github_actions_organization_secret always applies the value, even if it's unchanged

[greggilbert]

Terraform Version

Terraform v0.13.5

Affected Resource(s)

Please list the resources as a list, for example:

• github_actions_organization_secret

Terraform Configuration Files

resource "github_actions_organization_secret" "this" {
  for_each = toset(local.secrets)

  secret_name     = each.value
  visibility      = "selected"
  plaintext_value = "(placeholder)"   # we'll change these values outside of Terraform

  selected_repository_ids = [
    for repo in data.github_repository.repos : repo.repo_id
  ]

  lifecycle {
    ignore_changes = [
      plaintext_value
    ]
  }
}

Expected Behavior

In this example, I'm giving providing a list of repositories that can access the secret. You can see I'm using (placeholder) as the plaintext value, with the idea that I would go into Github outside of TF and add in the real value once.

When I change the list of repositories, I expect that the real value I inputted would remain the same.

Actual Behavior

However, it actually replaces the real value with the placeholder.

Steps to Reproduce

1. Use the github_actions_organization_secret resource to create a value like FOO with a default value of (placeholder)
2. terraform apply the change/creation
3. Go into your Github organization and edit the secret to have a value like Hello World
4. Using the above config, modify the selected_repository_ids and apply the change
5. In your Github Actions workflow, create a step like this:

     - name: DEBUG!
       env:
         MY_SECRET: ${{ secrets.FOO }}
       run: |
         echo ${MY_SECRET} | sed 's/./& /g' 
   

6. Push and/or trigger the Github Action
7. Note how the value that gets printed out is (placeholder) and not the expected Hello World