Skip to content

[BUG]: Removing bypass actors from Rulesets does not have any effect #2952

New issue
New issue
Open
Open
[BUG]: Removing bypass actors from Rulesets does not have any effect#2952
Labels
Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented
@yamatt

Description

@yamatt
yamatt
opened on Nov 26, 2025

Expected Behavior

When removing bypass_actors from a github_organization_ruleset this is recognised in the plan and removed from the rulsets.

Actual Behavior

When removing bypass_actors from a github_organization_ruleset this is recognised in the plan but not removed from the rulsets.

Terraform Version

Terraform v1.14.0
on windows_amd64

  • provider registry.terraform.io/hashicorp/azurerm v4.49.0
  • provider registry.terraform.io/hashicorp/time v0.13.1
  • provider registry.terraform.io/integrations/github v6.8.3

Affected Resource(s)

  • github_organization_ruleset

Terraform Configuration Files

resource "github_organization_ruleset" "review_required_protected_branches" {
  name        = "Review required on protected branches"
  enforcement = "active"
  target      = "branch"

  conditions {
    ref_name {
      exclude = []
      include = [
        "~DEFAULT_BRANCH",
        "refs/heads/main",
      ]
    }
    repository_name {
      exclude   = []
      include   = local.repos
      protected = false
    }
  }

  rules {
    creation                = false
    deletion                = true
    non_fast_forward        = true
    required_linear_history = false
    required_signatures     = false
    update                  = false

    pull_request {
      dismiss_stale_reviews_on_push     = true
      require_code_owner_review         = true
      require_last_push_approval        = true
      required_approving_review_count   = 1
      required_review_thread_resolution = true
    }
  }

  lifecycle {
    prevent_destroy = true
  }
}

Steps to Reproduce

Running Terraform plan in my pipeline I can see this output

# github_organization_rulesetreview_required_protected_branches will be updated in-place
  ~ resource "github_organization_ruleset" "review_required_protected_branches" {
        id          = "8406***"
        name        = "Git Flow: Review required on protected branches"
        # (5 unchanged attributes hidden)

      - bypass_actors {
          - actor_id    = 13588*** -> null
          - actor_type  = "Team" -> null
          - bypass_mode = "always" -> null
        }
      - bypass_actors {
          - actor_id    = 13588*** -> null
          - actor_type  = "Team" -> null
          - bypass_mode = "always" -> null
        }

        # (2 unchanged blocks hidden)
    }

And in the apply:

github_organization_ruleset.review_required_protected_branches: Modifying... [id=8406***]
...
github_organization_ruleset.review_required_protected_branches: Modifications complete after 4s [id=8406***]

But checking the Ruleset the bypass_actors are still there

Debug Output



Panic Output




Code of Conduct


    

  •  I agree to follow this project's Code of Conduct
    • 

Metadata
Metadata
Assignees
No one assigned
    Labels
    Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented
    Type
    No type
    Projects
    Terraform Provider
    Status
    Backlog
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions