We have a very similiar issue with 5.25.1 provider.
Using github app for authentication

  # module.github_repository.github_branch_protection_v3.branch["redacted_name.master"] will be updated in-place
  ~ resource "github_branch_protection_v3" "branch" {
        id                              = "redacted_name:master"
        # (6 unchanged attributes hidden)

      ~ required_status_checks {
          ~ checks         = [
              - "Naming conventions / Pull request:0",
                # (1 unchanged element hidden)
            ]
          ~ contexts       = [
              - "Naming conventions / Pull request",
            ]
            # (2 unchanged attributes hidden)
        }

Yea it is probably worth mentioning, I am also using github app for authentication

I have the same problem. Since #1774 (v5.31.0) the checks diffs are gone but every plan produce a diff for contexts (regardless if they are set or not).

For what it's worth, if you require a workable provider again now, you could also switch to the GraphQL based API endpoint for branch protections. The behaviour of that one wasn't changed, so there are no superfluous changes for terraform plans.

Which would be this resource: https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection

You are correct; the github_branch_protection works better with required_status_checks. However, you need to access apps when using pull_request_bypassers. Public apps should work, but if you reference an internal one, it will fail when using app authentication. App authentication for the provider does not make this possible; see #1248.

Sad times to use the provider :-(

@0x46616c6b if you have ideas about how we can handle this better, we're very accepting of new issues and PRs!

Would it be possible to remove the deprecated field contexts from the branch protection v3? How the actual policy for removing a deprecated field/feature looks in the provider right now?

I think it's reasonable to do a major version release in the near future! It's been quite a while since we last released a breaking change (September 14th). There's a few other changes I wouldn't mind batching in there as well, such as #1029, #448, #1704, and maybe even #1780.

In general, Hashicorp recommends not doing more than one breaking change a year if we can help it.

Is there any progress on this? This kinda makes github_branch_protection_v3 unusable.

@kfcampbell any timeline we have to officially remove contexts from the branch protection v3? this issue had been on for a while

Unfortunately GitHub's SDK team doesn't have the bandwidth to work on this ourselves right now, though PRs are appreciated!

We have several issues related to that:

  ~ resource "github_branch_protection_v3" "this" {
        id                              = "foo:master"
      ~ require_signed_commits          = false -> true
        # (5 unchanged attributes hidden)

      ~ required_status_checks {
          ~ checks         = [
              - "foo",
              + "foo:-1",
            ]
          ~ contexts       = [
              - "foo",
            ]
            # (2 unchanged attributes hidden)
        }

        # (2 unchanged blocks hidden)
    }

  ~ resource "github_branch_protection_v3" "this" {
        id                              = "bar:main"
        # (6 unchanged attributes hidden)

      ~ required_status_checks {
          ~ contexts       = [
              - "TruffleHog",
            ]
            # (3 unchanged attributes hidden)
        }

        # (2 unchanged blocks hidden)
    }

So there should be added special check for app_id == -1 and probably it's possible to hack that if checks do exist in terraform state just ignore contexts completely.

Would that work?