any.whl → 6.12.0__py3-none-any.whl

pulumi_github/actions_repository_permissions.py

@@ -24,13 +24,15 @@ class ActionsRepositoryPermissionsArgs:
                  repository: pulumi.Input[_builtins.str],
                  allowed_actions: Optional[pulumi.Input[_builtins.str]] = None,
                  allowed_actions_config: Optional[pulumi.Input['ActionsRepositoryPermissionsAllowedActionsConfigArgs']] = None,
-                 enabled: Optional[pulumi.Input[_builtins.bool]] = None):
+                 enabled: Optional[pulumi.Input[_builtins.bool]] = None,
+                 sha_pinning_required: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         The set of arguments for constructing a ActionsRepositoryPermissions resource.
         :param pulumi.Input[_builtins.str] repository: The GitHub repository
         :param pulumi.Input[_builtins.str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
         :param pulumi.Input['ActionsRepositoryPermissionsAllowedActionsConfigArgs'] allowed_actions_config: Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
         :param pulumi.Input[_builtins.bool] enabled: Should GitHub actions be enabled on this repository?
+        :param pulumi.Input[_builtins.bool] sha_pinning_required: Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
         """
         pulumi.set(__self__, "repository", repository)
         if allowed_actions is not None:
@@ -39,6 +41,8 @@ class ActionsRepositoryPermissionsArgs:
             pulumi.set(__self__, "allowed_actions_config", allowed_actions_config)
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
+        if sha_pinning_required is not None:
+            pulumi.set(__self__, "sha_pinning_required", sha_pinning_required)
 
     @_builtins.property
     @pulumi.getter
@@ -88,6 +92,18 @@ class ActionsRepositoryPermissionsArgs:
     def enabled(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "enabled", value)
 
+    @_builtins.property
+    @pulumi.getter(name="shaPinningRequired")
+    def sha_pinning_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
+        """
+        return pulumi.get(self, "sha_pinning_required")
+
+    @sha_pinning_required.setter
+    def sha_pinning_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "sha_pinning_required", value)
+
 
 @pulumi.input_type
 class _ActionsRepositoryPermissionsState:
@@ -95,13 +111,15 @@ class _ActionsRepositoryPermissionsState:
                  allowed_actions: Optional[pulumi.Input[_builtins.str]] = None,
                  allowed_actions_config: Optional[pulumi.Input['ActionsRepositoryPermissionsAllowedActionsConfigArgs']] = None,
                  enabled: Optional[pulumi.Input[_builtins.bool]] = None,
-                 repository: Optional[pulumi.Input[_builtins.str]] = None):
+                 repository: Optional[pulumi.Input[_builtins.str]] = None,
+                 sha_pinning_required: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         Input properties used for looking up and filtering ActionsRepositoryPermissions resources.
         :param pulumi.Input[_builtins.str] allowed_actions: The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`.
         :param pulumi.Input['ActionsRepositoryPermissionsAllowedActionsConfigArgs'] allowed_actions_config: Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
         :param pulumi.Input[_builtins.bool] enabled: Should GitHub actions be enabled on this repository?
         :param pulumi.Input[_builtins.str] repository: The GitHub repository
+        :param pulumi.Input[_builtins.bool] sha_pinning_required: Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
         """
         if allowed_actions is not None:
             pulumi.set(__self__, "allowed_actions", allowed_actions)
@@ -111,6 +129,8 @@ class _ActionsRepositoryPermissionsState:
             pulumi.set(__self__, "enabled", enabled)
         if repository is not None:
             pulumi.set(__self__, "repository", repository)
+        if sha_pinning_required is not None:
+            pulumi.set(__self__, "sha_pinning_required", sha_pinning_required)
 
     @_builtins.property
     @pulumi.getter(name="allowedActions")
@@ -160,6 +180,18 @@ class _ActionsRepositoryPermissionsState:
     def repository(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "repository", value)
 
+    @_builtins.property
+    @pulumi.getter(name="shaPinningRequired")
+    def sha_pinning_required(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
+        """
+        return pulumi.get(self, "sha_pinning_required")
+
+    @sha_pinning_required.setter
+    def sha_pinning_required(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "sha_pinning_required", value)
+
 
 @pulumi.type_token("github:index/actionsRepositoryPermissions:ActionsRepositoryPermissions")
 class ActionsRepositoryPermissions(pulumi.CustomResource):
@@ -171,6 +203,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
                  allowed_actions_config: Optional[pulumi.Input[Union['ActionsRepositoryPermissionsAllowedActionsConfigArgs', 'ActionsRepositoryPermissionsAllowedActionsConfigArgsDict']]] = None,
                  enabled: Optional[pulumi.Input[_builtins.bool]] = None,
                  repository: Optional[pulumi.Input[_builtins.str]] = None,
+                 sha_pinning_required: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         """
         This resource allows you to enable and manage GitHub Actions permissions for a given repository.
@@ -210,6 +243,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
         :param pulumi.Input[Union['ActionsRepositoryPermissionsAllowedActionsConfigArgs', 'ActionsRepositoryPermissionsAllowedActionsConfigArgsDict']] allowed_actions_config: Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
         :param pulumi.Input[_builtins.bool] enabled: Should GitHub actions be enabled on this repository?
         :param pulumi.Input[_builtins.str] repository: The GitHub repository
+        :param pulumi.Input[_builtins.bool] sha_pinning_required: Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
         """
         ...
     @overload
@@ -268,6 +302,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
                  allowed_actions_config: Optional[pulumi.Input[Union['ActionsRepositoryPermissionsAllowedActionsConfigArgs', 'ActionsRepositoryPermissionsAllowedActionsConfigArgsDict']]] = None,
                  enabled: Optional[pulumi.Input[_builtins.bool]] = None,
                  repository: Optional[pulumi.Input[_builtins.str]] = None,
+                 sha_pinning_required: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -283,6 +318,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
             if repository is None and not opts.urn:
                 raise TypeError("Missing required property 'repository'")
             __props__.__dict__["repository"] = repository
+            __props__.__dict__["sha_pinning_required"] = sha_pinning_required
         super(ActionsRepositoryPermissions, __self__).__init__(
             'github:index/actionsRepositoryPermissions:ActionsRepositoryPermissions',
             resource_name,
@@ -296,7 +332,8 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
             allowed_actions: Optional[pulumi.Input[_builtins.str]] = None,
             allowed_actions_config: Optional[pulumi.Input[Union['ActionsRepositoryPermissionsAllowedActionsConfigArgs', 'ActionsRepositoryPermissionsAllowedActionsConfigArgsDict']]] = None,
             enabled: Optional[pulumi.Input[_builtins.bool]] = None,
-            repository: Optional[pulumi.Input[_builtins.str]] = None) -> 'ActionsRepositoryPermissions':
+            repository: Optional[pulumi.Input[_builtins.str]] = None,
+            sha_pinning_required: Optional[pulumi.Input[_builtins.bool]] = None) -> 'ActionsRepositoryPermissions':
         """
         Get an existing ActionsRepositoryPermissions resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -308,6 +345,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
         :param pulumi.Input[Union['ActionsRepositoryPermissionsAllowedActionsConfigArgs', 'ActionsRepositoryPermissionsAllowedActionsConfigArgsDict']] allowed_actions_config: Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See Allowed Actions Config below for details.
         :param pulumi.Input[_builtins.bool] enabled: Should GitHub actions be enabled on this repository?
         :param pulumi.Input[_builtins.str] repository: The GitHub repository
+        :param pulumi.Input[_builtins.bool] sha_pinning_required: Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -317,6 +355,7 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
         __props__.__dict__["allowed_actions_config"] = allowed_actions_config
         __props__.__dict__["enabled"] = enabled
         __props__.__dict__["repository"] = repository
+        __props__.__dict__["sha_pinning_required"] = sha_pinning_required
         return ActionsRepositoryPermissions(resource_name, opts=opts, __props__=__props__)
 
     @_builtins.property
@@ -351,3 +390,11 @@ class ActionsRepositoryPermissions(pulumi.CustomResource):
         """
         return pulumi.get(self, "repository")
 
+    @_builtins.property
+    @pulumi.getter(name="shaPinningRequired")
+    def sha_pinning_required(self) -> pulumi.Output[_builtins.bool]:
+        """
+        Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.
+        """
+        return pulumi.get(self, "sha_pinning_required")
+

pulumi_github/actions_secret.py

@@ -23,20 +23,30 @@ class ActionsSecretArgs:
                  secret_name: pulumi.Input[_builtins.str],
                  destroy_on_drift: Optional[pulumi.Input[_builtins.bool]] = None,
                  encrypted_value: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
                  plaintext_value: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a ActionsSecret resource.
-        :param pulumi.Input[_builtins.str] repository: Name of the repository
-        :param pulumi.Input[_builtins.str] secret_name: Name of the secret
+        :param pulumi.Input[_builtins.str] repository: Name of the repository.
+        :param pulumi.Input[_builtins.str] secret_name: Name of the secret.
+        :param pulumi.Input[_builtins.bool] destroy_on_drift: (Optional) This is ignored as drift detection is built into the resource.
+               
+               > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
         :param pulumi.Input[_builtins.str] encrypted_value: Encrypted value of the secret using the GitHub public key in Base64 format.
-        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted
+        :param pulumi.Input[_builtins.str] key_id: ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted.
         """
         pulumi.set(__self__, "repository", repository)
         pulumi.set(__self__, "secret_name", secret_name)
+        if destroy_on_drift is not None:
+            warnings.warn("""This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""", DeprecationWarning)
+            pulumi.log.warn("""destroy_on_drift is deprecated: This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""")
         if destroy_on_drift is not None:
             pulumi.set(__self__, "destroy_on_drift", destroy_on_drift)
         if encrypted_value is not None:
             pulumi.set(__self__, "encrypted_value", encrypted_value)
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
         if plaintext_value is not None:
             pulumi.set(__self__, "plaintext_value", plaintext_value)
 
@@ -44,7 +54,7 @@ class ActionsSecretArgs:
     @pulumi.getter
     def repository(self) -> pulumi.Input[_builtins.str]:
         """
-        Name of the repository
+        Name of the repository.
         """
         return pulumi.get(self, "repository")
 
@@ -56,7 +66,7 @@ class ActionsSecretArgs:
     @pulumi.getter(name="secretName")
     def secret_name(self) -> pulumi.Input[_builtins.str]:
         """
-        Name of the secret
+        Name of the secret.
         """
         return pulumi.get(self, "secret_name")
 
@@ -66,7 +76,13 @@ class ActionsSecretArgs:
 
     @_builtins.property
     @pulumi.getter(name="destroyOnDrift")
+    @_utilities.deprecated("""This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""")
     def destroy_on_drift(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        (Optional) This is ignored as drift detection is built into the resource.
+
+        > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
+        """
         return pulumi.get(self, "destroy_on_drift")
 
     @destroy_on_drift.setter
@@ -85,11 +101,23 @@ class ActionsSecretArgs:
     def encrypted_value(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "encrypted_value", value)
 
+    @_builtins.property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "key_id", value)
+
     @_builtins.property
     @pulumi.getter(name="plaintextValue")
     def plaintext_value(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Plaintext value of the secret to be encrypted
+        Plaintext value of the secret to be encrypted.
         """
         return pulumi.get(self, "plaintext_value")
 
@@ -104,29 +132,47 @@ class _ActionsSecretState:
                  created_at: Optional[pulumi.Input[_builtins.str]] = None,
                  destroy_on_drift: Optional[pulumi.Input[_builtins.bool]] = None,
                  encrypted_value: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
                  plaintext_value: Optional[pulumi.Input[_builtins.str]] = None,
+                 remote_updated_at: Optional[pulumi.Input[_builtins.str]] = None,
                  repository: Optional[pulumi.Input[_builtins.str]] = None,
+                 repository_id: Optional[pulumi.Input[_builtins.int]] = None,
                  secret_name: Optional[pulumi.Input[_builtins.str]] = None,
                  updated_at: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering ActionsSecret resources.
-        :param pulumi.Input[_builtins.str] created_at: Date of actions_secret creation.
+        :param pulumi.Input[_builtins.str] created_at: Date the secret was created.
+        :param pulumi.Input[_builtins.bool] destroy_on_drift: (Optional) This is ignored as drift detection is built into the resource.
+               
+               > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
         :param pulumi.Input[_builtins.str] encrypted_value: Encrypted value of the secret using the GitHub public key in Base64 format.
-        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted
-        :param pulumi.Input[_builtins.str] repository: Name of the repository
-        :param pulumi.Input[_builtins.str] secret_name: Name of the secret
-        :param pulumi.Input[_builtins.str] updated_at: Date of actions_secret update.
+        :param pulumi.Input[_builtins.str] key_id: ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted.
+        :param pulumi.Input[_builtins.str] remote_updated_at: Date the secret was last updated in GitHub.
+        :param pulumi.Input[_builtins.str] repository: Name of the repository.
+        :param pulumi.Input[_builtins.int] repository_id: ID of the repository.
+        :param pulumi.Input[_builtins.str] secret_name: Name of the secret.
+        :param pulumi.Input[_builtins.str] updated_at: Date the secret was last updated by the provider.
         """
         if created_at is not None:
             pulumi.set(__self__, "created_at", created_at)
+        if destroy_on_drift is not None:
+            warnings.warn("""This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""", DeprecationWarning)
+            pulumi.log.warn("""destroy_on_drift is deprecated: This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""")
         if destroy_on_drift is not None:
             pulumi.set(__self__, "destroy_on_drift", destroy_on_drift)
         if encrypted_value is not None:
             pulumi.set(__self__, "encrypted_value", encrypted_value)
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
         if plaintext_value is not None:
             pulumi.set(__self__, "plaintext_value", plaintext_value)
+        if remote_updated_at is not None:
+            pulumi.set(__self__, "remote_updated_at", remote_updated_at)
         if repository is not None:
             pulumi.set(__self__, "repository", repository)
+        if repository_id is not None:
+            pulumi.set(__self__, "repository_id", repository_id)
         if secret_name is not None:
             pulumi.set(__self__, "secret_name", secret_name)
         if updated_at is not None:
@@ -136,7 +182,7 @@ class _ActionsSecretState:
     @pulumi.getter(name="createdAt")
     def created_at(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Date of actions_secret creation.
+        Date the secret was created.
         """
         return pulumi.get(self, "created_at")
 
@@ -146,7 +192,13 @@ class _ActionsSecretState:
 
     @_builtins.property
     @pulumi.getter(name="destroyOnDrift")
+    @_utilities.deprecated("""This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""")
     def destroy_on_drift(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        (Optional) This is ignored as drift detection is built into the resource.
+
+        > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
+        """
         return pulumi.get(self, "destroy_on_drift")
 
     @destroy_on_drift.setter
@@ -165,11 +217,23 @@ class _ActionsSecretState:
     def encrypted_value(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "encrypted_value", value)
 
+    @_builtins.property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "key_id", value)
+
     @_builtins.property
     @pulumi.getter(name="plaintextValue")
     def plaintext_value(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Plaintext value of the secret to be encrypted
+        Plaintext value of the secret to be encrypted.
         """
         return pulumi.get(self, "plaintext_value")
 
@@ -177,11 +241,23 @@ class _ActionsSecretState:
     def plaintext_value(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "plaintext_value", value)
 
+    @_builtins.property
+    @pulumi.getter(name="remoteUpdatedAt")
+    def remote_updated_at(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Date the secret was last updated in GitHub.
+        """
+        return pulumi.get(self, "remote_updated_at")
+
+    @remote_updated_at.setter
+    def remote_updated_at(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "remote_updated_at", value)
+
     @_builtins.property
     @pulumi.getter
     def repository(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Name of the repository
+        Name of the repository.
         """
         return pulumi.get(self, "repository")
 
@@ -189,11 +265,23 @@ class _ActionsSecretState:
     def repository(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "repository", value)
 
+    @_builtins.property
+    @pulumi.getter(name="repositoryId")
+    def repository_id(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        ID of the repository.
+        """
+        return pulumi.get(self, "repository_id")
+
+    @repository_id.setter
+    def repository_id(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "repository_id", value)
+
     @_builtins.property
     @pulumi.getter(name="secretName")
     def secret_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Name of the secret
+        Name of the secret.
         """
         return pulumi.get(self, "secret_name")
 
@@ -205,7 +293,7 @@ class _ActionsSecretState:
     @pulumi.getter(name="updatedAt")
     def updated_at(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Date of actions_secret update.
+        Date the secret was last updated by the provider.
         """
         return pulumi.get(self, "updated_at")
 
@@ -222,29 +310,32 @@ class ActionsSecret(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  destroy_on_drift: Optional[pulumi.Input[_builtins.bool]] = None,
                  encrypted_value: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
                  plaintext_value: Optional[pulumi.Input[_builtins.str]] = None,
                  repository: Optional[pulumi.Input[_builtins.str]] = None,
                  secret_name: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
-        ## Example Usage
-
         ## Import
 
-        This resource can be imported using an ID made up of the `repository` and `secret_name`:
+        ### Import Command
+
+        The following command imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`.
 
         ```sh
-        $ pulumi import github:index/actionsSecret:ActionsSecret example_secret repository/secret_name
+        $ pulumi import github:index/actionsSecret:ActionsSecret example myrepo:mysecret
         ```
-        NOTE: the implementation is limited in that it won't fetch the value of the
-        `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround.
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.bool] destroy_on_drift: (Optional) This is ignored as drift detection is built into the resource.
+               
+               > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
         :param pulumi.Input[_builtins.str] encrypted_value: Encrypted value of the secret using the GitHub public key in Base64 format.
-        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted
-        :param pulumi.Input[_builtins.str] repository: Name of the repository
-        :param pulumi.Input[_builtins.str] secret_name: Name of the secret
+        :param pulumi.Input[_builtins.str] key_id: ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted.
+        :param pulumi.Input[_builtins.str] repository: Name of the repository.
+        :param pulumi.Input[_builtins.str] secret_name: Name of the secret.
         """
         ...
     @overload
@@ -253,17 +344,15 @@ class ActionsSecret(pulumi.CustomResource):
                  args: ActionsSecretArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        ## Example Usage
-
         ## Import
 
-        This resource can be imported using an ID made up of the `repository` and `secret_name`:
+        ### Import Command
+
+        The following command imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`.
 
         ```sh
-        $ pulumi import github:index/actionsSecret:ActionsSecret example_secret repository/secret_name
+        $ pulumi import github:index/actionsSecret:ActionsSecret example myrepo:mysecret
         ```
-        NOTE: the implementation is limited in that it won't fetch the value of the
-        `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround.
 
         :param str resource_name: The name of the resource.
         :param ActionsSecretArgs args: The arguments to use to populate this resource's properties.
@@ -282,6 +371,7 @@ class ActionsSecret(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  destroy_on_drift: Optional[pulumi.Input[_builtins.bool]] = None,
                  encrypted_value: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
                  plaintext_value: Optional[pulumi.Input[_builtins.str]] = None,
                  repository: Optional[pulumi.Input[_builtins.str]] = None,
                  secret_name: Optional[pulumi.Input[_builtins.str]] = None,
@@ -296,6 +386,7 @@ class ActionsSecret(pulumi.CustomResource):
 
             __props__.__dict__["destroy_on_drift"] = destroy_on_drift
             __props__.__dict__["encrypted_value"] = None if encrypted_value is None else pulumi.Output.secret(encrypted_value)
+            __props__.__dict__["key_id"] = key_id
             __props__.__dict__["plaintext_value"] = None if plaintext_value is None else pulumi.Output.secret(plaintext_value)
             if repository is None and not opts.urn:
                 raise TypeError("Missing required property 'repository'")
@@ -304,6 +395,8 @@ class ActionsSecret(pulumi.CustomResource):
                 raise TypeError("Missing required property 'secret_name'")
             __props__.__dict__["secret_name"] = secret_name
             __props__.__dict__["created_at"] = None
+            __props__.__dict__["remote_updated_at"] = None
+            __props__.__dict__["repository_id"] = None
             __props__.__dict__["updated_at"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["encryptedValue", "plaintextValue"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -320,8 +413,11 @@ class ActionsSecret(pulumi.CustomResource):
             created_at: Optional[pulumi.Input[_builtins.str]] = None,
             destroy_on_drift: Optional[pulumi.Input[_builtins.bool]] = None,
             encrypted_value: Optional[pulumi.Input[_builtins.str]] = None,
+            key_id: Optional[pulumi.Input[_builtins.str]] = None,
             plaintext_value: Optional[pulumi.Input[_builtins.str]] = None,
+            remote_updated_at: Optional[pulumi.Input[_builtins.str]] = None,
             repository: Optional[pulumi.Input[_builtins.str]] = None,
+            repository_id: Optional[pulumi.Input[_builtins.int]] = None,
             secret_name: Optional[pulumi.Input[_builtins.str]] = None,
             updated_at: Optional[pulumi.Input[_builtins.str]] = None) -> 'ActionsSecret':
         """
@@ -331,12 +427,18 @@ class ActionsSecret(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[_builtins.str] created_at: Date of actions_secret creation.
+        :param pulumi.Input[_builtins.str] created_at: Date the secret was created.
+        :param pulumi.Input[_builtins.bool] destroy_on_drift: (Optional) This is ignored as drift detection is built into the resource.
+               
+               > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
         :param pulumi.Input[_builtins.str] encrypted_value: Encrypted value of the secret using the GitHub public key in Base64 format.
-        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted
-        :param pulumi.Input[_builtins.str] repository: Name of the repository
-        :param pulumi.Input[_builtins.str] secret_name: Name of the secret
-        :param pulumi.Input[_builtins.str] updated_at: Date of actions_secret update.
+        :param pulumi.Input[_builtins.str] key_id: ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        :param pulumi.Input[_builtins.str] plaintext_value: Plaintext value of the secret to be encrypted.
+        :param pulumi.Input[_builtins.str] remote_updated_at: Date the secret was last updated in GitHub.
+        :param pulumi.Input[_builtins.str] repository: Name of the repository.
+        :param pulumi.Input[_builtins.int] repository_id: ID of the repository.
+        :param pulumi.Input[_builtins.str] secret_name: Name of the secret.
+        :param pulumi.Input[_builtins.str] updated_at: Date the secret was last updated by the provider.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -345,8 +447,11 @@ class ActionsSecret(pulumi.CustomResource):
         __props__.__dict__["created_at"] = created_at
         __props__.__dict__["destroy_on_drift"] = destroy_on_drift
         __props__.__dict__["encrypted_value"] = encrypted_value
+        __props__.__dict__["key_id"] = key_id
         __props__.__dict__["plaintext_value"] = plaintext_value
+        __props__.__dict__["remote_updated_at"] = remote_updated_at
         __props__.__dict__["repository"] = repository
+        __props__.__dict__["repository_id"] = repository_id
         __props__.__dict__["secret_name"] = secret_name
         __props__.__dict__["updated_at"] = updated_at
         return ActionsSecret(resource_name, opts=opts, __props__=__props__)
@@ -355,13 +460,19 @@ class ActionsSecret(pulumi.CustomResource):
     @pulumi.getter(name="createdAt")
     def created_at(self) -> pulumi.Output[_builtins.str]:
         """
-        Date of actions_secret creation.
+        Date the secret was created.
         """
         return pulumi.get(self, "created_at")
 
     @_builtins.property
     @pulumi.getter(name="destroyOnDrift")
+    @_utilities.deprecated("""This is no longer required and will be removed in a future release. Drift detection is now always performed, and external changes will result in the secret being updated to match the Terraform configuration. If you want to ignore external changes, you can use the `lifecycle` block with `ignore_changes` on the `remote_updated_at` field.""")
     def destroy_on_drift(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        (Optional) This is ignored as drift detection is built into the resource.
+
+        > **Note**: One of either `encrypted_value` or `plaintext_value` must be specified.
+        """
         return pulumi.get(self, "destroy_on_drift")
 
     @_builtins.property
@@ -372,27 +483,51 @@ class ActionsSecret(pulumi.CustomResource):
         """
         return pulumi.get(self, "encrypted_value")
 
+    @_builtins.property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`.
+        """
+        return pulumi.get(self, "key_id")
+
     @_builtins.property
     @pulumi.getter(name="plaintextValue")
     def plaintext_value(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
-        Plaintext value of the secret to be encrypted
+        Plaintext value of the secret to be encrypted.
         """
         return pulumi.get(self, "plaintext_value")
 
+    @_builtins.property
+    @pulumi.getter(name="remoteUpdatedAt")
+    def remote_updated_at(self) -> pulumi.Output[_builtins.str]:
+        """
+        Date the secret was last updated in GitHub.
+        """
+        return pulumi.get(self, "remote_updated_at")
+
     @_builtins.property
     @pulumi.getter
     def repository(self) -> pulumi.Output[_builtins.str]:
         """
-        Name of the repository
+        Name of the repository.
         """
         return pulumi.get(self, "repository")
 
+    @_builtins.property
+    @pulumi.getter(name="repositoryId")
+    def repository_id(self) -> pulumi.Output[_builtins.int]:
+        """
+        ID of the repository.
+        """
+        return pulumi.get(self, "repository_id")
+
     @_builtins.property
     @pulumi.getter(name="secretName")
     def secret_name(self) -> pulumi.Output[_builtins.str]:
         """
-        Name of the secret
+        Name of the secret.
         """
         return pulumi.get(self, "secret_name")
 
@@ -400,7 +535,7 @@ class ActionsSecret(pulumi.CustomResource):
     @pulumi.getter(name="updatedAt")
     def updated_at(self) -> pulumi.Output[_builtins.str]:
         """
-        Date of actions_secret update.
+        Date the secret was last updated by the provider.
         """
         return pulumi.get(self, "updated_at")