Skip to content

[MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target#2958

Merged
stevehipwell merged 56 commits intointegrations:mainfrom
F-Secure-web:org-ruleset-fix-push
Feb 3, 2026
Merged

[MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target#2958
stevehipwell merged 56 commits intointegrations:mainfrom
F-Secure-web:org-ruleset-fix-push

Conversation

@deiga
Copy link
Copy Markdown
Collaborator

@deiga deiga commented Dec 2, 2025
edited
Loading

Resolves #2929, #2467

Before the change?

  • The provider would crash from a 422 error response when following the example in the docs
  • Removing ref_name would cause the provider to Panic as ref_name is a required field
  • One could add rules which weren't valid for push rulesets

After the change?

  • The provider should correctly apply push rulesets to an organization
  • ref_name should no longer be needed to be set for push target
  • conditions & target validation logic should ensure correct fields are populated

Pull request checklist

  • Schema migrations have been created if needed (example)
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

nickfloyd
nickfloyd reviewed Dec 2, 2025
View reviewed changes
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
stevehipwell
stevehipwell reviewed Dec 3, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this change likely wants to wait for the SDK upgrade as a lot of this area is modified in future versions.

FYI the error behaviours previously seen should have been mitigated by #2705 so if there is an error the provider should handle it gracefully.

Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
@deiga deiga force-pushed the org-ruleset-fix-push branch from 0531db8 to 9dd2965 Compare December 3, 2025 20:15
@deiga deiga changed the base branch from main to go-github-v68 December 3, 2025 20:15
@deiga deiga mentioned this pull request Dec 5, 2025
Closed
1 task
stevehipwell
stevehipwell reviewed Dec 5, 2025
View reviewed changes
Comment thread github/resource_github_organization_ruleset.go Outdated
@deiga deiga force-pushed the org-ruleset-fix-push branch from 1bdfa45 to efd67ae Compare December 7, 2025 00:20
@deiga deiga changed the title Fix github_organization_ruleset with push target [MAINT] Fix github_organization_ruleset with push target Dec 7, 2025
@deiga deiga force-pushed the org-ruleset-fix-push branch from 52d95d4 to 6782aab Compare December 8, 2025 13:42
stevehipwell
stevehipwell requested changes Dec 10, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to either de-scope this PR or open a new PR with the smallest number of changes possible to fix the outstanding bugs?

Comment thread github/config.go
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go
@deiga
Copy link
Copy Markdown
Collaborator Author

deiga commented Dec 10, 2025

@stevehipwell Yes, I agree. I've done that already in this PR: #2976

But I can't switch the base of this PR to point to that :)

@deiga deiga changed the title [MAINT] Fix github_organization_ruleset with push target [MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target Dec 17, 2025
@deiga deiga marked this pull request as ready for review December 19, 2025 06:35
@deiga deiga marked this pull request as draft January 6, 2026 08:06
@deiga deiga changed the base branch from go-github-v68 to main January 7, 2026 22:14
@deiga deiga force-pushed the org-ruleset-fix-push branch 2 times, most recently from 1fe74fc to 2a2277a Compare January 10, 2026 08:53
@deiga deiga marked this pull request as ready for review January 10, 2026 08:56
@deiga deiga mentioned this pull request Jan 11, 2026
Merged
5 tasks
stevehipwell
stevehipwell requested changes Jan 13, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added some review comments, mainly about the code structure.

Comment thread github/util_ruleset_validation.go
Comment thread github/repository_rules_validation_utils_test.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset_test.go Outdated
Comment thread github/resource_github_organization_ruleset_test.go Outdated
@deiga deiga force-pushed the org-ruleset-fix-push branch from c1019c3 to d51fea0 Compare January 14, 2026 20:14
@deiga deiga requested a review from stevehipwell January 14, 2026 23:59
@deiga deiga marked this pull request as draft January 15, 2026 18:21
@deiga deiga force-pushed the org-ruleset-fix-push branch from 5c0112b to c8d93e0 Compare January 18, 2026 20:49
@deiga deiga marked this pull request as ready for review January 18, 2026 20:49
@stevehipwell stevehipwell mentioned this pull request Jan 20, 2026
Merged
4 tasks
@stevehipwell stevehipwell added this to the v6.11.0 Release milestone Jan 20, 2026
stevehipwell
stevehipwell requested changes Jan 20, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@deiga I've added some comments but the main concern here is that we keep only the relevant changes in the PR. If you could tidy the PR up, rebase, and then I'll give this a full PR with the aim of getting it merged ASAP.

Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_organization_ruleset.go Outdated
Comment thread github/resource_github_repository.go Outdated
Comment thread github/resource_github_repository_ruleset.go Outdated
Comment thread github/resource_github_repository_test.go Outdated
Comment thread github/resource_github_team_repository.go
deiga added 25 commits February 3, 2026 17:25
@deiga
Extract validation functions to separate utils file with unit tests
95f7182 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Fix push ruleset test config
40d21fe 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Remove repository target after thorough testing that it doesn't do …
6d2f5d5 
…anything

Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Use idiomatic test naming convention
6a7434f 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Address code structure comment in tests
64af81e 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Fix inconsistent logging
fe65205 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor to use typed constant string for ruleset Target
2a39e82 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Fix indentation issue with github_repository_file and heredocs
d60c2e0 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Rename files to be more sensible
4c6430f 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor validation functions so that Repo and Org share almost every…
4a0e1a3 
…thing

Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Address review comments
946d0fe 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Use github.RepositoryRuleType instead of strings
155f642 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor flattenRules and expandRules to use context
5dd238c 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Fix failing validation
4e67141 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor to use ValidateDiagFunc and validation.ToDiagFunc in rep…
bde553d 
…o ruleset

Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Use strings.Join to make Description of target dynamic
05be1ae 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Add validation to operator attributes
88836c0 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Add missing validations to repo ruleset attributes
4005665 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Refactor to use ValidateDiagFunc and validation.ToDiagFunc in org…
229752f 
… ruleset
@deiga
Use strings.Join to make Description of target dynamic
7147526
@deiga
Add validation to operator attributes
dc8953e
@deiga
Add missing validations to org ruleset attributes
02b402a
@deiga
Ensure attribute names map correctly to rule names
cc7d1f2 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Don't ignore errors
c2a8bb3 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga
Address review comments
00afcdb 
Signed-off-by: Timo Sand <timo.sand@f-secure.com>
@deiga deiga force-pushed the org-ruleset-fix-push branch from 6da201a to 00afcdb Compare February 3, 2026 15:27
@stevehipwell stevehipwell enabled auto-merge (squash) February 3, 2026 15:29
@stevehipwell stevehipwell merged commit 11d233c into integrations:main Feb 3, 2026
7 checks passed
JiayangZhou pushed a commit to JiayangZhou/terraform-provider-github that referenced this pull request Apr 16, 2026
@deiga @JiayangZhou
[MAINT] Fix github_organization_ruleset and `github_repository_rule…
ab216aa 
…set` with `push` target (integrations#2958)

* Update descriptions and validations

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add `CustomizeDiff` logic to validate on `plan`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add first validation test

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add validation error when `conditions` is missing

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add further validation tests

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Remove unnecessary skip blocks as `individual` and `anonymous` access to org rulesets will never be a thing

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Switch `ref_name` to `Optional` as `push` doesn't need a `ref_name`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add Debug logging with `tflog` to validation

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix validation as `ref_name`, `repository_name` and `repository_id` are empty lists by default

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Remove unnecessary panic test

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Improve validation output messages

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix condition to require only one of `repository_name` or `repository_id`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add validation to `required_workflow.path`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Rename test resources for easier debugging

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix linter issues

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add validation to ensure `rules.required_status_checks.required_checks.context` is not empty

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add test to ensure that `required_checks` is always required

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix tests after rebase

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Improve legibility of `conditions` description

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Update descriptions

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add Acc test for push ruleset.

This turns out to be failing as there is a bug in our implementation! Unit tests and fix coming up

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add failing test for `flattenConditions` with no `ref_name` condition

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix `flattenConditions` to work with `push` rulesets

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add more tests for `flattenConditions`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Enable debug logging in `flattenConditions`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Ensures that `flattenConditions` returns an empty list on empty API response

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add validation for `push` `rules`

As they differ from `branch` and `tag` rules

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Get `TestAccGithubRepositoryRulesets` to work

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* `repository_ruleset`: Add tests for validations

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* `repository_ruleset`: Implement validations for `target`, `conditions` and `rules`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Updated ruleset docs

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Extract validation functions to separate utils file with unit tests

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix push ruleset test config

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Remove `repository` target after thorough testing that it doesn't do anything

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Use idiomatic test naming convention

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Address code structure comment in tests

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix inconsistent logging

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Refactor to use typed constant string for ruleset `Target`

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix indentation issue with `github_repository_file` and heredocs

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Rename files to be more sensible

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Refactor validation functions so that Repo and Org share almost everything

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Address review comments

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Use `github.RepositoryRuleType` instead of strings

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Refactor `flattenRules` and `expandRules` to use context

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Fix failing validation

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Refactor to use `ValidateDiagFunc` and `validation.ToDiagFunc` in repo ruleset

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Use `strings.Join` to make `Description` of `target` dynamic

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add validation to `operator` attributes

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Add missing validations to repo ruleset attributes

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Refactor to use `ValidateDiagFunc` and `validation.ToDiagFunc` in org ruleset

* Use `strings.Join` to make `Description` of `target` dynamic

* Add validation to `operator` attributes

* Add missing validations to org ruleset attributes

* Ensure attribute names map correctly to rule names

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Don't ignore errors

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

* Address review comments

Signed-off-by: Timo Sand <timo.sand@f-secure.com>

---------

Signed-off-by: Timo Sand <timo.sand@f-secure.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevehipwell stevehipwell stevehipwell approved these changes

+1 more reviewer

@nickfloyd nickfloyd nickfloyd approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v6.11.0 Release

Development

Successfully merging this pull request may close these issues.

[BUG]: github_organization_ruleset doesn't work with push rulesets

3 participants

@deiga @stevehipwell @nickfloyd