From 4f71eebe6f3059b97ecb798a374798e77e9a8943 Mon Sep 17 00:00:00 2001
From: Sasha Mykhailenko <sasha.mykhailenko@beamery.com>
Date: Sat, 4 May 2024 22:47:33 +0100
Subject: [PATCH] feat: add DeployKey to bypass_actors in
 github_organization_ruleset and github_repository_ruleset

---
 .../resource_github_organization_ruleset.go   | 14 ++++++-----
 ...source_github_organization_ruleset_test.go | 12 ++++++++++
 github/resource_github_repository_ruleset.go  | 14 ++++++-----
 ...resource_github_repository_ruleset_test.go | 24 +++++++++++++++++++
 github/respository_rules_utils.go             |  3 +++
 .../go-github/v57/github/repos_rules.go       |  4 ++--
 .../docs/r/organization_ruleset.html.markdown |  5 ++--
 .../docs/r/repository_ruleset.html.markdown   |  5 ++--
 8 files changed, 63 insertions(+), 18 deletions(-)

diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
index 97edda737d..c4301cd873 100644
--- a/github/resource_github_organization_ruleset.go
+++ b/github/resource_github_organization_ruleset.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"net/http"
 	"strconv"
 
@@ -51,21 +52,22 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {
-							Type:        schema.TypeInt,
-							Required:    true,
-							Description: "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.",
+							Type:         schema.TypeInt,
+							Required:     true,
+							ValidateFunc: validation.IntBetween(0, math.MaxInt64),
+							Description:  "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`. If `actor_type` is `DeployKey`, this should be `0`.",
 						},
 						"actor_type": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin"}, false),
-							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.",
+							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin", "DeployKey"}, false),
+							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.",
 						},
 						"bypass_mode": {
 							Type:         schema.TypeString,
 							Required:     true,
 							ValidateFunc: validation.StringInSlice([]string{"always", "pull_request"}, false),
-							Description:  "When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.",
+							Description:  "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.",
 						},
 					},
 				},
diff --git a/github/resource_github_organization_ruleset_test.go b/github/resource_github_organization_ruleset_test.go
index 0c6f744540..f44f2e7671 100644
--- a/github/resource_github_organization_ruleset_test.go
+++ b/github/resource_github_organization_ruleset_test.go
@@ -35,6 +35,12 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
@@ -185,6 +191,12 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
diff --git a/github/resource_github_repository_ruleset.go b/github/resource_github_repository_ruleset.go
index 33e152a5a4..a881d350a9 100644
--- a/github/resource_github_repository_ruleset.go
+++ b/github/resource_github_repository_ruleset.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"net/http"
 	"strconv"
 
@@ -56,21 +57,22 @@ func resourceGithubRepositoryRuleset() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {
-							Type:        schema.TypeInt,
-							Required:    true,
-							Description: "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`.",
+							Type:         schema.TypeInt,
+							Required:     true,
+							ValidateFunc: validation.IntBetween(0, math.MaxInt64),
+							Description:  "The ID of the actor that can bypass a ruleset. When `actor_type` is `OrganizationAdmin`, this should be set to `1`. If `actor_type` is `DeployKey`, this should be `0`.",
 						},
 						"actor_type": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin"}, false),
-							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.",
+							ValidateFunc: validation.StringInSlice([]string{"RepositoryRole", "Team", "Integration", "OrganizationAdmin", "DeployKey"}, false),
+							Description:  "The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.",
 						},
 						"bypass_mode": {
 							Type:         schema.TypeString,
 							Required:     true,
 							ValidateFunc: validation.StringInSlice([]string{"always", "pull_request"}, false),
-							Description:  "When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.",
+							Description:  "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.",
 						},
 					}},
 			},
diff --git a/github/resource_github_repository_ruleset_test.go b/github/resource_github_repository_ruleset_test.go
index a51682507f..b0b9495cd3 100644
--- a/github/resource_github_repository_ruleset_test.go
+++ b/github/resource_github_repository_ruleset_test.go
@@ -41,6 +41,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
@@ -148,6 +154,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					branch_name_pattern {
 						name     = "test"
@@ -207,6 +219,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 				target      = "branch"
 				enforcement = "active"
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 				}
@@ -290,6 +308,12 @@ func TestGithubRepositoryRulesets(t *testing.T) {
 					}
 				}
 
+				bypass_actors {
+					actor_id    = 0
+					actor_type  = "DeployKey"
+					bypass_mode = "always"
+				}
+
 				rules {
 					creation = true
 
diff --git a/github/respository_rules_utils.go b/github/respository_rules_utils.go
index 3c28b95047..943a3c6917 100644
--- a/github/respository_rules_utils.go
+++ b/github/respository_rules_utils.go
@@ -49,6 +49,9 @@ func expandBypassActors(input []interface{}) []*github.BypassActor {
 
 		if v, ok := inputMap["actor_type"].(string); ok {
 			actor.ActorType = &v
+			if actor.ActorType != nil && *actor.ActorType == "DeployKey" {
+				actor.ActorID = nil
+			}
 		}
 
 		if v, ok := inputMap["bypass_mode"].(string); ok {
diff --git a/vendor/github.com/google/go-github/v57/github/repos_rules.go b/vendor/github.com/google/go-github/v57/github/repos_rules.go
index 479806c2ee..d6a79fa806 100644
--- a/vendor/github.com/google/go-github/v57/github/repos_rules.go
+++ b/vendor/github.com/google/go-github/v57/github/repos_rules.go
@@ -13,8 +13,8 @@ import (
 
 // BypassActor represents the bypass actors from a ruleset.
 type BypassActor struct {
-	ActorID *int64 `json:"actor_id,omitempty"`
-	// Possible values for ActorType are: RepositoryRole, Team, Integration, OrganizationAdmin
+	ActorID *int64 `json:"actor_id"`
+	// Possible values for ActorType are: RepositoryRole, Team, Integration, OrganizationAdmin, DeployKey
 	ActorType *string `json:"actor_type,omitempty"`
 	// Possible values for BypassMode are: always, pull_request
 	BypassMode *string `json:"bypass_mode,omitempty"`
diff --git a/website/docs/r/organization_ruleset.html.markdown b/website/docs/r/organization_ruleset.html.markdown
index a02bb0fcc4..dbb6ae6013 100644
--- a/website/docs/r/organization_ruleset.html.markdown
+++ b/website/docs/r/organization_ruleset.html.markdown
@@ -185,12 +185,13 @@ The `rules` block supports the following:
 
 * `actor_id` - (Required) (Number) The ID of the actor that can bypass a ruleset.
 
-* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.
 
-* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.
 
 ~>Note: at the time of writing this, the following actor types correspond to the following actor IDs:
 
+* `DeployKey` -> `0`
 * `OrganizationAdmin` -> `1`
 * `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.)
   * `maintain` -> `2`
diff --git a/website/docs/r/repository_ruleset.html.markdown b/website/docs/r/repository_ruleset.html.markdown
index 36f8479b0a..29bc86d6c1 100644
--- a/website/docs/r/repository_ruleset.html.markdown
+++ b/website/docs/r/repository_ruleset.html.markdown
@@ -197,11 +197,12 @@ The `rules` block supports the following:
 
 * `actor_id` - (Required) (Number) The ID of the actor that can bypass a ruleset.
 
-* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`.
+* `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`.
 
-* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`.
+* `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests (not applicable for the `DeployKey` actor type). Can be one of: `always`, `pull_request`.
 
 ~> Note: at the time of writing this, the following actor types correspond to the following actor IDs:
+* `DeployKey` -> `0`
 * `OrganizationAdmin` -> `1`
 * `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.)
   * `maintain` -> `2`