Skip to content

[MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target #2958

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
deiga wants to merge 41 commits into
base: main
Choose a base branch
from
Open

[MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target #2958

deiga wants to merge 41 commits into from

Conversation

@deiga
Copy link
Contributor

@deiga deiga commented Dec 2, 2025
edited
Loading

Resolves #2929, #2467

Before the change?

  • The provider would crash from a 422 error response when following the example in the docs
  • Removing ref_name would cause the provider to Panic as ref_name is a required field
  • One could add rules which weren't valid for push rulesets

After the change?

  • The provider should correctly apply push rulesets to an organization
  • ref_name should no longer be needed to be set for push target
  • conditions & target validation logic should ensure correct fields are populated

Pull request checklist

  • Schema migrations have been created if needed (example)
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • No

nickfloyd
nickfloyd reviewed Dec 2, 2025
View reviewed changes
stevehipwell
stevehipwell reviewed Dec 3, 2025
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this change likely wants to wait for the SDK upgrade as a lot of this area is modified in future versions.

FYI the error behaviours previously seen should have been mitigated by #2705 so if there is an error the provider should handle it gracefully.

@deiga deiga force-pushed the org-ruleset-fix-push branch from 0531db8 to 9dd2965 Compare December 3, 2025 20:15
@deiga deiga changed the base branch from main to go-github-v68 December 3, 2025 20:15
@deiga deiga mentioned this pull request Dec 5, 2025
Closed
1 task
stevehipwell
stevehipwell reviewed Dec 5, 2025
View reviewed changes
@deiga deiga force-pushed the org-ruleset-fix-push branch from 1bdfa45 to efd67ae Compare December 7, 2025 00:20
@deiga deiga changed the title Fix github_organization_ruleset with push target [MAINT] Fix github_organization_ruleset with push target Dec 7, 2025
@deiga deiga force-pushed the org-ruleset-fix-push branch from 52d95d4 to 6782aab Compare December 8, 2025 13:42
stevehipwell
stevehipwell requested changes Dec 10, 2025
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to either de-scope this PR or open a new PR with the smallest number of changes possible to fix the outstanding bugs?

github/resource_github_organization_ruleset.go
},
"bypass_actors": {
Type: schema.TypeList,
Type: schema.TypeList, // TODO: These are returned from GH API sorted by actor_id, we might want to investigate if we want to include sorting
Copy link
Collaborator

@stevehipwell stevehipwell Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should sort the returned values based on the inputs which would stop churn.

Copy link
Contributor Author

@deiga deiga Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds sensible, need to investigate where the best place for the sorting is

Copy link
Contributor Author

@deiga deiga Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stevehipwell after some investigation, it seems that schema.TypeSet would be the correct way to implement unsorted. What do you think?

@deiga
Copy link
Contributor Author

deiga commented Dec 10, 2025

@stevehipwell Yes, I agree. I've done that already in this PR: #2976

But I can't switch the base of this PR to point to that :)

@deiga deiga changed the title [MAINT] Fix github_organization_ruleset with push target [MAINT] Fix github_organization_ruleset and github_repository_ruleset with push target Dec 17, 2025
@deiga deiga marked this pull request as ready for review December 19, 2025 06:35
@deiga deiga marked this pull request as draft January 6, 2026 08:06
@deiga deiga changed the base branch from go-github-v68 to main January 7, 2026 22:14
@deiga deiga force-pushed the org-ruleset-fix-push branch from 10baa83 to 1fe74fc Compare January 8, 2026 23:33
deiga added 14 commits January 10, 2026 08:31
@deiga
Update descriptions and validations
db012e9 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add CustomizeDiff logic to validate on plan
ac73f34 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Remove unused leftover
c323855 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add first validation test
ad57e88 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add validation error when conditions is missing
a993289 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add further validation tests
9167433 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Remove unnecessary skip blocks as individual and anonymous access…
e859cf3 
… to org rulesets will never be a thing

Signed-off-by: Timo Sand <[email protected]>
@deiga
Switch ref_name to Optional as push doesn't need a ref_name
4b63aec 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add Debug logging with tflog to validation
bacd7bb 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix validation as ref_name, repository_name and repository_id a…
8daf742 
…re empty lists by default

Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix test output expectation
dfe82e6 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Remove unnecessary panic test
27c832a 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Improve validation output messages
d648b9e 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix condition to require only one of repository_name or `repository…
1ee74cf 
…_id`

Signed-off-by: Timo Sand <[email protected]>
deiga added 22 commits January 10, 2026 08:31
@deiga
Fix linter issues
b61e2eb 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add validation to ensure `rules.required_status_checks.required_check…
dd38c25 
…s.context` is not empty

Signed-off-by: Timo Sand <[email protected]>
@deiga
Add test to ensure that required_checks is always required
102f716 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix tests after rebase
821529a 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Improve legibility of conditions description
8933a7f 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Update descriptions
e2d4434 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add Acc test for push ruleset.
27b5959 
This turns out to be failing as there is a bug in our implementation! Unit tests and fix coming up

Signed-off-by: Timo Sand <[email protected]>
@deiga
Add failing test for flattenConditions with no ref_name condition
fb2a513 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix flattenConditions to work with push rulesets
a502c03 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Add more tests for flattenConditions
f2dddbe 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Enable debug logging in flattenConditions
730a26e 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Ensures that flattenConditions returns an empty list on empty API r…
b7e2cfb 
…esponse

Signed-off-by: Timo Sand <[email protected]>
@deiga
Add validation for push rules
fcf0acd 
As they differ from `branch` and `tag` rules

Signed-off-by: Timo Sand <[email protected]>
@deiga
github_repository: Remove comment which doesn't hold true anymore
f6e8372 
Signed-off-by: Timo Sand <[email protected]>
@deiga
github_repository: Ensures that we don't try to PATCH an archived repo
4fc8fee 
Signed-off-by: Timo Sand <[email protected]>
@deiga
github_repository_ruleset: Change `TestGithubRepositoryRulesetArchi…
5b62488 
…ved` repos to be private

This allows even EMU users to run these tests

Signed-off-by: Timo Sand <[email protected]>
@deiga
Get TestAccGithubRepositoryRulesets to work
345a07b 
Signed-off-by: Timo Sand <[email protected]>
@deiga
repository_ruleset: Add tests for validations
3cd77d0 
Signed-off-by: Timo Sand <[email protected]>
@deiga
repository_ruleset: Implement validations for target, `conditions…
ac27d0e 
…` and `rules`

Signed-off-by: Timo Sand <[email protected]>
@deiga
Updated ruleset docs
1a50eef 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Extract validation functions to separate utils file with unit tests
a1a9a68 
Signed-off-by: Timo Sand <[email protected]>
@deiga
Fix ExpectError message
2a2277a 
Signed-off-by: Timo Sand <[email protected]>
@deiga deiga force-pushed the org-ruleset-fix-push branch from 1fe74fc to 2a2277a Compare January 10, 2026 08:53
@deiga deiga marked this pull request as ready for review January 10, 2026 08:56
@deiga deiga mentioned this pull request Jan 11, 2026
Draft
5 tasks
stevehipwell
stevehipwell requested changes Jan 13, 2026
View reviewed changes
Copy link
Collaborator

@stevehipwell stevehipwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added some review comments, mainly about the code structure.

github/repository_rules_validation_utils.go
@@ -0,0 +1,157 @@
package github
Copy link
Collaborator

@stevehipwell stevehipwell Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why we need this new file instead of using the util_rules.go file?

Copy link
Contributor Author

@deiga deiga Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I felt that util_rules.go is already getting too long to reason about nicely. But if this is an anti-pattern I can move these there

github/resource_github_organization_ruleset.go
Comment on lines +31 to +34
CustomizeDiff: customdiff.All(
validateConditionsFieldBasedOnTarget,
validateOrganizationRulesetRules,
),
Copy link
Collaborator

@stevehipwell stevehipwell Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should use separate function here as we're writing our own logic, that pattern is only really useful when we're composing. Could you take a look at how I've structured the schema and done this in #3069?

github/resource_github_organization_ruleset.go
return []*schema.ResourceData{d}, nil
}

func validateConditionsFieldBasedOnTarget(ctx context.Context, d *schema.ResourceDiff, meta any) error {
Copy link
Collaborator

@stevehipwell stevehipwell Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is scoped to the organization ruleset then the name should reflect that, otherwise it should probably be in the util_rules.go file (idiomatically I'd expect this to be called util_ruleset.go).

github/resource_github_organization_ruleset_test.go
}
`, resourceName, randomID)

check := resource.ComposeTestCheckFunc(
Copy link
Collaborator

@stevehipwell stevehipwell Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please inline these instead of creating a separate var, this makes the code so much harder to read.

github/resource_github_organization_ruleset_test.go
Comment on lines +703 to +707
resource.TestCheckResourceAttr(
fmt.Sprintf("github_organization_ruleset.%s", resourceName),
"name",
fmt.Sprintf("test-push-%s", randomID),
),
Copy link
Collaborator

@stevehipwell stevehipwell Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
resource.TestCheckResourceAttr(
fmt.Sprintf("github_organization_ruleset.%s", resourceName),
"name",
fmt.Sprintf("test-push-%s", randomID),
),
resource.TestCheckResourceAttr(fmt.Sprintf("github_organization_ruleset.%s", resourceName), "name", fmt.Sprintf("test-push-%s", randomID)),

Please can these be made a single line, it's the idiomatic Go pattern (no introducing line breaks) and makes the code much easier to read.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevehipwell stevehipwell stevehipwell requested changes

@nickfloyd nickfloyd Awaiting requested review from nickfloyd

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: github_organization_ruleset doesn't work with push rulesets

3 participants

@deiga @nickfloyd @stevehipwell