feat: add DeployKey to bypass_actors in github_organization_ruleset a…

…nd github_repository_ruleset
integrations · May 7, 2024 · 4f71eeb · 4f71eeb
1 parent 73f4ed8
commit 4f71eeb
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 18 deletions.
diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"net/http"
 	"strconv"
 
@@ -51,21 +52,22 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {
-							Type:        schema.TypeInt,
-							Required:    true,
-							Description: "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.",
+							Type:         schema.TypeInt,
+							Required:     true,
+							ValidateFunc: validation.IntBetween(0, math.MaxInt64),
+							Description:  "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`. If `actor_type` is `DeployKey`, this should be `0`.",
 						},
 						"actor_type": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin"}, false),
-							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.",
+							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin", "DeployKey"}, false),
+							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.",
 						},
 						"bypass_mode": {
 							Type:         schema.TypeString,
 							Required:     true,
 							ValidateFunc: validation.StringInSlice([]string{"always", "pull_request"}, false),
-							Description:  "When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.",
+							Description:  "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.",
 						},
 					},
 				},

diff --git a/github/resource_github_organization_ruleset_test.go b/github/resource_github_organization_ruleset_test.go
@@ -35,6 +35,12 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
@@ -185,6 +191,12 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 

diff --git a/github/resource_github_repository_ruleset.go b/github/resource_github_repository_ruleset.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"net/http"
 	"strconv"
 
@@ -56,21 +57,22 @@ func resourceGithubRepositoryRuleset() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {
-							Type:        schema.TypeInt,
-							Required:    true,
-							Description: "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.",
+							Type:         schema.TypeInt,
+							Required:     true,
+							ValidateFunc: validation.IntBetween(0, math.MaxInt64),
+							Description:  "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`. If `actor_type` is `DeployKey`, this should be `0`.",
 						},
 						"actor_type": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin"}, false),
-							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.",
+							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin", "DeployKey"}, false),
+							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.",
 						},
 						"bypass_mode": {
 							Type:         schema.TypeString,
 							Required:     true,
 							ValidateFunc: validation.StringInSlice([]string{"always", "pull_request"}, false),
-							Description:  "When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.",
+							Description:  "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.",
 						},
 					}},
 			},

diff --git a/github/resource_github_repository_ruleset_test.go b/github/resource_github_repository_ruleset_test.go
@@ -41,6 +41,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
@@ -148,6 +154,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					branch_name_pattern {
 						name     = "test"
@@ -207,6 +219,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 				target      = "branch"
 				enforcement = "active"
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 				}
@@ -290,6 +308,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 

diff --git a/github/respository_rules_utils.go b/github/respository_rules_utils.go
@@ -49,6 +49,9 @@ func expandBypassActors(input []interface{}) []*github.BypassActor {
 
 		if v, ok := inputMap["actor_type"].(string); ok {
 			actor.ActorType = &v
+			if actor.ActorType != nil && *actor.ActorType == "DeployKey" {
+				actor.ActorID = nil
+			}
 		}
 
 		if v, ok := inputMap["bypass_mode"].(string); ok {

diff --git a/vendor/github.com/google/go-github/v57/github/repos_rules.go b/vendor/github.com/google/go-github/v57/github/repos_rules.go
diff --git a/website/docs/r/organization_ruleset.html.markdown b/website/docs/r/organization_ruleset.html.markdown
@@ -185,12 +185,13 @@ The `rules` block supports the following:
 
 * `actor_id` - (Required) (Number) The ID of the actor that can bypass a ruleset.
 
-* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.
 
-* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.
 
 ~>Note: at the time of writing this, the following actor types correspond to the following actor IDs:
 
+* `DeployKey` -> `0`
 * `OrganizationAdmin` -> `1`
 * `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.)
   * `maintain` -> `2`

diff --git a/website/docs/r/repository_ruleset.html.markdown b/website/docs/r/repository_ruleset.html.markdown
@@ -197,11 +197,12 @@ The `rules` block supports the following:
 
 * `actor_id` - (Required) (Number) The ID of the actor that can bypass a ruleset.
 
-* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.
 
-* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.
 
 ~> Note: at the time of writing this, the following actor types correspond to the following actor IDs:
+* `DeployKey` -> `0`
 * `OrganizationAdmin` -> `1`
 * `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.)
   * `maintain` -> `2`