feat: add github_organization_private_registry resource and data source

[Gaardsholt]

This introduces the github_organization_private_registry resource and data source, allowing users to configure and manage centralized private registries at the organization level for Dependabot. Includes full CRUD acceptance tests, examples, and documentation.

Resolves #2720
Resolves #3339

---

Before the change?

• New resource, no current behavior.

After the change?

• You can now create a private registry with the following:

  resource "github_organization_private_registry" "docker_registry" {
    registry_type = "docker_registry"
    url           = "https://docker.pkg.github.com"
    username      = "my-docker-user"
    secret        = "super-secret-password"
    visibility    = "all"
  }

Pull request checklist

• Schema migrations have been created if needed (example)
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

I have run the acceptance tests myself with the following command, which ran successfully:

TF_ACC=1 go test -v ./... -run "^TestAccGithubOrganizationPrivateRegistry"
TF_ACC=1 go test -v ./... -run "^TestAccDataSourceGithubOrganizationPrivateRegistry"

I have also tested it by building the provider and using it with the following terraform:

resource "github_organization_private_registry" "maven_repository" {
  registry_type = "maven_repository"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "nuget_feed" {
  registry_type = "nuget_feed"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "goproxy_server" {
  registry_type = "goproxy_server"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "npm_registry" {
  registry_type = "npm_registry"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "rubygems_server" {
  registry_type = "rubygems_server"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "cargo_registry" {
  registry_type = "cargo_registry"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "composer_repository" {
  registry_type = "composer_repository"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "docker_registry" {
  registry_type = "docker_registry"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "git_source" {
  registry_type = "git_source"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "helm_registry" {
  registry_type = "helm_registry"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "pub_repository" {
  registry_type = "pub_repository"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "python_index" {
  registry_type = "python_index"
  url           = "https://docker.pkg.github.com"
  username      = "my-docker-user"
  secret        = "super-secret-password"
  visibility    = "all"
}
resource "github_organization_private_registry" "terraform_registry" {
  registry_type           = "terraform_registry"
  url                     = "https://docker.pkg.github.com"
  username                = "my-docker-user"
  secret                  = "super-secret-password"
  visibility              = "selected"
  selected_repository_ids = ["1225387540"]
}

data "github_organization_private_registry" "maven_repository" {
  name = github_organization_private_registry.maven_repository.name
}

output "registry_generated_name" {
  value       = github_organization_private_registry.npm_registry.name
  description = "The name that GitHub auto-generated for this registry."
}

output "retrieved_registry_url" {
  value       = data.github_organization_private_registry.maven_repository.url
  description = "URL retrieved from the registry data source."
}

Note

Full disclosure: This has been developed with the help of AI.

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[Gaardsholt]

A small note, I didn't add hex_organization and hex_repository as when I tried I was getting the following error:

{
  "message": "Failed to create private registry configuration",
  "errors": [
    "registry_type must be one of: maven_repository, nuget_feed, goproxy_server, npm_registry, rubygems_server, cargo_registry, composer_repository, docker_registry, git_source, helm_registry, pub_repository, python_index, terraform_registry"
  ],
  "documentation_url": "https://docs.github.com/rest/private-registries/organization-configurations#create-a-private-registry-for-an-organization",
  "status": "422"
}

[Gaardsholt]

Did I miss anything or what can we do to get this merged? :)

[deiga]

@Gaardsholt Sorry, we are currently short on capacity and thus are focus mainly on improving the foundations to reduce maintenance workload

[deiga]

Not a full review, just noticed the most likely unnecessary docs templates

[Copilot]

Pull request overview

These provider review instructions are being used.

This PR introduces a new github_organization_private_registry resource and data source to manage centralized private registry configurations for Dependabot at the organization level. It resolves issues #2720 and #3339, enabling users to configure registry credentials (including OIDC auth) and visibility settings via Terraform.

Changes:

• New resource (github_organization_private_registry) with full CRUD support, including secret encryption, multiple auth types (token, username_password, OIDC), and visibility control.
• New data source (github_organization_private_registry) to read existing registry configurations.
• Documentation, examples, and acceptance tests for both the resource and data source.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
github/resource_github_organization_private_registry.go	New resource implementation with CRUD operations, schema, and secret encryption
github/data_source_github_organization_private_registry.go	New data source implementation for reading registry info
github/resource_github_organization_private_registry_test.go	Acceptance test for the resource (basic create + data source read)
github/data_source_github_organization_private_registry_test.go	Acceptance test for the data source
github/provider.go	Registers the new resource and data source
examples/resources/github_organization_private_registry/resource.tf	Example snippet for tfplugindocs
examples/data-sources/github_organization_private_registry/data-source.tf	Example snippet for tfplugindocs
docs/resources/organization_private_registry.md	Resource documentation
docs/data-sources/organization_private_registry.md	Data source documentation