Merge branch 'main' into main

integrations · Jan 22, 2024 · b33cc48 · b33cc48
2 parents 3e93676 + dbda378
commit b33cc48
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 18 deletions.
diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
@@ -44,9 +44,10 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 				Description:  "Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.",
 			},
 			"bypass_actors": {
-				Type:        schema.TypeList,
-				Optional:    true,
-				Description: "The actors that can bypass the rules in this ruleset.",
+				Type:             schema.TypeList,
+				Optional:         true,
+				DiffSuppressFunc: bypassActorsDiffSuppressFunc,
+				Description:      "The actors that can bypass the rules in this ruleset.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {

diff --git a/github/resource_github_repository_environment.go b/github/resource_github_repository_environment.go
@@ -39,6 +39,12 @@ func resourceGithubRepositoryEnvironment() *schema.Resource {
 				Default:     true,
 				Description: "Can Admins bypass deployment protections",
 			},
+			"prevent_self_review": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Prevent users from approving workflows runs that they triggered.",
+			},
 			"wait_timer": {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -170,6 +176,8 @@ func resourceGithubRepositoryEnvironmentRead(d *schema.ResourceData, meta interf
 					"users": users,
 				},
 			})
+
+			d.Set("prevent_self_review", pr.PreventSelfReview)
 		}
 	}
 
@@ -233,6 +241,8 @@ func createUpdateEnvironmentData(d *schema.ResourceData, meta interface{}) githu
 
 	data.CanAdminsBypass = github.Bool(d.Get("can_admins_bypass").(bool))
 
+	data.PreventSelfReview = github.Bool(d.Get("prevent_self_review").(bool))
+
 	if v, ok := d.GetOk("reviewers"); ok {
 		envReviewers := make([]*github.EnvReviewers, 0)
 

diff --git a/github/resource_github_repository_environment_test.go b/github/resource_github_repository_environment_test.go
@@ -30,6 +30,7 @@ func TestAccGithubRepositoryEnvironment(t *testing.T) {
 				environment	= "environment / test"
 				can_admins_bypass = false
 				wait_timer = 10000
+                                prevent_self_review = true
 				reviewers {
 					users = [data.github_user.current.id]
 				}
@@ -44,6 +45,7 @@ func TestAccGithubRepositoryEnvironment(t *testing.T) {
 		check := resource.ComposeAggregateTestCheckFunc(
 			resource.TestCheckResourceAttr("github_repository_environment.test", "environment", "environment / test"),
 			resource.TestCheckResourceAttr("github_repository_environment.test", "can_admins_bypass", "false"),
+			resource.TestCheckResourceAttr("github_repository_environment.test", "prevent_self_review", "true"),
 			resource.TestCheckResourceAttr("github_repository_environment.test", "wait_timer", "10000"),
 		)
 

diff --git a/github/resource_github_repository_ruleset.go b/github/resource_github_repository_ruleset.go
@@ -49,9 +49,10 @@ func resourceGithubRepositoryRuleset() *schema.Resource {
 				Description:  "Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`.",
 			},
 			"bypass_actors": {
-				Type:        schema.TypeList,
-				Optional:    true,
-				Description: "The actors that can bypass the rules in this ruleset.",
+				Type:             schema.TypeList,
+				Optional:         true,
+				DiffSuppressFunc: bypassActorsDiffSuppressFunc,
+				Description:      "The actors that can bypass the rules in this ruleset.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"actor_id": {

diff --git a/github/respository_rules_utils.go b/github/respository_rules_utils.go
@@ -3,6 +3,7 @@ package github
 import (
 	"encoding/json"
 	"log"
+	"reflect"
 	"sort"
 
 	"github.com/google/go-github/v57/github"
@@ -63,10 +64,6 @@ func flattenBypassActors(bypassActors []*github.BypassActor) []interface{} {
 		return []interface{}{}
 	}
 
-	sort.SliceStable(bypassActors, func(i, j int) bool {
-		return bypassActors[i].GetActorID() > bypassActors[j].GetActorID()
-	})
-
 	actorsSlice := make([]interface{}, 0)
 	for _, v := range bypassActors {
 		actorMap := make(map[string]interface{})
@@ -480,3 +477,24 @@ func flattenRules(rules []*github.RepositoryRule, org bool) []interface{} {
 
 	return []interface{}{rulesMap}
 }
+
+func bypassActorsDiffSuppressFunc(k, old, new string, d *schema.ResourceData) bool {
+	// If the length has changed, no need to suppress
+	if k == "bypass_actors.#" {
+		return old == new
+	}
+
+	// Get change to bypass actors
+	o, n := d.GetChange("bypass_actors")
+	oldBypassActors := o.([]interface{})
+	newBypassActors := n.([]interface{})
+
+	sort.SliceStable(oldBypassActors, func(i, j int) bool {
+		return oldBypassActors[i].(map[string]interface{})["actor_id"].(int) > oldBypassActors[j].(map[string]interface{})["actor_id"].(int)
+	})
+	sort.SliceStable(newBypassActors, func(i, j int) bool {
+		return newBypassActors[i].(map[string]interface{})["actor_id"].(int) > newBypassActors[j].(map[string]interface{})["actor_id"].(int)
+	})
+
+	return reflect.DeepEqual(oldBypassActors, newBypassActors)
+}
diff --git a/website/docs/r/repository_deploy_key.html.markdown b/website/docs/r/repository_deploy_key.html.markdown
@@ -21,12 +21,17 @@ Further documentation on GitHub repository deploy keys:
 ## Example Usage
 
 ```hcl
-# Add a deploy key
+# Generate an ssh key using provider "hashicorp/tls"
+resource "tls_private_key" "example_repository_deploy_key" {
+  algorithm = "ED25519"
+}
+
+# Add the ssh key as a deploy key
 resource "github_repository_deploy_key" "example_repository_deploy_key" {
   title      = "Repository test key"
   repository = "test-repo"
-  key        = "ssh-rsa AAA..."
-  read_only  = "false"
+  key        = tls_private_key.example_repository_deploy_key.public_key_openssh
+  read_only  = true
 }
 ```
 

diff --git a/website/docs/r/repository_environment.html.markdown b/website/docs/r/repository_environment.html.markdown
@@ -17,18 +17,19 @@ data "github_user" "current" {
 }
 
 resource "github_repository" "example" {
-  name         = "A Repository Project"
-  description  = "My awesome codebase"
+  name        = "A Repository Project"
+  description = "My awesome codebase"
 }
 
 resource "github_repository_environment" "example" {
-  environment  = "example"
-  repository   = github_repository.example.name
+  environment         = "example"
+  repository          = github_repository.example.name
+  prevent_self_review = true
   reviewers {
     users = [data.github_user.current.id]
   }
   deployment_branch_policy {
-    protected_branches 		 = true
+    protected_branches     = true
     custom_branch_policies = false
   }
 }
@@ -46,6 +47,8 @@ The following arguments are supported:
 
 * `can_admins_bypass` - (Optional) Can repository admins bypass the environment protections.  Defaults to `true`.
 
+* `prevent_self_review` - (Optional) Whether or not a user who created the job is prevented from approving their own job. Defaults to `false`.
+
 ### Reviewers
 
 The `reviewers` block supports the following: