Merge branch 'main' into gpg-sign

Author: nickfloyd

github/resource_github_organization_ruleset.go

@@ -420,6 +420,42 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 								},
 							},
 						},
+						"required_workflows": {
+							Type:        schema.TypeList,
+							MaxItems:    1,
+							Optional:    true,
+							Description: "Choose which Actions workflows must pass before branches can be merged into a branch that matches this rule.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"required_workflow": {
+										Type:        schema.TypeSet,
+										MinItems:    1,
+										Required:    true,
+										Description: "Actions workflows that are required. Several can be defined.",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"repository_id": {
+													Type:        schema.TypeInt,
+													Required:    true,
+													Description: "The repository in which the workflow is defined.",
+												},
+												"path": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "The path to the workflow YAML definition file.",
+												},
+												"ref": {
+													Type:        schema.TypeString,
+													Optional:    true,
+													Default:     "master",
+													Description: "The ref (branch or tag) of the workflow file to use.",
+												},
+											},
+										},
+									},
+								},
+							},
+						},
 					},
 				},
 			},

github/resource_github_organization_ruleset_test.go

@@ -54,14 +54,21 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 
 					required_status_checks {
-					
+
 						required_check {
 							context = "ci"
 						}
-						
+
 						strict_required_status_checks_policy = true
 					}
 
+					required_workflows {
+						required_workflow {
+							path          = "path/to/workflow.yaml"
+							repository_id = 1234
+						}
+					}
+
 					branch_name_pattern {
 						name     = "test"
 						negate   = false
@@ -197,11 +204,11 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 					}
 
 					required_status_checks {
-					
+
 						required_check {
 							context = "ci"
 						}
-						
+
 						strict_required_status_checks_policy = true
 					}
 

github/respository_rules_utils.go

@@ -334,6 +334,37 @@ func expandRules(input []interface{}, org bool) []*github.RepositoryRule {
 		rulesSlice = append(rulesSlice, github.NewRequiredStatusChecksRule(params))
 	}
 
+	// Required workflows to pass before merging rule
+	if v, ok := rulesMap["required_workflows"].([]interface{}); ok && len(v) != 0 {
+		requiredWorkflowsMap := v[0].(map[string]interface{})
+		requiredWorkflows := make([]*github.RuleRequiredWorkflow, 0)
+
+		if requiredWorkflowsInput, ok := requiredWorkflowsMap["required_workflow"]; ok {
+
+			requiredWorkflowsSet := requiredWorkflowsInput.(*schema.Set)
+			for _, workflowMap := range requiredWorkflowsSet.List() {
+				workflow := workflowMap.(map[string]interface{})
+
+				// Get all parameters
+				repositoryID := github.Int64(int64(workflow["repository_id"].(int)))
+				ref := github.String(workflow["ref"].(string))
+
+				params := &github.RuleRequiredWorkflow{
+					RepositoryID: repositoryID,
+					Path:         workflow["path"].(string),
+					Ref:          ref,
+				}
+
+				requiredWorkflows = append(requiredWorkflows, params)
+			}
+		}
+
+		params := &github.RequiredWorkflowsRuleParameters{
+			RequiredWorkflows: requiredWorkflows,
+		}
+		rulesSlice = append(rulesSlice, github.NewRequiredWorkflowsRule(params))
+	}
+
 	return rulesSlice
 }
 

go.mod

@@ -11,8 +11,8 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/crypto v0.17.0
-	golang.org/x/oauth2 v0.15.0
+	golang.org/x/crypto v0.18.0
+	golang.org/x/oauth2 v0.16.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 )
 
@@ -200,9 +200,9 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20220827204233-334a2380cb91 // indirect
 	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect