Warning for new GH feature in beta

[markjm]

Hi folks, just creating this issue as a warning for an upcoming feature from GitHub

https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization

Setting a team as a security manager (as on org-wide setting, so out of "scope" of safe-settings app) causes the relevant team to be added to every repository in the organization. This causes safe-settings team differ to always identify out-of-sync teams for every repo, causing re-sync for every repo as well. Further, the attempted sync will fail with:

error calling find for Teams HttpError: You cannot remove repositories from a security manager team. for repo:

I think adding this team to global teams in settings.yaml will mitigate this (though I will need to check tomorrow), but there is no clear way to keep these settings and security managers in sync as of now

[decyjphr]

Thanks for catching it @markjm; we could possibly call 'GET /orgs/{org}/security-managers' in the teams plugin, find method, remove them before the sending the list for processing.

[justinmchase]

I have my security manager team in the suborg and it still fails with this error.

[justinmchase]

This isn't just upcoming this is actually hitting us, generating a ton of errors in our logs. Is there anyway this can be prioritized now?

[jimethn]

I'm unable to delete (with archive_on_destroy=true) a repository via terraform because it fails with this error.